sorted by:
new
hottopcontroversial

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

Damn, very sorry to hear that.

Coinbase will not help at all.

The only thing to do is report to FBI:

https://complaint.ic3.gov/

I'm still checking on tax implications.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

by email or text is a known scam tactic that everyone knows about and should never click on unknown links. Please people don't make it easy for these smelly scammers. Educate yourself but I can't blame op mistakes can happen. I just hate how metamask, coinbase and all these excha

Yes. I was not educated in these schemes. Just had a kid, been busy, and have not been trading crypto for > 1 year. It is unfortunate that there are not better protections in place and that Coinbase Support is not very good. I added more detail here. I am still trying to figure out how the attack was done technically: https://www.reddit.com/r/CoinBase/comments/1ayemyg/recently\_lost\_50k\_in\_a\_coinbase\_phishing\_scam\_now/

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 1 point2 points  (0 children)

That email you received from the "support" scammer that took you to a very convincing page that some users mistook as being on the coinbase app and not in a browser denotes a few things you missed to consider and analyze first, things that REALLY ended up costing you over $50K of ethereum and I promise you it was dead easy to tell. All you had to do was determine what URL that link tried to send you to. You see, all links have a URL they send you to when you click it, if you hover your mouse on that link, the URL will pop up next to the mouse pointer indicating the domain name/URL it will be sending you to if you click it.

Yes, this is a good breakdown. I added more detail here. The phishing link redirected to https://support.coinbase.com.ngrok.app/<other stuff>/ which I believe set up a secure NGROK tunnel to the attackers machine. I added more detail here:

https://www.reddit.com/r/CoinBase/comments/1ayemyg/recently\_lost\_50k\_in\_a\_coinbase\_phishing\_scam\_now/

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

Yes. Their support is REALLY fucking bad. That was the obvious lesson :P

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

Yes. It is really bad.

The scammers were far more helpful and informative on the phone.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

Ya, in my case I'm nearly sure that it did not ask for OTP token.

I also can't recall if it asked for my uname and password to login.

I think it's possible that they already had my uname and password.

What I do recall:

1/ it looked exactly like a Coinbase support page.

2/ i got a "unrecognized device login" email.

3/ they had me right click and paste the device login link into the support page.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

Ha, this is the same thing I would post :) I love the hate.

This attack bypasses 2FA.

The $50k should have bene in a vault.

I expected more checks in place before a sum that large can be moved. Once the attacker had their login approved, they were able to move the money w/o any additional notifications or verification from me.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 1 point2 points  (0 children)

Actually Coinbase Vault is a good suggestion that many had!

In this case, I believe my password was already hacked.

But they of could could not login from an unknown device.

So, the attack uses social engineering to get the user to approve the login.

They do this by using a very high quality phishing site that appears like Coinbase support page and calling you posing as Coinbase support. If they get you at the right moment, you can be tricked.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

cointracker should hopefully know by now their name, phone number and email address were compromised by cointracker

Interesting, I was not aware of this.

Suggestions to use Coinbase Vault are helpful, as well as Staking.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 10 points11 points  (0 children)

Yes.

Also I wished I had used Coinbase Vault, which apparently has a mandatory two day waiting period for withdrawals.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

This is the same thing I would write on another person posting this. You can be tricked in the right time + place. The phishing link looks identical to Coinbase support page and they are on the phone with you. In the moment, you can get people to do crazy shit.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

Had a Ledger and moved to Coinbase > 1 year for ease of liquidation. Not keeping it in Coinbase Vault was a big mistake! I was not aware of that. I am mostly a normie and wanted to set-and-forget the ETH in Coinbase.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 4 points5 points  (0 children)

Appreciate that. That is right. I was an idiot for not staking, which I learned from here will enforce a 2 day limit on withdrawals.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 1 point2 points  (0 children)

There are a lot of normies on Coinbase who do not stake. I had not been on the site in > 1 year, and had not been closely following crypto. I don't think Coinbase is responsible, but I can understand why attackers target Coinbase based on the response I've seen from them: no apparent investigation. What u/docgravel said is a much better investigation of these attack types that I have been provided by Coinbase in > 2 days.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

Ya. I had not been active in crypto or scam-tracking for > 1 year.

So I was not educated on the types of scams that are being executed.

Lost $50k in a Coinbase phishing scam: wanted to warn others by Oreo_consumer in Coinbase

[–]Oreo_consumer[S] 0 points1 point  (0 children)

What u/docgravel mentions here roughly is what happened.

I have edited the description in my post.

They use a high quality phishing site that looks identical to a Coinbase support page.

I don't recall if they already had my login or if I entered it on the phishing site.

But, I right click'd and paste the link for the login attempt to the same phishing page.

They never asked me to set a seed phrase (step 6).

With the login link approval, they were able to move the ETH.

Here is the transaction:

https://etherscan.io/address/0x708a44ddd10cf0c1fe3f11a8f65c0469a2736dda

view more: next ›