Beware the Coinbase Wallet “You’ve Received Funds” Scam Stealing Crypto

Cryptocurrency scams are on the rise as digital assets become more mainstream. One scheme to watch out for is the Coinbase Wallet “You’ve Received Funds” phishing attack. This article will provide an in-depth look at how the scam works, what to do if you fall victim, and key tips to protect yourself.

Coibase Scam

An Overview of the Coinbase “You’ve Received Funds” Crypto Scam

The Coinbase Wallet “You’ve Received Funds” scam is a phishing attack targeting Coinbase users and cryptocurrency investors. Here’s a quick rundown of how it works:

  • Scammers send out fake emails pretending to be from Coinbase. The emails state that the recipient has received cryptocurrency funds in their Coinbase Wallet.
  • The email instructs the recipient to open an HTML attachment for details on completing the transaction.
  • When opened, the HTML attachment is a phishing page mimicking the Coinbase website. It prompts the victim to enter their Wallet Recovery Phrase to complete the withdrawal.
  • If entered, the scammers now have the target’s Recovery Phrase. This gives them full access to steal all cryptocurrency funds from the compromised Wallet.

This scam is effective because it convinces victims they are interacting with legitimate Coinbase correspondence. The emails come from spoofed addresses like “no-reply@coinbase.com” or “support@coinbase.com”. They mimic the tone and branding of actual Coinbase communications.

The promise of unexpected funds also helps lower the target’s guard. Who wouldn’t want to believe they just received free crypto deposits worth hundreds or thousands of dollars?

However, real Coinbase notifications would never ask users to enter their Recovery Phrase outside of the official Coinbase website. This is the key giveaway that something fishy is going on.

In the sections below, we’ll break down exactly how the Coinbase Wallet scam ensnares victims step-by-step. We’ll also provide tips to avoid falling for it and what to do if you submitted your Recovery Phrase.

Step-by-Step: How the Coinbase Wallet “You’ve Received Funds” Scam Works

Here is a detailed walkthrough of how scammers leverage the “You’ve Received Funds” phishing scam to steal cryptocurrency:

1. Scammers Obtain Victim Email Addresses

The first step is for scammers to acquire a list of target email addresses. These often come from data breaches, malware infections, or purchased lists from the dark web.

Targets are individuals who are active in the crypto space – such as Coinbase users, cryptocurrency traders, or NFT collectors. Their emails may be scraped from forums, Discord groups, or leaked user databases.

2. Spoofed Emails Are Sent Impersonating Coinbase

Using the list of victim emails, scammers will send out fake notifications impersonating Coinbase.

The “From” address is spoofed to appear as no-reply@coinbase.com, support@coinbase.com, or other variants. Email spoofing tools allow scammers to mask the actual sender address.

3. Email States Recipient Received Unexpected Crypto Funds

The subject line will read something like “You’ve received 0.4 BTC in your Coinbase Wallet!”

The email body congratulates the recipient on receiving an unexpected Bitcoin deposit worth hundreds or thousands of dollars. Some variants may use other cryptocurrencies like Ethereum instead.

This is intended to lower the victim’s guard and make them excited about the supposed funds. It adds legitimacy to the fake message.

4. Victim Instructed to Open HTML Attachment

The email instructs recipients to open the attached HTML file to “complete their withdrawal”.

Reasons given include needing to provide identity confirmation, fill out paperwork, update account settings, etc.

The attachment is branded with the Coinbase logo and titled something like “CoinbaseWithdrawal.html”.

5. HTML Attachment Opens a Phishing Site

When launched, the HTML attachment opens a phishing site cloned to look identically like Coinbase. Everything from fonts to colors to branding matches the real Coinbase interface.

The phishing site will have a dashboard showing the user’s “account” with the incoming Bitcoin transaction. A withdrawal form is presented to “claim” the funds.

6. Victim Prompted to Enter Recovery Phrase

To finalize the withdrawal, the phishing site requests the user enter their Wallet Recovery Phrase.

