Crypto Users Targeted in New Sophisticated Wallet Scam

A surge in phishing emails is hitting crypto users, with scammers posing as Coinbase and Gemini to steal funds.

These fraudulent messages instruct recipients to create self-custodial wallets using pre-generated recovery phrases—allowing attackers to seize control once assets are deposited.

Some victims have shared screenshots of emails allegedly from Coinbase, warning them of a class-action lawsuit and urging them to switch to a new wallet before an April 1 deadline. The email provides a real download link for Coinbase Wallet but tricks users into using a compromised recovery phrase. Gemini users have reported nearly identical scams, with emails falsely citing a court ruling as the reason for the wallet migration.

Both exchanges have denied any connection to these emails. Coinbase has reminded users it never provides recovery phrases, while Gemini has yet to issue a formal statement.

The phishing campaign follows the SEC’s recent decision to drop lawsuits against both platforms, a fact scammers are exploiting to make their messages seem legitimate. Meanwhile, blockchain security firm CertiK has warned that phishing remains the biggest cybersecurity threat in crypto, accounting for over $1 billion in losses across nearly 300 incidents last year.

Beyond email scams, hackers are also targeting crypto executives directly. Reports indicate that at least three company founders recently thwarted attempts by North Korean hackers posing as potential partners. The attackers invited them to Zoom meetings, then sent fake links disguised as audio fixes, which were actually malware-laden traps.