Crypto users have reported a rise in scam emails made to look like they’re from crypto exchanges Coinbase and Gemini that attempt to get users to set up a new wallet with pre-generated recovery phrases controlled by scammers.

In several examples posted to X, the email claims to be from Coinbase, asking users to transition to self-custodial wallets and providing instructions on downloading the legitimate Coinbase Wallet, giving a deadline of April 1 to make the switch.

Source: Steve Kaczynski

However, it also provides pre-generated recovery phrases. Once users open a new wallet with those phrases and transfer funds, all the assets will be available to the threat actor, who could drain the wallet.

The email mentions a class-action lawsuit against Coinbase alleging it has sold unregistered securities, which has resulted in a court mandating users manage their own wallets.

“Coinbase will operate as a registered broker, allowing purchases, but all assets must move to Coinbase Wallet,” the phony email says.

The US Securities and Exchange Commission dismissed its lawsuit alleging Coinbase was an unregistered broker and selling unregistered securities on Feb. 27.

Coinbase told Cointelegraph it is aware of the scam and pointed to its March 14 post to X, saying, “We will never send you a recovery phrase, and you should never enter a recovery phrase given to you by someone else.” 

Source: Coinbase Support 

Crypto exchange Gemini has also been spoofed with the same recovery phrase email scam, using the same tactics and claiming users need to set up a new wallet because of a recent court decision.

Gemini was being sued by the SEC for allegedly offering unregistered securities through its earn program. The regulator opted to end the legal action on Feb. 26.

Source: Sukesh Tedla

Gemini didn’t immediately respond to Cointelegraph’s request for comment. 

Blockchain security firm CertiK’s annual Web3 security report flagged crypto phishing attacks, which cost users $1 billion across 296 incidents, as the most significant security threat for 2024.

Related: California financial regulator warns of 7 new types of crypto, AI scams

The email scams come as at least three crypto founders have reported foiling an attempt from alleged North Korean hackers to steal sensitive data through fake Zoom calls.

Scammers have been targeting crypto founders by offering a meeting to discuss a partnership opportunity, but once the call starts, they send a message feigning audio issues and a link to a new call that installs malware. 

Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis