Altcoins Talks - Cryptocurrency Forum
Learning & News => News related to Crypto => Topic started by: ABCbits on July 08, 2024, 01:07:55 PM
-
Coinbase Staff Impersonator Siphons $1.7M from User’s Wallet
An impersonator has been parading itself as a top staff from cryptocurrency exchange Coinbase Global Inc (NASDAQ: COIN). This past week, about three Coinbase users and one crypto user reported the incident, claiming to have received a call from this Coinbase-impersonating scammer. Unfortunately, one of them fell for the trick and allegedly lost $1.7 million in digital assets to the scammer... Read more here (https://www.coinspeaker.com/coinbase-staff-impersonator-1-7m-wallet/).
For now, there's no concentrate information how the impersonator know victim contact data. Although it's a shame since the victim could've notice it's scam due to weird-looking domain which mentioned on the tweet. Your opinion is greatly appreciated.
-
Getting more and more complicated with this different scams. I can’t really blame the victim just because the motive or the way it was done is really intricate that makes it more believable. I just can’t imagine what the victim must be feeling losing that kind of money.
I hope somehow it will be recovered in someway, but we can always be hopeful.
-
Getting more and more complicated with this different scams. I can’t really blame the victim just because the motive or the way it was done is really intricate that makes it more believable. I just can’t imagine what the victim must be feeling losing that kind of money.
There can be new scam and ways of hacking wallets but one thing is simple and not getting complicated. This is how to avoid scam. But most people do not read about how to avoid scam and hack but want to deal with coins. This scam can easily be avoided if not ignorant about scam and hacks.
-
Using a Coinbase number to communicate with customers is what made it easy for these scammers. I watched a documentary of an old woman who was deceived by a man who cared for her and told her that he knew someone who could double her money, and she lost everything. Fraudsters can obtain some information that only the platform team may know, such as your balance or some of your trading records, and use them to convince you.
-
Many will certainly not like it, but the best way to prevent something like this from happening to you is to simply not have an account at CEX. If we start from the fact that the majority cannot/doesn't want to trade cryptocurrencies in some other way, then it is evident from all this that some investors do not know the basics at all. You never give your seed to anyone, whether the president of your country or the Pope of Rome calls you personally ;D
Besides, who else keeps $1.7 million in a mobile wallet app? Well, that's the craziest of craziness at a time when you can buy a hardware wallet for less than $100. However, I have no doubt that even such a device can help those who fall for cheap tricks.
-
Its still a wonder how the scammer learned this victim's contact details. If he is sure have not given his number to any platforms, is there a possibikity that some real coinbase staff took his details and gave it to the scammers?
Real piece of work scammer that has the skills to make someone give up their seed.
Coinbase is centralized, I think they should try helping tracking the coins and alert all exchange to freeze when these coins gets into and exchange.
-
I hope somehow it will be recovered in someway, but we can always be hopeful.
$1.7m is a lot of money, so the case is going to get a good level of attention, however, the scammer must deposit it into a custodial service before anything can be recovered.
Scammers also know that they should not deposit stolen funds into a custodial service, so i have little hope of a recovery, the scammer will be working on obscuring the origin of the funds using different tools available for that, the victim has leaned a hard lesson.
-
We can talk about all these type of old scamming methods all day but some people will still fall for it. Anyway, it's getting harder for these frauds to cash out all the funds they have stolen as can be seen in the tweet that part of it went to Stake. Most likely, a good portion will be returned to the victim.
-
Coinbase Staff Impersonator Siphons $1.7M from User’s Wallet
An impersonator has been parading itself as a top staff from cryptocurrency exchange Coinbase Global Inc (NASDAQ: COIN). This past week, about three Coinbase users and one crypto user reported the incident, claiming to have received a call from this Coinbase-impersonating scammer. Unfortunately, one of them fell for the trick and allegedly lost $1.7 million in digital assets to the scammer... Read more here (https://www.coinspeaker.com/coinbase-staff-impersonator-1-7m-wallet/).
