TL;DR
- Crypto users have reported a surge in fraudulent emails impersonating exchanges like Coinbase and Gemini, tricking users into creating new wallets using recovery phrases generated by scammers.
- The emails falsely claim that a lawsuit forces users to transfer funds to self-custody wallets before April 1, providing compromised recovery phrases.
- As phishing attacks in crypto increase, the community and companies like Coinbase are warning users about these scams and reinforcing security in Web3.
The crypto ecosystem is facing a new and growing threat: a surge of fraudulent emails attempting to deceive Coinbase and Gemini users with a fake transition to self-custody wallets. These messages falsely claim that, due to a supposed class-action lawsuit, exchanges will no longer be able to hold assets and that users must transfer their funds before April 1. However, this is a carefully crafted scam designed to steal funds from unsuspecting victims, exploiting their trust in well-known platforms.
The attackers use a clever and deceptive method: they send emails that appear official and include instructions for downloading legitimate wallets like Coinbase Wallet. The real danger lies in the fact that they also provide pre-generated recovery phrases. If users create a wallet with those phrases and transfer their assets, scammers can access the funds and drain accounts without a trace, leaving victims without recourse.
Coinbase and Gemini Issue Warnings
Coinbase has quickly responded to this fraud, reminding users that
“they will never be sent a recovery phrase”
and that
“you should never use phrases provided by third parties.”
Through its official account on X, the company has warned users about this attack and reinforced its security policies, urging them to remain vigilant against phishing attempts.
Gemini has also been targeted by these fraudulent emails. The tactic remains the same: emails claiming a court order requires users to move their funds. Although the SEC dropped its lawsuit against Gemini on February 26, scammers continue to exploit regulatory uncertainty to spread fear, deception, and misinformation, making it harder for users to distinguish between real and fake messages.
Crypto Phishing: A Growing Threat
These attacks are not isolated cases. According to CertiK’s annual security report, phishing scams in the Web3 ecosystem have resulted in over $1 billion in losses across 296 incidents in 2024 alone.
Additionally, several crypto project founders have reported more sophisticated attack attempts, where supposed investors offer Zoom meetings to discuss business opportunities. During the call, attackers send fraudulent links that install malware, attempting to steal sensitive data.
Despite these risks, decentralization and security remain strengths of the crypto ecosystem. Well-informed users who follow best practices—such as using secure wallets and verifying official sources—can protect themselves from these threats and continue benefiting from blockchain technology.
