A user identified simply as GR lost the 200 bitcoins (BTC) he was trying to buy through the cryptocurrency exchange Coinbase. It happened after he received an apparent notification that his account was blocked just at the moment he had completed the purchase of the cryptocurrencies.
The operation had taken 10 minutes to complete, just the right time that it took a hacker or group of them, to seize the $ 10 million in bitcoin that GR was trying to acquire last April, when the price of the cryptocurrency was around $ 50,000. So, desperate, when he received the notification that his account was blocked, he immediately contacted the telephone number that appeared in the notice, without knowing that he had signed his own sentence .
It turned out that the notification allegedly sent by Coinbase was false, and when the user contacted the phone number listed on it, they unknowingly fell into the hands of scammers. It was then that they obtained all the information they needed to access their account and seize the newly purchased BTC.
During the phone call, the victim believed that he was talking to Coinbase customer service and for he agreed to make changes to his account. With this would have granted permission to the attacker (or attackers) to change the limit of daily transactions and the alert configuration to later drain the funds.
A United States federal judge approved a court order to help recover stolen bitcoin funds, according to a complaint filed by the United States Attorney’s Office, seen by Business Insider.
A portion of the stolen funds, equivalent to USD 600,000 apparently were deposited by the scammer (s) into a Huobi exchange account . For that reason, the federal judge would have approved an order to freeze this account until the confiscation procedures are completed, as described in the publication of the aforementioned media.
“No one has been arrested or charged, but our investigation is ongoing, “says the law firm hired by the victim.
Beware of hackers who are thirsty for bitcoin
Early last month, CryptoNews reported that hackers stole cryptocurrencies from at least 6,000 Coinbase customers . This happened by exploiting a flaw in the multi-factor authentication system, which would have allowed scammers to infiltrate users’ accounts and steal cryptocurrencies.
It happened through a sophisticated massive social engineering attack targeting users of the exchange between March and May this year, as revealed in a default notification letter sent by Coinbase to its affected customers. Until now it is unknown if the user G. R is one of these victims .
In a post on its official blog, the company warns that identity theft attacks have increased among its customers, achieving “a greater degree of success in bypassing the spam filters of certain older email services,” he says.
In Coinbase’s guide on account protection, it is recommended to enable multi-factor authentication (MFA) using security keys, time-based unique passwords (TOTP) with an authentication app, or As a last resort, SMS text messages.