Crypto users have reported a rise in scam emails made to look like they’re from crypto exchanges Coinbase and Gemini that attempt to get users to set up a new wallet with pre-generated recovery phrases controlled by scammers.

In several examples posted to X, the email claims to be from Coinbase, asking users to transition to self-custodial wallets and providing instructions on downloading the legitimate Coinbase Wallet, giving a deadline of April 1 to make the switch.

Source: Steve Kaczynski

However, it also provides pre-generated recovery phrases. Once users open a new wallet with those phrases and transfer funds, all the assets will be available to the threat actor, who could drain the wallet.

The email mentions a class-action lawsuit against Coinbase alleging it has sold unregistered securities, which has resulted in a court mandating users manage their own wallets.

“Coinbase will operate as a registered broker, allowing purchases, but all assets must move to Coinbase Wallet,” the phony email says.

The US Securities and Exchange Commission dismissed its lawsuit alleging Coinbase was an unregistered broker and selling unregistered securities on Feb. 27.

Coinbase told Cointelegraph it is aware of the scam and pointed to its March 14 post to X, saying, “We will never send you a recovery phrase, and you should never enter a recovery phrase given to you by someone else.” 

Source: Coinbase Support 

Crypto exchange Gemini has also been spoofed with the same recovery phrase email scam, using the same tactics and claiming users need to set up a new wallet because of a recent court decision.

Gemini was being sued by the SEC for allegedly offering unregistered securities through its earn program. The regulator opted to end the legal action on Feb. 26.

Source: Sukesh Tedla

Gemini didn’t immediately respond to Cointelegraph’s request for comment. 

Blockchain security firm CertiK’s annual Web3 security report flagged crypto phishing attacks, which cost users $1 billion across 296 incidents, as the most significant security threat for 2024.

Related: California financial regulator warns of 7 new types of crypto, AI scams

The email scams come as at least three crypto founders have reported foiling an attempt from alleged North Korean hackers to steal sensitive data through fake Zoom calls.

Scammers have been targeting crypto founders by offering a meeting to discuss a partnership opportunity, but once the call starts, they send a message feigning audio issues and a link to a new call that installs malware. 

Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis

Crypto platform Debiex has been ordered to pay around $2.5 million after it failed to respond to a US Commodity Futures Trading Commission suit accusing it of being a romance scam ring.

Arizona federal court Judge Douglas Rayes on March 13 granted the CFTC’s earlier motion for summary judgment in its case and ordered Debiex to pay back around $2.26 million it stole from its customers, along with a civil penalty of nearly $221,500.

Judge Rayes said there was no evidence that Debiex’s failure to respond to the CFTC was the result of “excusable neglect.”

The CFTC sued Debiex in January 2024, saying its staff ran a so-called “pig butchering” scam, where they initiated romantic relationships with customers over social media to gain trust to convince them to invest in the platform.

The scheme hooked five victims who deposited around $2.3 million in total onto Debiex, which the purported trading platform stole, the CFTC said.

A highlighted excerpt of Judge Rayes’ order summarizing the CFTC’s case against Debiex, Source: CourtListener

The CFTC also accused Zhāng Chéng Yáng of being a “money mule” for Debiex, whose crypto wallets were used to accept and steal victims’ funds.

Judge Rayes granted a CFTC motion for default judgment against Zhāng on March 12, finding it adequately alleged he controls a crypto wallet with OKX “that received digital assets to which he had no legitimate claim.”

He said OKX was “voluntarily preserving” the crypto in Zhāng’s account and ordered its contents, consisting of $5.70 worth of Tether (USDT) and nearly 63 Ether (ETH) worth around $119,500, to be transferred to an unnamed victim.

The CFTC said in its January 2024 complaint that Debiex’s scheme saw its unknown managers target potential victims through social media to lure them to websites it had created marketing itself as a “Blockchain Network Decentralized perpetual contract trading platform” where users can conduct futures trading and “Mining transactions.”

Related: Four suspects charged in home invasion of streamer Amouranth 

Debiex’s staff would present as females and built a rapport with victims through “continuous and repeated messaging and sharing purported pictures of themselves” while claiming to be “highly successful digital asset commodities traders,” the CFTC said.

Once an account was created and the customers sent over their crypto, the CFTC said Debiex would share “fictitious information” about customer balances, trading positions and profits.

“All of this information was most likely false,” the CFTC said. “The evidence shows that the Customers’ digital assets were simply sent to numerous digital asset wallets in an attempt to obfuscate their destination.”

Magazine: SEC’s U-turn on crypto leaves key questions unanswered 

A UK man’s bid to obtain a permit to search a landfill for his hard drive — holding private keys to 8,000 Bitcoin — has been rejected by the UK Court of Appeals.

“Appeal request to the Royal Court of Appeal: refused,” Howells said in a March 14 X post.

“The Great British Injustice System strikes again… The state always protects the state,” the early Bitcoin adopter added before revealing his “next stop” would be the European Convention on Human Rights (ECHR).

UK Royal Court of Appeal Judge Christopher Nugee knocked back Howells’ application, stating that there was no “real prospect of success” and there was “no other compelling reason” as to why it should be heard, according to a March 13 filing shared with Cointelegraph.

Source: James Howells

Nugee’s decision follows an earlier dismissal on Jan. 9 from High Court Judge Andrew Keyser, who similarly said there was “no realistic prospect” of Howells’ case succeeding at a full trial.

In a note to Cointelegraph, Howell said his “last legal option” to exhaust is at the ECHR — where he will claim that the UK High Court and UK Court of Appeal breached his right to property and right to a fair trial under Article 1 of Protocol 1 and Article 6 of the ECHR.

“The British establishment want to sweep this under the carpet, and i will not let them. It will not go away — no matter how long it takes!”

The ECHR cannot overrule a UK court decision — however, a verdict in Howells’ favor would call on the UK courts to consider whether its legislation was interpreted in a way that is compatible with the ECHR’s provisions.

In a separate statement shared with Cointelegraph, Howells said he would file a claim to the ECHR in the “coming weeks.”

The court filings follow repeated rejections from the Newport City Council allowing Howells to search through the Docksway landfill — where Howells’ former partner disposed of a bag containing the hard drive at the site in 2013.

Related: Burning quantum-vulnerable BTC is the best option — Jameson Lopp

Howells’ 8,000 Bitcoin (BTC) is worth around $660 million at current prices. While few predicted Bitcoin would reach such heights back then, Howells’ incident illustrates the importance of properly securing self-custodied crypto funds.

Howells also appears to be running out of time, as the Docksway landfill is reportedly set to shut down sometime during the UK’s 2025-2026 financial year, BBC News reported on Feb. 9.

Magazine: Bitcoin vs. the quantum computer threat: Timeline and solutions (2025–2035)