For now, there's no concentrate information how the impersonator know victim contact data. Although it's a shame since the victim could've notice it's scam due to weird-looking domain which mentioned on the tweet. Your opinion is greatly appreciated.
How can one not see so many red flags from this? It's really saddening to see.
Saw these basic things that are red flags already
Site looks fake
Call from coinbase? (that's a new thing from scammer)
and it's a self custody wallet lol..
-
Using a Coinbase number to communicate with customers is what made it easy for these scammers. I watched a documentary of an old woman who was deceived by a man who cared for her and told her that he knew someone who could double her money, and she lost everything. Fraudsters can obtain some information that only the platform team may know, such as your balance or some of your trading records, and use them to convince you.
Yes, it is certain that the reason is that the scammer obtained some important information and also because of the victim’s ignorance and insufficient experience. No support team can be the first caller. They always put these warnings on Telegram and say that we cannot contact you unless you call first.
This simply means that if you receive any phone call or chat on Telegram or elsewhere it is a scam unless you are the one who called in the first place. However, we do not say that there is 100% safety because scammers are always inventing new methods of fraud.
-
This is not new scam though, we have seen a lot of impersonations before, from Elon Musk and other well known crypto personalities. The thing is that probably with that advancement of AI, many are fallen for this trick.
Not saying that the blame should be on the victims here, but how come someone will just trust a supposedly Coinbase staff and give partial of their seed phrase?
Just makes me wonder as we all know that we shouldn't trust, but to verify first? So again, we can't stressed this enough, do not trust anyone even if they say that they are from Coinbase or any other exchanges and asked you for your partial seed phrase.
-
The scammer was in full control of the situation from the beginning. I noticed that email address was not correct from where it was sent. The main question is that how the scammer was able get the user's phone number? It looks as if someone within the exchange might have provided the details of the user to the scammer or there can be a data breach which has not been made public by the exchange.
-
~
For now, there's no concentrate information how the impersonator know victim contact data. Although it's a shame since the victim could've notice it's scam due to weird-looking domain which mentioned on the tweet. Your opinion is greatly appreciated.
These just shows that those who have huge amounts of money doesn't always have huge amount of knowledge when it comes to investing.
I don't know how the scammer did it, but knowing how the scammers usually scam these victims, I don't have that huge amount of money, but I will never, ever fall into these scammers. Well, it is what it is. It happened, and like what I always say, knowledge and experience really is very expensive because you need to lose large sum of money first before learning how to secure your assets.
As for my opinion, I hope that newbies will learn more about securing their assets.
-
Its still a wonder how the scammer learned this victim's contact details. If he is sure have not given his number to any platforms, is there a possibikity that some real coinbase staff took his details and gave it to the scammers?
Yes, it's still a wonder. The news only cite speculation by Hiro Systems CEO about possible breach on CoinTracker service (which happened 2 years ago) which used by Coinbase.
The scammer was in full control of the situation from the beginning. I noticed that email address was not correct from where it was sent. The main question is that how the scammer was able get the user's phone number? It looks as if someone within the exchange might have provided the details of the user to the scammer or there can be a data breach which has not been made public by the exchange.
Yes, that's the biggest question on this case. Combining that with email (which appear legit if you let your guard down) isn't what i expect from average scam attempt.
-
The main question is that how the scammer was able get the user's phone number? It looks as if someone within the exchange might have provided the details of the user to the scammer or there can be a data breach which has not been made public by the exchange.
Kyc is very dangerous, i learnt that from bitcointalk, and it is very true. Any data that has been submitted to a centralized platform can find its way into the dark market, it could be in a data breach or it could be sold in an inside job.
The victim should have detected this scam, but so many of us can say this here because we have the knowledge, there are a lot of people out there whom have a lot of coins, but little to no knowledge about security.
-
Kyc is very dangerous, i learnt that from bitcointalk, and it is very true. Any data that has been submitted to a centralized platform can find its way into the dark market, it could be in a data breach or it could be sold in an inside job.