This is framed as a standard identity confirmation measure before releasing the funds. The page claims it is for “account security”.

If the victim enters their Recovery Phrase, the scammers now have full access to compromise the Wallet.

7. Scammers Drain Cryptocurrency from the Victim’s Wallet

Using the captured Recovery Phrase, scammers will login to the victim’s actual Coinbase Wallet and drain all cryptocurrency assets.

Recovery Phrases are master passwords that allow full access to crypto wallets. Whoever controls the Phrase controls the wallet.

Once emptied, scammers will disappear with the stolen funds. They may also lock the rightful owner out of the wallet by changing credentials.

This is how a single phishing email can completely empty someone’s cryptocurrency wallet if they submit their Recovery Phrase. It highlights the importance of identifying scam emails and attachments before falling into the trap.

What to Do If You Entered Your Recovery Phrase in the Scam Email

If you already entered your Recovery Phrase via the phishing site, here are important steps to take right away:

  • Step 1: Transfer Funds to a New Wallet – If you still have access to your wallet, transfer any remaining crypto funds immediately to a brand new wallet. This secures them before the scammers can drain the account.
  • Step 2: Reset Your Recovery Phrase – Log into your legitimate Coinbase account and reset your Recovery Phrase. This revokes access from the scammers. Enable 2-factor authentication for additional security.
  • Step 3: Contact Coinbase Support – Reach out to Coinbase support to report the phishing attack. They may be able to lock the account sooner and provide other fraud resolution measures.
  • Step 4: Notify Your Bank/Cards – If your Coinbase account is linked to a bank account or cards, notify them of potential fraud. Consider cancelling the linked payment methods.
  • Step 5: Monitor Accounts Closely – Keep close watch on your cryptocurrency exchange accounts, bank accounts, and credit cards for any signs of unauthorized access in the coming weeks. Scammers may still try to leverage captured information.
  • Step 6: Scan Devices for Malware – Run malware/virus scans on any device that accessed the phishing site. Scammers may use downloaded payloads to compromise browsers or install spyware.
  • Step 7: Report the Scam Activity – File a report with the FTC and IC3 to notify authorities of the scam. This helps identify and stop related phishing campaigns.

Moving quickly to contain the damage can help limit how much is stolen. But recovering drained cryptocurrency is very difficult, so prevention is strongly advised.

How to Identify the Coinbase Wallet “You’ve Received Funds” Scam

Here are key red flags to help identify the “You’ve Received Funds” phishing attack:

  • Generic Greetings – Genuine Coinbase emails address you by name. Scam emails use generic greetings like “Dear user”.
  • Spoofed Senders – The sender address is not an official @coinbase.com account. Check the actual email address rather than just the displayed name.
  • Requests Recovery Phrase – Coinbase will NEVER ask you to enter personal wallet passwords/phrases outside of their official website under any circumstances.
  • Unexpected Funds – Look out for sudden notifications of surprise crypto deposits or airdrops. Verify all transactions in your official wallet before believing any emails.
  • HTML Attachments – Legitimate Coinbase withdrawals do not require opening HTML files. Be wary of any attachments asking you to input sensitive account info.
  • Urgent Call to Action – Language urging you to act fast on a withdrawal should raise suspicion. Scammers want to pressure victims into making mistakes quickly.

In general, critically examine any unsolicited emails around financial accounts or crypto wallets. Look past the surface details at the underlying patterns described above.

When in doubt, log into your real Coinbase account to verify transactions. Contact official Coinbase customer support for confirmation before clicking links in emails. Acting cautiously can protect you from cunning social engineering.

