Summary: A deceptive phishing campaign targeting Coinbase users tricks recipients into creating a new wallet by providing a recovery phrase controlled by attackers. The emails falsely present a mandatory wallet migration and bypass email security checks, making them seem legitimate. Coinbase warns users to be vigilant and never use recovery phrases provided by emails.
Affected: Coinbase users
Keypoints :
- The phishing emails claim a mandatory transition to self-custodial wallets, referencing a court ruling.
- Despite appearing legitimate, the emails originate from an IP address linked to Akamai, and the attackers control the provided recovery phrases.
- Coinbase is actively warning users about the scam, stating they will never send or request recovery phrases.