We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Coinbase Users Tricked Into Using Compromised Wallet

Coinbase Users Tricked Into Using Compromised Wallet
Author Image Anka Markovic Borak
Anka Markovic Borak First published on 19th March 2025 Writer and Quality Assessor

A new phishing campaign has been targeting Coinbase users, tricking them into setting up a new wallet with a pre-generated recovery phrase that’s controlled by the attackers. The scam email masquerades as an official communication from Coinbase, instructing users to switch to self-custodial wallets.

The phishing emails, which began circulating in mid-March, claimed that Coinbase users were required to move their assets to self-custodial wallets due to a recent legal decision. The message referenced a class action lawsuit and stated that customers would need to manage their own wallets going forward. The email also provided instructions to download the legitimate Coinbase Wallet app and set up a new wallet using a unique recovery phrase that was included in the message.

However, the recovery phrase was not randomly generated — it was pre-created and managed by the malicious actors. When users followed the provided instructions and established their new wallet, they unknowingly gave the attackers access to their cryptocurrency and NFTs stored in the wallet, which is why this scam differs from typical phishing attempts that try to steal users' recovery phrases.

One distinctive feature of this phishing attempt is the absence of malicious links. Many phishing campaigns rely on links that lead users to fake websites, but this attack used links pointing to the real Coinbase Wallet page.

Coinbase has acknowledged the scam, warning users not to trust any recovery phrase sent by someone else, as it’s likely a phishing attempt. The company emphasized that it will never send users recovery phrases via email or any other method of communication.

For those who may have fallen victim to the scam, it’s crucial to act quickly. If the funds are still in the compromised wallet, users must transfer them immediately to a secure wallet to avoid permanent loss.

This phishing attack highlights the increasing sophistication of cryptocurrency scams, a trend that has been mirrored by a significant rise in phishing incidents. Phishing attacks have surged significantly since 2019, with their numbers increasing by over 150% each year.

About the Author

Anka Markovic-Borak is a writer and quality assessor at vpnMentor, who leverages her expertise to write insightful articles on cybersecurity, driven by her passion for protecting online privacy. She also ensures articles written by others are reaching vpnMentor's high standards.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address