Beware the Coinbase Wallet “You’ve Received Funds” Scam Stealing Crypto
Written by: Stelian Pilici
Published on:
Cryptocurrency scams are on the rise as digital assets become more mainstream. One scheme to watch out for is the Coinbase Wallet “You’ve Received Funds” phishing attack. This article will provide an in-depth look at how the scam works, what to do if you fall victim, and key tips to protect yourself.
An Overview of the Coinbase “You’ve Received Funds” Crypto Scam
The Coinbase Wallet “You’ve Received Funds” scam is a phishing attack targeting Coinbase users and cryptocurrency investors. Here’s a quick rundown of how it works:
Scammers send out fake emails pretending to be from Coinbase. The emails state that the recipient has received cryptocurrency funds in their Coinbase Wallet.
The email instructs the recipient to open an HTML attachment for details on completing the transaction.
When opened, the HTML attachment is a phishing page mimicking the Coinbase website. It prompts the victim to enter their Wallet Recovery Phrase to complete the withdrawal.
If entered, the scammers now have the target’s Recovery Phrase. This gives them full access to steal all cryptocurrency funds from the compromised Wallet.
This scam is effective because it convinces victims they are interacting with legitimate Coinbase correspondence. The emails come from spoofed addresses like “no-reply@coinbase.com” or “support@coinbase.com”. They mimic the tone and branding of actual Coinbase communications.
The promise of unexpected funds also helps lower the target’s guard. Who wouldn’t want to believe they just received free crypto deposits worth hundreds or thousands of dollars?
However, real Coinbase notifications would never ask users to enter their Recovery Phrase outside of the official Coinbase website. This is the key giveaway that something fishy is going on.
In the sections below, we’ll break down exactly how the Coinbase Wallet scam ensnares victims step-by-step. We’ll also provide tips to avoid falling for it and what to do if you submitted your Recovery Phrase.
Step-by-Step: How the Coinbase Wallet “You’ve Received Funds” Scam Works
Here is a detailed walkthrough of how scammers leverage the “You’ve Received Funds” phishing scam to steal cryptocurrency:
1. Scammers Obtain Victim Email Addresses
The first step is for scammers to acquire a list of target email addresses. These often come from data breaches, malware infections, or purchased lists from the dark web.
Targets are individuals who are active in the crypto space – such as Coinbase users, cryptocurrency traders, or NFT collectors. Their emails may be scraped from forums, Discord groups, or leaked user databases.
2. Spoofed Emails Are Sent Impersonating Coinbase
Using the list of victim emails, scammers will send out fake notifications impersonating Coinbase.
The “From” address is spoofed to appear as no-reply@coinbase.com, support@coinbase.com, or other variants. Email spoofing tools allow scammers to mask the actual sender address.
3. Email States Recipient Received Unexpected Crypto Funds
The subject line will read something like “You’ve received 0.4 BTC in your Coinbase Wallet!”
The email body congratulates the recipient on receiving an unexpected Bitcoin deposit worth hundreds or thousands of dollars. Some variants may use other cryptocurrencies like Ethereum instead.
This is intended to lower the victim’s guard and make them excited about the supposed funds. It adds legitimacy to the fake message.
4. Victim Instructed to Open HTML Attachment
The email instructs recipients to open the attached HTML file to “complete their withdrawal”.
Reasons given include needing to provide identity confirmation, fill out paperwork, update account settings, etc.
The attachment is branded with the Coinbase logo and titled something like “CoinbaseWithdrawal.html”.
5. HTML Attachment Opens a Phishing Site
When launched, the HTML attachment opens a phishing site cloned to look identically like Coinbase. Everything from fonts to colors to branding matches the real Coinbase interface.
The phishing site will have a dashboard showing the user’s “account” with the incoming Bitcoin transaction. A withdrawal form is presented to “claim” the funds.
6. Victim Prompted to Enter Recovery Phrase
To finalize the withdrawal, the phishing site requests the user enter their Wallet Recovery Phrase.