~snip~
There aren't too many options left for the scammer to know exactly who to call, and obviously the targets were people who had wealth on their "accounts". However, this is about a user who uses an app wallet and not CEX of the same company - and considering that the app does not require (I assume) KYC, the question really arises as to how someone knows that a certain person has that app on their smartphone where they keep $1.7 million in crypto?
Is this some type of social engineering where these data were obtained through victims social networks or some other method of data collection?
-
Based on the tweet
Part of the $1.7M ends up at http://Stake.com
https://x.com/theklineventure/status/1810068252900376999
Coinbase must deal with it with Stake.com since a large amount is involved. I don't think this will escape the Stake alarm; there is a possibility that they can trace the scammer if he has done KYC on Stake.com before.
This story reminds us always to check and not be 100% sure if they are talking to the right people. If the scammer is smart, you should be smarter than him.
-
Based on the tweet
Part of the $1.7M ends up at http://Stake.com
~snip~
I thought that there were some kind of professionals hiding behind everything who would know how to cover the trail, but instead they send part of the hacked funds to an online casino? Unless it's part of some kind of smoke screen strategy, I have a hard time imagining why someone would pull such a stupid move...
-
Coinbase must deal with it with Stake.com since a large amount is involved. I don't think this will escape the Stake alarm; there is a possibility that they can trace the scammer if he has done KYC on Stake.com before.
The scammers move is crazy, and it just adds to the 'confusion' about everything relating to this case, from how the scammer who claimed to be a rep of a centralized exchange knew that the victim had such an amount in a different wallet that's not of the exchange.
Now, how does the scammer move stolen funds to a custodial address controlled by a casino, it is good for the victim because i believe some part of the funds would be recovered.
-
This is such a sad thing but also there is a bit of blame to go for the people who got fooled as well. I mean look at this method, it looks like it would be near impossible for anyone to take my money this way, I would not believe them. In the end a scammer is a scammer and a lot of people gets scammed everyday in the world. We should not even put the blame on people who put their money on a centralized place, because even in fiat world people get scammed all the time, some people are just so ready to get scammed. We should realize that it takes time for people to get used to these new technological stuff. Specially old people are their targets because they know that they are going to end up with getting their money stolen since they do not know everything that well and make mistakes easier.
-
For now, there's no concentrate information how the impersonator know victim contact data. Although it's a shame since the victim could've notice it's scam due to weird-looking domain which mentioned on the tweet. Your opinion is greatly appreciated.
It's funny how someone has $1.7M sitting on exchanges and yet can't afford to used $1k to buy a hardware wallet, I haven't even seen anyone that is so expensive upto a thousand dollars, highest I have seen is $600 and there is nothing fancy about it, just some customization but it does exactly what ledger and other top safe hardware wallet does too.
Had it been he save the coins on a hardware wallet, nobody will send him link or wallet afteess to begin with and the scammer wouldn't even know he own a coin in the first place. Even if he knows the person has crypto, the victim will be quick smell scam when he see one.
-
It's funny how someone has $1.7M sitting on exchanges and yet can't afford to used $1k to buy a hardware wallet
What's really funny is that the victim's funds was not on an exchange, but in their self custodial wallet, this is what makes the story very confusing. The victim said the impersonator called and told them that 'their wallet was connecting directly to the blockchain', this on its own does not make sense.
The scammer went on to direct the victim to a website to enter their seed phrase to stop the 'error', the victim said they entered part of their seed phrase, but didn't submit it, but apparently the website captures whatever is typed in that website, so the attackers were able to bruteforce the remaining words and steal the funds.
-
Coinbase must deal with it with Stake.com since a large amount is involved. I don't think this will escape the Stake alarm; there is a possibility that they can trace the scammer if he has done KYC on Stake.com before. This story reminds us always to check and not be 100% sure if they are talking to the right people. If the scammer is smart, you should be smarter than him.
