Coinbase won’t call customers to warn them that their accounts may have been compromised. It’s a common scam vector. Still, someone tried it on me.
You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.
Account compromise
The narrative
Last weekend, an unknown California number called me. A helpful gentleman informed me that my Coinbase account had been compromised during its recent data breach and he was there to assist me in not losing my assets.
Oh no, the horror!
Why it matters
All right, so obviously this is a scam. Right after hanging up with this supposed help desk agent, I texted a Coinbase spokesperson to verify that at no point would the exchange call a customer to tell them their account was compromised. It’s scam 101 — if you’re getting a phone call informing you that your account’s been compromised, whether at a crypto exchange, a bank, the IRS, whatever, it’s a scam. Do not share your personal details and do not provide any passwords if you get a call like this.
There were a few flaws in the attempt to get me to, presumably, move my funds from my supposedly compromised Coinbase account to another address. But I’m hopeful that this can be a useful teaching moment for the nearly 70,000 people who have been affected by Coinbase’s recent breach disclosure, as well as anyone else who receives a phone call claiming their information has been compromised. Here’s how this went down.
Breaking it down
Let’s start from the beginning. On Saturday, May 24, I received a call from a number I didn’t recognize to my personal phone, not my public-facing work number. It being a weekend, one where I was actually visiting family in another state, I didn’t pick up. Then the same number called back and I still didn’t pick up (yes I know, riveting, but it’s 2025 and you can leave a voicemail or text).
Ten minutes later, I received a third call from a different number, which I did pick up because at that point I was curious.
A fast-talking gentleman who called himself Riccardo told me he was part of Coinbase’s Actions and Protections Department and that he was reaching out because my Coinbase account information had been compromised and a new email had just been added to my account.
I was pretty confused, for reasons I’ll get into below. But I was also intrigued because there were immediately four red flags. For simplicity’s sake, I’ll refer to the caller as “the agent” from here on out, but to be absolutely clear, I doubt he is an actual customer service agent, representative or other employee of Coinbase, and he certainly was not reaching out to me as an authorized representative of the exchange.
First off, the phone call itself is a big red flag. Coinbase will never call a customer about a breach, but rather will contact customers via email, it previously said in a tweet.
This is actually standard. The Federal Trade Commission website notes there is a vast range of scams wherein someone will call you, and numerous other companies have warnings that their employees will never proactively call a customer about account issues.
The agent I spoke to said they would freeze my account for 24 hours to ensure no funds could be stolen (thanks, I guess?) and that a supervisor would reach out to me (I continue to wait for this supervisor to call). This supposed freeze on my account can be extended to three months if there are multiple failed login attempts.
To wrap up the call, he said he’d send me an email summarizing all the details we’d discussed. On Saturday night, I received an email with the subject line “your case is under review.”
The follow-up email this very helpful customer service representative sent was extremely informative.
For one thing, the email address they had associated with my account is a public-facing address, but is not the email address attached to my actual Coinbase account (in fairness, I forgot that part until I tried to find my login information a few days later).
Gmail initially (correctly) flagged this email as spam. I moved it to my inbox, where Gmail then showed me that the sender (help@info-coinbase.com) was not the actual sender — the email arrived via learnindonesian.online. Even the info-coinbase.com part is sketchy — for one thing, Coinbase’s website is coinbase.com, though it does send emails from info@info.coinbase.com — still, you wouldn’t expect a hyphen in a support email domain. For another, the info-coinbase domain was first created in November 2024 (according to an ICANN lookup) and isn’t a real website.
The email headers were also not super helpful in terms of providing any sort of identifying information, but they did confirm that the sender appeared to have tried to obfuscate their information.
Curiously, the “Visit Coinbase” link at the bottom appeared to link to the actual Coinbase website and there do not appear to be any hidden embedded images or other attached files in the email at all. I’m not totally sure what’s going on there. A real scammer could have embedded a virus of some sort into the email or even a tracking pixel. Another common tool scammers might use is putting in a phishing link in place of a legitimate one in an email, tricking the user into going to a website intended to steal their login information (this is not legal, technical or any other sort of advice; if you decide to try and scam somebody using information you gleaned from this newsletter, stop it).
While scammers might sometimes know how much their intended victims have in a wallet or account, the person who called me did not appear to have that information (as I have zero crypto in my Coinbase account).
I called the number back on Friday to see what might happen. No one picked up. I guess my account must be secure now.
Stories you may have missed
- Stand With Crypto Removes Soulja Boy From NJ Governor Rally After Discovering Sexual Assault Fine: Stand With Crypto announced Soulja Boy and 070 Shake would headline a “get out the vote rally” next week ahead of New Jersey’s governor primary election. SWC removed Soulja Boy a day later after discovering he was found liable for sexual battery and assault charges and ordered to pay $4 million last month, in a case stemming from 2021.
- SEC Task Force Chief Says Crypto Traders Need to be Growups, Not Cry to Government: SEC Commissioner Hester Peirce told the Bitcoin 2025 Las Vegas audience that it’s fine to invest in speculative assets, especially if there’s no federal regulator with close oversight, but those investors can’t ask for a bailout when prices sink.
- U.S. House Republicans Officially Introduce Crypto Market Structure Bill: House Republicans have formally introduced the Digital Asset Market Clarity Act, its market structure bill, just weeks after circulating a discussion draft.
- Crypto Staking Doesn’t Violate U.S. Securities Law, SEC Says: The SEC’s latest staff statement looks at staking and how the securities regulator might evaluate that part of the crypto ecosystem.
- SEC Files to Dismiss Long-Running Lawsuit Against Binance: The SEC and Binance filed a joint stipulation to drop the regulator’s case against Binance.
- Suspects in Manhattan Crypto Kidnapping, Torture Case Plead Not Guilty as Investigation Widens: News broke over the weekend that a crypto investor had been kidnapped and tortured for his Bitcoin keys. Two suspects accused of perpetrating the kidnapping have been arrested and pled not guilty.
- Trump’s Memecoin Dinner Questioned by Top Democrat on House Judiciary Committee: Jamie Raskin, the top Democrat on the House Judiciary Committee, wrote a letter to U.S. President Donald Trump calling on him to publish the names of his guests at last week’s memecoin dinner.
This week
Friday
- 15:00 UTC (11:00 a.m. ET) A federal judge held a telephone hearing to assess Roman Storm’s defense argument that the Department of Justice may have withheld information. The judge ruled that in her view, the DOJ did not have to review its materials and had not withheld information that rose to the level of affecting proceedings.
Elsewhere:
- (The Washington Post) The White House published a “Make America Healthy Again” report that cited nonexistent studies and references — with telltale signs that AI may have been used to generate at least some parts of the report.
- (The Federal Reserve) The Fed said 8% of adults who responded to a survey said they held cryptocurrency in the U.S., down from 12% four years ago.
If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at nik@coindesk.com or find me on Bluesky @nikhileshde.bsky.social.
You can also join the group conversation on Telegram.
See ya’ll next week!