A new report by 404 Media sheds light on a Coinbase hacking scheme that allegedly targeted more than 500 victims in multiple states. Like many hacking schemes, this one employs phishing tactics to exploit a victim’s concern for the security of their financial accounts. According to an affidavit filed by the US Secret Service, the perpetrators stole at least $20 million in cryptocurrency. Many of these victims are left with limited options, including suing Coinbase.
Coinbase Hackers Used Phishing Tactics
The scheme reportedly works roughly like this: a message informs victims that their Coinbase account has been compromised. Then, it directs them to a website that mimics Coinbase. There, by “signing in” to their accounts, they unwittingly give the hackers their login-credentials. The hackers use these credentials to sign in to the victims’ real Coinbase accounts and transfer their holdings away.
In cases where the victims’ accounts involve two-factor authentication, the fraudsters use various techniques to obtain their credentials. “Ricardo,” the victim interviewed by 404 Media, called a purported customer service number at the direction of a fake Coinbase page. Then, a purported company representative instructed him to input his verification code—received via text message—into a chat box. The chat, of course, was under the hackers’ control.
Authorities Arrest Georgia Man In Connection with Hacking Allegations
In December 2023, the Secret Service arrested a Georgia-based man, Chirag Tomar, whom they allege was involved in the scheme. Tomar and other fraudsters allegedly commenced their fraud in or earlier than August 2020, utilizing several web domains to funnel victims toward their phishing sites. The affidavit filed by investigators describes a number of people targeted by the scheme:
One called MB lost around $170,000 worth of cryptocurrency in September 2021. MF lost .3396 Bitcoin in January 2022, worth around $13,000 at the time. In April 2022, the group stole around $132,000 from PC. Then in June 2022, another victim called PAC lost more than $250,000 after not only providing the hackers with an authentication code but also a copy of his Driver’s License into the chat box as instructed.
Story Raises Security Concerns
As 404 Media argues, this story raises important questions about Coinbase’s commitment to the security of its users’ accounts. It was reportedly not until two years after the fraudsters commenced their phishing scheme that the crypto trading platform filed a complaint to gain control of one of the websites mimicking it. “On June 20, a panel responsible for handling such complaints ordered that the domain be transferred over to Coinbase,” per the report. “That was too late, not just for Ricardo, but also for PAC who lost around a quarter of a million dollars that same month.”
In a statement to the publication, Coinbase described a number of steps it takes to prioritize security. It also suggested that users employ hardware keys for account verification rather than codes that are more susceptible to phishing. Still, the multi-year, $20 million scheme offers a stark warning to crypto investors. This asset class is still very much a wild west. Investors should take every available precaution lest they, too, fall victim to fraud.