Renowned crypto trader Jacob Canfield recently found himself ensnared in what he described as “one of the most complex scams in crypto that I have seen to date.”
Hackers targeted Canfield’s Coinbase account in a sophisticated phishing attack, attempting to drain his funds. Sharing his ordeal on Twitter, Canfield alerted other Coinbase users, expressing concerns about a possible data breach.
The ordeal began when Canfield received a text message notifying him of a change in his Coinbase two-factor authentication (2FA). Soon after, he received calls from a counterfeit Coinbase customer support line that appeared to be from San Francisco.
The scammers posed questions about his location and whether he had requested a Two-factor authentication (2FA) and email change, to which Canfield replied in the negative.
To allay his suspicions, the scammers sent him a text message claiming to have canceled the change requests. However, they redirected him to a fake Coinbase “security” team to verify his account, warning him of a potential 48-hour suspension.
The scammers, armed with Canfield’s name, email, and location, proceeded to send an email with a “verification code” from help@coinbase.com to his email.
Refusing to provide the verification code, Canfield recounted that the scammer grew agitated and abruptly ended the call. As it turned out, the email sent by the scammers appeared legitimate, resembling official communications from Coinbase, but the actual sender was identified as Amazon’s email provider.
Speculation suggests that the scammers might have gained access to Canfield’s account through a previous data breach. Canfield himself admitted uncertainty, stating, “I’m not sure if they were logging in or already logged in and were requesting a withdrawal.”
Coinbase addressed the situation, asserting that no data breach had occurred. Some users suggested that a third-party, potentially CoinTracker, was the source of the leak. CoinTracker denied the claim but acknowledged a data breach in December, where Canfield’s email might have been compromised.
While Canfield managed to identify the scam, he expressed concerns that others might unknowingly fall victim to this sophisticated phishing attempt. Similar scams targeting other individuals were reported by crypto sleuth ZachXBT.
Canfield emphasized that the verification code he received was not his actual 2FA since he did not employ SMS or email authentication. Although he did not wait to witness the potential draining of his account, Canfield speculated that a data breach might have occurred either through a third party or via the dark web.
Also Read: DeFi Protocol Sturdy Finance Loses $800K to Attackers
Given the circumstances, Canfield advised Coinbase users to prioritize their security by promptly changing all passwords. The incident serves as a stark reminder for crypto enthusiasts to remain vigilant and safeguard their digital assets.
