Key Insights
- Scammers impersonate Coinbase support, targeting wealthy crypto executives using leaked databases and earning five-figure sums weekly through phishing attacks.
- Phishing schemes use fake notifications and spoofed emails to steal crypto, with scammers laundering funds through Tornado Cash and Monero for anonymity.
- Over $127M was stolen in Q3 2024 via crypto phishing scams, exploiting the decentralized nature of crypto and limited options for victims to recover funds.
A recent crypto phishing scam has revealed a sophisticated operation targeting high-ranking executives in the cryptocurrency space. The scammers, impersonating Coinbase support, reportedly earn five-figure sums weekly by exploiting leaked data and manipulating victims into sending funds.
Casa CEO Nick Neuman shared his interaction with one of the scammers on Nov. 20, posting a video of the conversation on X (formerly Twitter). During the call, the scammer disclosed startling details about their tactics, targets, and financial gains.
Scammers Focus on High-Net-Worth Individuals
The scammer claimed their operation focuses exclusively on wealthy targets, saying, “We don’t call poor people.” They explained that their targets often include CEOs, CFOs, and software engineers, using databases with individuals holding at least $50,000 in crypto assets.
According to the scammer, much of their target information is sourced from crypto services like Unchained Capital. They assume those listed in these databases are likely to have Coinbase accounts, which they exploit by sending phishing emails and spoofed notifications. These messages trick victims into clicking malicious links, paving the way for financial theft.
How the Scams Operate
The phishing scheme often begins with fake notifications about canceled password changes or unusual account activity. These messages prompt victims to click links or provide information, ultimately leading to stolen funds. However, the scammer revealed their ultimate goal is not to obtain passwords but to convince victims to transfer crypto to their wallets.
To enhance their operations, the scammers reportedly use “auto-doxxing” tools to gather additional details on their targets, making their phishing attempts more convincing. They also spoof email addresses to make messages appear legitimate, further deceiving victims.
“We hit $35K two days ago,” the scammer claimed, adding that their goal is to reach $100,000 per month.
Laundering and Cashing Out Stolen Crypto
Once funds are stolen, the scammers use advanced laundering methods to obscure the transactions. They reportedly utilize Tornado Cash, a crypto-mixing service, to anonymize funds. Tornado Cash, which has been sanctioned in the U.S., allows users to obscure the origin and destination of cryptocurrency transactions.
Additionally, stolen funds are often converted into Monero (XMR), a privacy-focused cryptocurrency that provides enhanced anonymity. The scammer stated that after holding Monero for a few days, it becomes untraceable. For cashing out, they rely on hardware wallets like Ledger and use intermediaries to bypass Know Your Customer (KYC) protocols at exchanges.
Phishing Scams on the Rise in Crypto
This latest revelation underscores the growing threat of phishing scams in the crypto industry. Data from Web3 security firm Scam Sniffer indicates that over $127 million was stolen in Q3 2024 through similar attacks.
The scammers admitted to exploiting the decentralized and unregulated nature of crypto, describing it as the “Wild Wild West.” They noted that victims often have limited recourse, with no centralized authority to report losses to, saying, “If you lose $30-$40,000 in ETH or BTC, who are you going to call? The crypto police?”
The increasing sophistication of these scams poses a challenge for crypto users, highlighting the importance of vigilance and secure practices. Users are advised to verify communications, avoid clicking on unsolicited links, and use strong security measures like hardware wallets and multi-factor authentication.
SureTradeGroup.com is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. Some of the content on this site is paid content that is not written or posted by our writers or editors and the opinions expressed do not reflect the opinions of this website. Any disagreement you may have with brands or companies mentioned in articles will need to be taken care of directly with those specific brands and companies. The responsibility of anyone who may click links in our articles and ultimately sign up for that product or service is their own. Forex, Stocks, Cryptocurrencies, NFTs and Dogital Tokens are all a high-risk asset, investing in them can lead to losses. Readers should do their own research before taking any action.