ADVERTISEMENT

This couple lost £15,000 to scammers. We followed the money – and found millions in stolen crypto

Coinbase phishing scam
Edvardas Mikalauskas
Edvardas Mikalauskas Senior Researcher
Jul 12, 2021 Updated: 24 February 2023 11 min read

Falling for the scam

The email

coinbase
“Being caught at work and in a hurry, he thought nothing of it and simply clicked the button."
Loreta told CyberNews.

The call

“So, Mindaugas gave them his authentication code, which was his biggest mistake.”
coinbase-android

The heist

All in all, the scammers stole more than 11 ETH and 1,500 XRP from Mindaugas.
coinbase-xrp
To his shock, what he saw was an empty account balance.

The double dip

“So, we told him what happened. We were even pleasantly surprised by the swift response from Coinbase. I remember Mindaugas telling me that they must have noticed the hack on their end.”
says Loreta.

The aftermath

“The strangest thing is that the scammers’ calls were not logged anywhere. We couldn’t find them on the phone, and there was no trace of them on my husband’s mobile carrier account."
Loreta told CyberNews.

Following the money

ADVERTISEMENT

Where the stolen millions roam

stolen-crypto-laundering
crypto-wallets
stolen-crypto

A criminal gamble

stolen-crypto2

Keeping stolen money in broad daylight

stolen-crypto3
crypto-comment
crypto-comment2

Final destinations

crypto-exchange

How to protect yourself against phishing scams

  • Always preview the URLs before clicking on any links or buttons. If you spot anything out of the ordinary, such as a typo or a different domain name, immediately delete the message or mark it as spam.
  • Beware of any messages sent to your inbox, even those coming from your contacts. Phishers will usually use a social engineering technique to lure you into clicking malicious links or downloading infected files.
  • Embedded links are a major red flag in general. A crypto exchange or a financial institution will never ask you to click an email link to access your account. If you’re not certain, make sure to check by calling the company directly.
  • Use multi-factor authentication (MFA) where possible. Most importantly, make sure to never share your MFA authentication code with anyone.
  • Use unique and complex passwords for all of your online accounts. Password managers can help you easily generate strong passwords and will notify you if you reuse an old password.

More from CyberNews:

ADVERTISEMENT