A new and incredibly deceptive phishing campaign is targeting Coinbase users—but this isn’t your typical scam. Instead of stealing your recovery phrase, attackers are handing you one—a pre-generated phrase they control—tricking users into creating wallets the hackers can drain instantly.
Disguised as an official Coinbase email, the attack bypasses traditional security checks, using a convincing story about a court-mandated shift to self-custodial wallets. The emails, which originate from a compromised Akamai account via SendGrid, direct users to the legitimate Coinbase Wallet app but instruct them to import a recovery phrase that’s already compromised. The moment victims transfer funds, their assets are gone.
We break down:
🔹 How this phishing campaign bypasses SPF, DKIM, and DMARC to land in inboxes.
🔹 Why this "reverse phishing" technique is a dangerous evolution in crypto scams.
🔹 The role of social engineering and trust manipulation in making this attack successful.
🔹 Coinbase’s response and why you should never use a recovery phrase given to you—ever.
🔹 Practical steps to identify and avoid crypto phishing scams before it’s too late.
🚨 Whether you're a casual investor or a seasoned crypto trader, this new breed of phishing attack is a wake-up call. Tune in now to learn how to protect your assets and stay ahead of cybercriminals! #CryptoSecurity #PhishingScam #CoinbaseHack