Experienced trader Jacob Canfield recently shared an incident where he encountered potential Coinbase scammers. Shortly after, an anonymous whitehat hacker reached out to provide him with some security advice. It is noteworthy that Canfield was contacted via email and phone number that he had not shared with the hacker.
To ensure safety, all Coinbase users are advised to change their passwords and 2FA credentials. A series of social engineering attacks have been targeting users of Coinbase, which is the largest cryptocurrency exchange in the United States. Traders are being contacted by malicious individuals who claim that their password and 2FA settings have been altered.
I just got attacked with one of the most complex scams in #crypto that I have seen to date.
Please read if you use @coinbase.
This just happened 15 minutes ago.
THIS IS A WARNING FOR ALL COINBASE USERS!
There has been some sort of a data breach.
First, I… pic.twitter.com/aOVWLpAtY4
— Jacob Canfield (@JacobCanfield) June 13, 2023
Scammers playing with real Coinbase server
Jacob Canfield, a professional trader, and investor, was among those who received such messages. Initially, the information was sent through SMS, but the scammers later started calling Canfield using a phone number registered in San Francisco. Notably, Canfield had never used SMS for 2FA purposes, so the verification process seemed suspicious from the start.
However, he received an email from an authentic Coinbase server, which included his active account’s 2FA code. Canfield described this social engineering attack as one of the most sophisticated he has encountered, as it involved interaction with a legitimate exchange support unit. At present, the email from Coinbase appears to be genuine and is automatically sent when users request a support ticket for account verification.