This is framed as a standard identity confirmation measure before releasing the funds. The page claims it is for “account security”.
If the victim enters their Recovery Phrase, the scammers now have full access to compromise the Wallet.
7. Scammers Drain Cryptocurrency from the Victim’s Wallet
Using the captured Recovery Phrase, scammers will login to the victim’s actual Coinbase Wallet and drain all cryptocurrency assets.
Recovery Phrases are master passwords that allow full access to crypto wallets. Whoever controls the Phrase controls the wallet.
Once emptied, scammers will disappear with the stolen funds. They may also lock the rightful owner out of the wallet by changing credentials.
This is how a single phishing email can completely empty someone’s cryptocurrency wallet if they submit their Recovery Phrase. It highlights the importance of identifying scam emails and attachments before falling into the trap.
What to Do If You Entered Your Recovery Phrase in the Scam Email
If you already entered your Recovery Phrase via the phishing site, here are important steps to take right away:
Step 1: Transfer Funds to a New Wallet – If you still have access to your wallet, transfer any remaining crypto funds immediately to a brand new wallet. This secures them before the scammers can drain the account.
Step 2: Reset Your Recovery Phrase – Log into your legitimate Coinbase account and reset your Recovery Phrase. This revokes access from the scammers. Enable 2-factor authentication for additional security.
Step 3: Contact Coinbase Support – Reach out to Coinbase support to report the phishing attack. They may be able to lock the account sooner and provide other fraud resolution measures.
Step 4: Notify Your Bank/Cards – If your Coinbase account is linked to a bank account or cards, notify them of potential fraud. Consider cancelling the linked payment methods.
Step 5: Monitor Accounts Closely – Keep close watch on your cryptocurrency exchange accounts, bank accounts, and credit cards for any signs of unauthorized access in the coming weeks. Scammers may still try to leverage captured information.
Step 6: Scan Devices for Malware – Run malware/virus scans on any device that accessed the phishing site. Scammers may use downloaded payloads to compromise browsers or install spyware.
Step 7: Report the Scam Activity – File a report with the FTC and IC3 to notify authorities of the scam. This helps identify and stop related phishing campaigns.
Moving quickly to contain the damage can help limit how much is stolen. But recovering drained cryptocurrency is very difficult, so prevention is strongly advised.
How to Identify the Coinbase Wallet “You’ve Received Funds” Scam
Here are key red flags to help identify the “You’ve Received Funds” phishing attack:
Generic Greetings – Genuine Coinbase emails address you by name. Scam emails use generic greetings like “Dear user”.
Spoofed Senders – The sender address is not an official @coinbase.com account. Check the actual email address rather than just the displayed name.
Requests Recovery Phrase – Coinbase will NEVER ask you to enter personal wallet passwords/phrases outside of their official website under any circumstances.
Unexpected Funds – Look out for sudden notifications of surprise crypto deposits or airdrops. Verify all transactions in your official wallet before believing any emails.
HTML Attachments – Legitimate Coinbase withdrawals do not require opening HTML files. Be wary of any attachments asking you to input sensitive account info.
Urgent Call to Action – Language urging you to act fast on a withdrawal should raise suspicion. Scammers want to pressure victims into making mistakes quickly.
In general, critically examine any unsolicited emails around financial accounts or crypto wallets. Look past the surface details at the underlying patterns described above.
When in doubt, log into your real Coinbase account to verify transactions. Contact official Coinbase customer support for confirmation before clicking links in emails. Acting cautiously can protect you from cunning social engineering.
Key Tips to Avoid the Coinbase Wallet “You’ve Received Funds” Scam
Here are proactive measures to avoid falling victim to this phishing scam:
Enable two-factor authentication – Require 2FA codes in addition to passwords for all financial/crypto accounts. This prevents stolen login credentials from being sufficient to access accounts.
Use unique passwords – Have different complex passwords for each account, managed through a password manager. Prevents breaches from compromising multiple accounts.
Watch for email spoofing – Check sender addresses for any emails related to finances or crypto. Never trust display names alone. Report spoofed emails as phishing.
