Crypto users are being targeted by a new wave of phishing scams, where fraudulent emails impersonating Coinbase and Gemini urge investors to switch to self-custody wallets by April 1.
The emails falsely claim that the exchanges are transitioning customers’ crypto to personal wallets due to a court-mandated ruling. Victims are instructed to:
- Download a legitimate wallet app.
- Enter a pre-generated recovery phrase (provided in the email).
However, these recovery phrases are controlled by scammers, giving them full access to drain the victims’ funds once transferred.
Fake Legal Claims Used to Deceive Users
The emails exploit recent legal actions against Coinbase and Gemini to appear convincing.
- Coinbase Scam Tactic: The fraudulent message cites a class-action lawsuit requiring Coinbase to become a registered broker — forcing customers to transfer assets to a new wallet.
- Gemini Scam Tactic: Similar emails claim a court ruling demands Gemini users migrate funds for security reasons.
Both Coinbase and Gemini have clarified that these claims are false and advised users to never enter a recovery phrase provided by someone else.
Coinbase and Gemini’s Response
Coinbase addressed the scam in a March 14 X post, reminding users that it will never send a recovery phrase or request wallet setups via email.
Gemini has yet to respond publicly to the scam but has previously warned users about phishing risks.
Phishing Attacks: Crypto’s Biggest Threat in 2024
According to CertiK’s Web3 security report, phishing attacks have emerged as the most significant security threat for crypto users, with $1 billion stolen across 296 incidents in 2024 alone.
New Malware Tactics Target Crypto Founders
In addition to email scams, hackers have attempted to deceive crypto founders via fake Zoom calls. Posing as potential partners, scammers claim to have audio issues during the meeting and send a link to a new call, which installs malware designed to steal sensitive data.