Key Tips to Avoid the Coinbase Wallet “You’ve Received Funds” Scam

Here are proactive measures to avoid falling victim to this phishing scam:

  • Enable two-factor authentication – Require 2FA codes in addition to passwords for all financial/crypto accounts. This prevents stolen login credentials from being sufficient to access accounts.
  • Use unique passwords – Have different complex passwords for each account, managed through a password manager. Prevents breaches from compromising multiple accounts.
  • Watch for email spoofing – Check sender addresses for any emails related to finances or crypto. Never trust display names alone. Report spoofed emails as phishing.
  • Avoid public Wi-Fi – When accessing sensitive accounts, stick to trusted networks only. Public connections can expose activity to snooping.
  • Install antivirus software – Use robust antivirus to block malicious attachments and payloads from phishing emails. This prevents malware infections or viruses.
  • Monitor accounts routinely – Frequently log into financial accounts to check for any unauthorized transactions. This allows you to catch fraud sooner.
  • Beware social engineering – Guard against phishing content designed specifically to manipulate emotions and psychology. Even savvy users can fall for skillfully crafted scams.
  • Report scams immediately – Alert Coinbase, your bank, and authorities to any phishing attempts. This gets attacks shut down quicker before claiming more victims.

With vigilance and healthy skepticism, you can avoid the vast majority of phishing scams. But no one is impervious to occasional slips in judgment. Implementing redundant safeguards limits the potential damage should an attack succeed.

Frequently Asked Questions

What is the Coinbase Wallet “You’ve Received Funds” scam?

This is a phishing scam where victims receive a fake email pretending to be from Coinbase. It states the recipient has received unexpected crypto funds in their Coinbase Wallet. It instructs them to open an HTML attachment and enter their Recovery Phrase to withdraw the funds. This gives the scammers access to steal all cryptocurrency from the compromised wallet.

How do I know if I received the phishing email?

Be suspicious of any emails about unexpected crypto deposits. Look for a spoofed sender address like “no-reply@coinbase.com”. The message will come with an HTML file attachment asking you to input your Recovery Phrase. Genuine Coinbase emails won’t request sensitive account info.

What happens if I entered my Recovery Phrase?

Contact Coinbase immediately and transfer any remaining funds to a brand new wallet. Reset your Recovery Phrase on Coinbase. Notify linked banks and cards about potential fraud. Monitor accounts closely for unauthorized access in the coming weeks.

How can I avoid this scam?

Use unique strong passwords, enable 2FA, monitor account activity routinely, and be wary of phishing attempts. Never enter your Recovery Phrase outside of the official Coinbase website.

What should I do if I receive the phishing email?

Do not open any attachments or click any links. Forward the email to phishing@coinbase.com. Delete the message and do not engage with the scammers. Check your official Coinbase account to confirm you did not actually receive any funds.

Can Coinbase recover stolen cryptocurrency?

Unfortunately, recovering stolen crypto is very difficult. Coinbase can try to lock accounts but cannot reverse unauthorized transactions. This is why it’s critical to avoid phishing attempts before they succeed.

How can I report this scam?

Forward phishing emails to Coinbase. You can also report the attack to the FTC and IC3 to help authorities track the scammers.

Are other cryptocurrency wallets targeted?

Yes, phishing scams impersonate many major crypto exchanges and wallets like Metamask, Trust Wallet, Crypto.com, and others. Always verify messages before taking any requested actions.

Is Your Device Infected? Check for Malware

If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.  

Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.

Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android

Scan your computer with Malwarebytes for Windows to remove malware

Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.

  1. Download Malwarebytes for Windows

    You can download Malwarebytes by clicking the link below.

    MALWAREBYTES FOR WINDOWS DOWNLOAD LINK
    (The above link will open a new page from where you can download Malwarebytes)
  2.  

    Install Malwarebytes

    After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.

    MBAM1
  3. Follow the On-Screen Prompts to Install Malwarebytes

    When the Malwarebytes installation begins, the setup wizard will guide you through the process.

    • You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.

      MBAM3 1
    • Malwarebytes will now begin the installation process on your device.

      MBAM4
    • When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.

      MBAM6 1
    • On the final screen, simply click on the Open Malwarebytes option to start the program.

      MBAM5 1
  4. Enable “Rootkit scanning”.

    Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.

    MBAM8

    In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.

    MBAM9

    Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.