Avoid public Wi-Fi – When accessing sensitive accounts, stick to trusted networks only. Public connections can expose activity to snooping.
Install antivirus software – Use robust antivirus to block malicious attachments and payloads from phishing emails. This prevents malware infections or viruses.
Monitor accounts routinely – Frequently log into financial accounts to check for any unauthorized transactions. This allows you to catch fraud sooner.
Beware social engineering – Guard against phishing content designed specifically to manipulate emotions and psychology. Even savvy users can fall for skillfully crafted scams.
Report scams immediately – Alert Coinbase, your bank, and authorities to any phishing attempts. This gets attacks shut down quicker before claiming more victims.
With vigilance and healthy skepticism, you can avoid the vast majority of phishing scams. But no one is impervious to occasional slips in judgment. Implementing redundant safeguards limits the potential damage should an attack succeed.
Frequently Asked Questions
What is the Coinbase Wallet “You’ve Received Funds” scam?
This is a phishing scam where victims receive a fake email pretending to be from Coinbase. It states the recipient has received unexpected crypto funds in their Coinbase Wallet. It instructs them to open an HTML attachment and enter their Recovery Phrase to withdraw the funds. This gives the scammers access to steal all cryptocurrency from the compromised wallet.
How do I know if I received the phishing email?
Be suspicious of any emails about unexpected crypto deposits. Look for a spoofed sender address like “no-reply@coinbase.com”. The message will come with an HTML file attachment asking you to input your Recovery Phrase. Genuine Coinbase emails won’t request sensitive account info.
What happens if I entered my Recovery Phrase?
Contact Coinbase immediately and transfer any remaining funds to a brand new wallet. Reset your Recovery Phrase on Coinbase. Notify linked banks and cards about potential fraud. Monitor accounts closely for unauthorized access in the coming weeks.
How can I avoid this scam?
Use unique strong passwords, enable 2FA, monitor account activity routinely, and be wary of phishing attempts. Never enter your Recovery Phrase outside of the official Coinbase website.
What should I do if I receive the phishing email?
Do not open any attachments or click any links. Forward the email to phishing@coinbase.com. Delete the message and do not engage with the scammers. Check your official Coinbase account to confirm you did not actually receive any funds.
Can Coinbase recover stolen cryptocurrency?
Unfortunately, recovering stolen crypto is very difficult. Coinbase can try to lock accounts but cannot reverse unauthorized transactions. This is why it’s critical to avoid phishing attempts before they succeed.
How can I report this scam?
Forward phishing emails to Coinbase. You can also report the attack to the FTC and IC3 to help authorities track the scammers.
Are other cryptocurrency wallets targeted?
Yes, phishing scams impersonate many major crypto exchanges and wallets like Metamask, Trust Wallet, Crypto.com, and others. Always verify messages before taking any requested actions.
Is Your Device Infected? Check for Malware
If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes for Windows
You can download Malwarebytes by clicking the link below.
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
The Bottom Line: Guard Against Coinbase Wallet Scams
The Coinbase Wallet “You’ve Received Funds” phishing scam highlights why extreme caution is warranted when managing cryptocurrency. Master passwords like Recovery Phrases provide the keys to the kingdom for cyber thieves.
But armed with awareness of how these scams operate, you can stay several steps ahead. Verify transactions only on official websites, employ robust cybersecurity protections, and think twice before trusting unsolicited messages.
With crypto adoption surging, similar phishing tactics will only increase moving forward. Stay alert to the latest schemes targeting Coinbase users and cryptocurrency holders.
Avoid becoming the next victim by using strong defenses and always confirming unusual account activity through official channels. Do this and you can invest in emerging digital assets with greater confidence and security.
How to Stay Safe Online
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.
It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.
Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.
Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.
Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.
Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.
Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.
Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.
Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.
Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
Leave a Comment
Meet Stelian Pilici
Stelian leverages over a decade of cybersecurity expertise to lead malware analysis and removal, uncover scams, and educate people. His experience provides insightful analysis and valuable perspective.