Yes, of course, we should be so extra careful most especially if we are hodling a big amount of money or cryptocurrency. Now, according to this story, "the bad actor coerced the Coinbase user into revealing part of his seed phrase" and we know that exchanges will never call or ask anyone asking for wallet seed phrase so this is a big red flag in the first place. For someone with a relatively big portfolio, I am amazed that the victim is not aware of this basic fact and rule in crypto safety. Never ever take a call from anyone most especially claiming to be from an exchange because in the first place no crypto platform will do and they don't ask for seed phrase because that is for us to keep secretly. This story is reminding us that people who are in cryptocurrency still need to be educated on how to avoid being scammed and defrauded. Maybe Coinbase should launch a wide-reaching program educating their users on how to detect red flags so as to never fall victims of this shenanigan that can cost anyone millions worth of money. Let's hope that Stake.com will cooperate with the victim in helping to recover the funds or crypto to their rightful owner...and this can be a big test for this gambling platform if they are professional or not. Sadly this is not going to be the last story on this nature as there can be more victims in months and years to come as cryptocurrency has become the big bread and butter for many scammers and hackers most especially from North Korea (https://www.coindesk.com/policy/2024/03/21/north-korean-crypto-hackers-have-stolen-3b-since-2017-says-un-security-council-report/).
-
Now, according to this story, "the bad actor coerced the Coinbase user into revealing part of his seed phrase" and we know that exchanges will never call or ask anyone asking for wallet seed phrase so this is a big red flag in the first place.
The point here is that centralized exchanges hold the keys to their customers wallets, so you don't have any seed phrase on an exchange. The attacker called the victim about their self custodial wallet that is different from their wallet on the exchange, and that is what makes the story funny and hard to believe, why will a coinbase staff call you to solve a 'problem' with your self custodial wallet that has nothing to do with the exchange.
-
Based on the tweet
Part of the $1.7M ends up at http://Stake.com
~snip~
I thought that there were some kind of professionals hiding behind everything who would know how to cover the trail, but instead they send part of the hacked funds to an online casino? Unless it's part of some kind of smoke screen strategy, I have a hard time imagining why someone would pull such a stupid move...
Oh is this true, it if went to Stake then maybe they can trace it back and obviously Stake are asking for KYC now.
I do agree, when you thought that this criminals are smart not to get caught, but instead, just one mistake and they are done. Perhaps it's the obvious that either they think that they can used a casino to mix their coins or just addicted gambler that once they got the crypto, the criminals just wanted to play as their decision is clouded.
-
Based on the tweet
Part of the $1.7M ends up at http://Stake.com
https://x.com/theklineventure/status/1810068252900376999
Coinbase must deal with it with Stake.com since a large amount is involved. I don't think this will escape the Stake alarm; there is a possibility that they can trace the scammer if he has done KYC on Stake.com before.
This story reminds us always to check and not be 100% sure if they are talking to the right people. If the scammer is smart, you should be smarter than him.
Just weird though that the scammers deposit it to a well known crypto online casinos which requires KYC from their customers. And I do agree, it will raise a big flag from Stake itself to see this large transactions coming into their system.
They are very strict with it and their fraud department might have raised the flag and do proper investigation. Not sure if Eddie has a account here, but it good be good if there will be from the other community to message him if it hasn't been done so.
-
An impersonator has been parading itself as a top staff from cryptocurrency exchange Coinbase Global Inc (NASDAQ: COIN). This past week, about three Coinbase users and one crypto user reported the incident, claiming to have received a call from this Coinbase-impersonating scammer. Unfortunately, one of them fell for the trick and allegedly lost $1.7 million in digital assets to the scammer...
This is why it is always necessary to tell newbies on the Internet and in cryptocurrency that they should be careful about people that they give their attention to, regardless of whatever title those people may claim to have attached to their name. Titles can be deceitful and be claimed by anyone just to earn trust, and we should always have the consciousness so not to become victims ourselves. Trust people for who they are, after they've earned your trust, not for who they claim to be.