Crypto phishing scammers are apparently earning five-figure weekly incomes by impersonating Coinbase support and using leaked data to target high-ranking crypto executives and software engineers.
Nick Neuman, CEO and co-founder of Bitcoin self-custody solutions provider Casa, said he was recently called by a “Coinbase support” scammer and found out more than expected after he “decided to turn the tables on him and ask him about being a scammer.”
“We make a minimum of five figures a week. We hit $35K two days ago; we do it for a reason, there is money to be made in it,” responded the scammer when asked how much they made.
Neuman posted the conversation in a video on X on Nov. 20 in which the scammer orchestrated the attack by stating that a password change request had been canceled and a notification had been sent. The “notification” contained a malicious link, which prompted Neuman to ask the scammer what types of people fell for the phishing attacks.
“You would be surprised, its people like you, you’re a CEO at Casa […] we’re hitting CEOs, CFOs, software engineers,” he said before adding:
“We don’t call poor people, the data we have is from a database where the minimum you have to have is $50,000,”
The scammer added that “money or education isn’t a determining factor,” claiming that they get details of their high-roller targets from Bitcoin financial services company Unchained Capital.
“We have the Unchained database and we assume that if you’re into crypto you’ll have a Coinbase account, so that’s how we run it.”
The scammer said they use an “auto-doxxer” to get more details on their targets before making the phishing calls and can also spoof emails to make them appear as if they originated from Coinbase.
The end goal isn’t to get the victim’s password, but to eventually have them send funds to a wallet they control, the scammer said.
Related: Fake Coinbase website leads to $20M fraud, 5-year sentence
They have used Tornado Cash to launder stolen crypto since they’re not based in the United States, and sometimes they exchange it for privacy coin Monero.
“After you hold it in XMR for a couple of days, that bitch is gone, you’re not seeing the funds again.”
When asked about converting to fiat, he said they do not use any KYC exchanges and use hardware wallets, specifying Ledger — which has been at the epicenter of phishing attacks since its database was hacked in 2020 — before using intermediaries to cash out.
The scammer said accessing company databases was easy and crypto was like the “Wild Wild West.”
“If you lose $30-$40,000 in ETH or BTC who are you going to call? The crypto police?” they said, adding that they’re now trying to hit $100,000 per month from their scam.
More than $127 million was stolen in the third quarter by crypto phishing attacks, according to Web3 security firm Scam Sniffer.