Case Overview: Coinbase Account Compromise Phishing Scam

Initial Contact

The victim received a fraudulent SMS message claiming their Coinbase account had been compromised. The message was crafted to create urgency and fear—two psychological triggers commonly used in social engineering attacks.Shortly after, the victim received a follow-up email that:

Perfectly mirrored Coinbase branding

Appeared to originate from a legitimate Coinbase domain

Included professional formatting and language consistent with official communications

Escalation of Trust

The fraudsters instructed the victim to:

Create a “new secure Coinbase account”

Transfer their cryptocurrency to the new account

Provide their seed phrase (wallet recovery phrase)

This is a critical turning point in cryptocurrency fraud cases—once a seed phrase is disclosed, full control of the wallet is compromised.

The Fraud Execution: Step-by-Step Breakdown

1. Social Engineering & Impersonation

The fraudster leveraged:

SMS phishing (“smishing”)

Email spoofing with domain mimicry

Urgent language suggesting account compromise

This combination created a high-confidence deception environment, leading the victim to believe they were interacting with legitimate Coinbase support.

2. Credential Harvesting (Seed Phrase Theft)

The victim was instructed to provide their seed phrase under the pretense of securing their funds.Important Note:No legitimate cryptocurrency exchange, including Coinbase, will ever request a user’s seed phrase.Once provided, the fraudster gained:

Full control over the victim’s wallet

Ability to transfer assets instantly and irreversibly

3. False Account Interface (Psychological Reinforcement)

The fraudsters provided access to a “new account interface,” where the victim could temporarily see their cryptocurrency holdings.This tactic:

Reinforced trust

Delayed suspicion

Allowed time for the fraudsters to execute transfers

4. Rapid Asset Removal

Within minutes:

Funds were transferred out of the wallet

Access to the account was revoked

The victim’s cryptocurrency was fully compromised

This rapid execution is consistent with organized cryptocurrency fraud operations.

Garrett Investigations: Cryptocurrency Forensic Response

At Garrett Investigations LLC, our response began immediately upon receiving the client’s intake.

Phase 1: Communication Intelligence & Digital Evidence Preservation

We collected and analyzed:

SMS messages

Email communications

Email headers and routing data

Screenshots of the fraudulent interface

Key Findings:

Evidence of domain spoofing and email infrastructure abuse

Indicators of coordinated phishing activity

Consistent language patterns used across multiple victims

This phase is critical for:

Establishing intent and deception

Supporting fraud charges and litigation

Preserving admissible digital evidence

Phase 2: Blockchain Analysis & Cryptocurrency Tracing

Wallet Identification

Our team identified:

The victim’s originating wallet address

Associated transaction IDs (TXIDs)

Exact timestamps and asset values

Centralized exchanges (CEX) for subpoenas

Schedule a Free Consultation