  5. Perform a Scan with Malwarebytes.

    To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.

    MBAM10
  6. Wait for the Malwarebytes scan to complete.

    Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.

    MBAM11
  7. Quarantine detected malware

    Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.

    MBAM12

    Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.

    MBAM13

  8. Restart your computer.

    When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.

    MBAM14

Your computer should now be free of trojans, adware, browser hijackers, and other malware.

If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future.
If you are still having problems with your computer after completing these instructions, then please follow one of the steps:

Scan your computer with Malwarebytes for Mac to remove malware

Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.

  1. Download Malwarebytes for Mac.

    You can download Malwarebytes for Mac by clicking the link below.

    MALWAREBYTES FOR MAC DOWNLOAD LINK
    (The above link will open a new page from where you can download Malwarebytes for Mac)
  2. Double-click on the Malwarebytes setup file.

    When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.

    Double-click on setup file to install Malwarebytes

  3. Follow the on-screen prompts to install Malwarebytes.

    When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.

    Click Continue to install Malwarebytes for Mac

    Click again on Continue to install Malwarebytes for Mac for Mac

    Click Install to install Malwarebytes on Mac

    When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.

  4. Select “Personal Computer” or “Work Computer”.

    The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
    Select Personal Computer or Work Computer mac

  5. Click on “Scan”.

    To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
    Click on Scan button to start a system scan Mac

  6. Wait for the Malwarebytes scan to complete.

    Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
    Wait for Malwarebytes for Mac to scan for malware

  7. Click on “Quarantine”.

    When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
    Review the malicious programs and click on Quarantine to remove malware

  8. Restart computer.

    Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
    Malwarebytes For Mac requesting to restart computer

Your Mac should now be free of adware, browser hijackers, and other malware.

If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future.
If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.

Scan your phone with Malwarebytes for Android to remove malware

Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.

  1. Download Malwarebytes for Android.

    You can download Malwarebytes for Android by clicking the link below.

    MALWAREBYTES FOR ANDROID DOWNLOAD LINK
    (The above link will open a new page from where you can download Malwarebytes for Android)
  2. Install Malwarebytes for Android on your phone.

    In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.

    Tap Install to install Malwarebytes for Android

    When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
    Malwarebytes for Android - Open App

  3. Follow the on-screen prompts to complete the setup process

    When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options.
    This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue.
    Malwarebytes Setup Screen 1
    Tap on “Got it” to proceed to the next step.
    Malwarebytes Setup Screen 2
    Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue.
    Malwarebytes Setup Screen 3
    Tap on “Allow” to permit Malwarebytes to access the files on your phone.
    Malwarebytes Setup Screen 4

  4. Update database and run a scan with Malwarebytes for Android

    You will now be prompted to update the Malwarebytes database and run a full system scan.

    Malwarebytes fix issue

    Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.

    Update database and run Malwarebytes scan on phone

  5. Wait for the Malwarebytes scan to complete.

    Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
    Malwarebytes scanning Android for Vmalware

  6. Click on “Remove Selected”.

    When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
    Remove malware from your phone

  7. Restart your phone.

    Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.


Your phone should now be free of adware, browser hijackers, and other malware.

If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future.
If you are still having problems with your phone after completing these instructions, then please follow one of the steps:

The Bottom Line: Guard Against Coinbase Wallet Scams

The Coinbase Wallet “You’ve Received Funds” phishing scam highlights why extreme caution is warranted when managing cryptocurrency. Master passwords like Recovery Phrases provide the keys to the kingdom for cyber thieves.

But armed with awareness of how these scams operate, you can stay several steps ahead. Verify transactions only on official websites, employ robust cybersecurity protections, and think twice before trusting unsolicited messages.

With crypto adoption surging, similar phishing tactics will only increase moving forward. Stay alert to the latest schemes targeting Coinbase users and cryptocurrency holders.

Avoid becoming the next victim by using strong defenses and always confirming unusual account activity through official channels. Do this and you can invest in emerging digital assets with greater confidence and security.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.