Will Coinbase ever email me a recovery phrase?

No. Coinbase will never send you a recovery phrase, seed phrase, or private key by email, text, or phone. If you receive a message containing a recovery phrase that claims to be from Coinbase, it is a scam. The attacker wants you to set up a wallet using their phrase so they can steal any funds you deposit.

How do I report a fake Coinbase email?

Forward the email to security@coinbase.com without clicking any links. You can also report it to the Anti-Phishing Working Group at reportphishing@apwg.org and to the FTC at reportfraud.ftc.gov. If you have already interacted with the email, change your Coinbase password immediately and enable two-factor authentication.

Was there a real Coinbase data breach that led to these emails?

Yes. In May 2025, Coinbase confirmed that rogue overseas support agents were bribed to steal customer data affecting nearly 70,000 users. The stolen information included names, emails, phone numbers, and in some cases government ID images. This data is now being used to craft highly targeted phishing emails.

Coinbase Scam Emails in 2026 — How to Spot the Latest Phishing Campaigns

Coinbase users are facing an unprecedented wave of phishing emails in 2026. Unlike the generic "verify your account" messages of years past, these campaigns are sophisticated, personalized, and in some cases contain no malicious links at all — making them harder to detect with traditional email security tools.

This article breaks down the most active Coinbase phishing campaigns circulating right now, explains how they work, and tells you exactly what to do if you receive one.

Phishing email scam inbox warning — Coinbase phishing emails have surged in 2026, with new templates that bypass traditional spam filters.

The Fake Wallet Migration Scam

The most dangerous Coinbase phishing campaign in 2026 uses a subject line like "Migrate to Coinbase Wallet" or "Action Required: Mandatory Wallet Transition." The email claims that a court order, stemming from a class action lawsuit, has forced Coinbase to transition all users from custodial accounts to self-custodial wallets.

What makes this scam exceptionally clever is that the email contains a recovery phrase and instructs you to set up a new Coinbase Wallet using it. Every link in the email points to the legitimate Coinbase Wallet page. There are no phishing links to flag.

The trap is the recovery phrase itself. Because the attacker generated it, they already have access to any wallet created with it. The moment you transfer funds into that wallet, the attacker drains it.

⚠Coinbase Will Never Send You a Recovery Phrase

If any email, text, or phone call provides you with a recovery phrase or seed phrase and claims to be from Coinbase, it is a scam. Legitimate recovery phrases are generated on your own device during wallet setup. Never use a phrase that someone else gave you.

Personalized Phishing Using Stolen Data

The 2025 Coinbase data breach compromised the personal information of nearly 70,000 customers after rogue support agents were bribed to exfiltrate data. The stolen records included names, email addresses, phone numbers, and in some cases images of government-issued IDs.

That data is now fueling a new generation of phishing emails that address victims by full name, reference their account type, and include partial personal details to build credibility. The Anti-Phishing Working Group (APWG) observed a record number of phishing campaigns targeting crypto exchanges in their latest report. Some emails even reference recent Coinbase transactions — information likely scraped from blockchain explorers after correlating wallet addresses with known customer identities.

These are not mass-blasted messages. They are targeted, and they work.

The Fake Security Alert Call

A related campaign combines email with phone-based social engineering. Victims receive an email warning about "suspicious activity" on their account, followed by a phone call from someone claiming to be from Coinbase's security team. In a widely reported January 2026 incident, the caller identified himself as "Brian Miller from Coinbase's security office" and had enough personal details to sound legitimate.

The caller's goal is to get the victim to "verify" their identity by sharing a two-factor authentication code or approving a login request on their device. Once the attacker has that, they take over the account.

⚠Coinbase Will Never Call You Asking for 2FA Codes

If someone calls you claiming to be from Coinbase and asks for a verification code, authentication approval, or remote access to your device, hang up immediately. Contact Coinbase directly through the app or by navigating to coinbase.com yourself.

How to Identify a Fake Coinbase Email

Even the most sophisticated phishing emails leave traces. Here is what to check:

Check the sender address carefully. Legitimate Coinbase emails come from domains ending in @coinbase.com. Scammers use lookalikes like @coinbase-security.com, @cb-support.net, or @coinbase.mail-verify.com. Inspect the full "From" header, not just the display name.

Look for urgency and threats. Phrases like "your account will be suspended in 24 hours" or "mandatory migration deadline" are pressure tactics. Coinbase does not impose sudden deadlines via email for account-critical actions.

Never use a recovery phrase from an email. This cannot be overstated. No legitimate service will ever email you a seed phrase. If you see 12 or 24 words in an email, it is a scam.

Verify independently. If an email claims you need to take action on your account, do not click any links. Open the Coinbase app or type coinbase.com directly into your browser and check for notifications there.

What to Do If You Have Been Targeted

If you received a suspicious email but did not interact with it, forward it to security@coinbase.com and delete it.

If you clicked a link or entered credentials, take these steps immediately:

Change your Coinbase password from a device you trust.
Revoke all active sessions in your Coinbase security settings.
Enable or reset two-factor authentication using an authenticator app (not SMS).
Check your account for unauthorized transactions.
Report the incident to the FBI's IC3 and the FTC.

If you set up a wallet using a recovery phrase from one of these emails and transferred funds into it, those funds are likely already gone. Report the wallet addresses involved to Coinbase and to law enforcement. For detailed reporting steps, see our guide to reporting phishing emails. The Identity Theft Resource Center offers free assistance if your personal information was compromised.

🔍

Think a website might be a scam?

Check any URL instantly with our free scam detection tools.

Check Now

The Bigger Picture

The Coinbase phishing wave of 2026 is a case study in how data breaches create long-tail fraud. The 2025 breach gave attackers the raw material — names, emails, ID images — to build phishing campaigns that feel personal and credible. The CFPB has highlighted how data breaches amplify downstream fraud risk. We expect these campaigns to continue evolving throughout the year.

Bookmark this page. We update it as new Coinbase phishing templates are identified and added to our database.

Lists

Bitcoin Scammer List

Search our database of known crypto scam sites for domains linked to Coinbase phishing campaigns.

Tools

Phishing URL Checker

Paste any suspicious link from an email to check it against our phishing intelligence database.

Guides

How to Report a Phishing Email

Step-by-step instructions for reporting phishing to Coinbase, the FTC, and law enforcement.

Guides

How to Protect Yourself from Phishing

Practical measures to harden your email, accounts, and devices against phishing attacks.

Platform Guides

Coinbase Scam Emails — Full Guide

Comprehensive overview of all known Coinbase email scam patterns and how to handle them.

Blog

AI-Generated Scams in 2026

How AI is powering the next generation of phishing, deepfakes, and social engineering.