Coinbase phishing emails are among the most common and convincing crypto scams circulating today. With over 100 million verified users, Coinbase is a high-value target for scammers who craft fake emails designed to steal login credentials, two-factor authentication codes, and ultimately cryptocurrency holdings. The Anti-Phishing Working Group tracks thousands of new crypto-related phishing campaigns each quarter. Following the 2025 insider data breach that exposed customer information for nearly 70,000 accounts, these phishing attempts have become even more personalized and dangerous.

What the 2025 Data Breach Changed

In May 2025, Coinbase disclosed that overseas customer support agents had been bribed by cybercriminals to leak sensitive customer data. The breach exposed names, dates of birth, the last four digits of Social Security numbers, masked bank account numbers, addresses, phone numbers, email addresses, and in some cases government-issued ID images.

This breach was significant not because funds were directly stolen, but because it armed scammers with the personal details needed to craft highly convincing phishing emails. A phishing email that references your real name, partial account number, and address is far more persuasive than a generic "Dear Customer" message. You can check whether your email was exposed in this or other breaches at Have I Been Pwned.

Common Coinbase Phishing Email Templates

Scammers rotate through several proven templates, all designed to create urgency and bypass your critical thinking:

"Suspicious Activity Detected"

The most common template claims unauthorized access has been detected on your account. It urges you to "verify your identity" or "secure your account" by clicking a link that leads to a fake Coinbase login page. Once you enter your credentials, the scammers have immediate access to your real account.

"Your Account Has Been Locked"

This variation claims your account has been restricted due to a policy violation or security concern. It pressures you to click a "Restore Account" button, directing you to a phishing site that harvests your login details.

"Confirm Your Transaction"

You receive a notification about a large transaction you did not initiate, with a "Cancel Transaction" button. The urgency of wanting to stop an unauthorized payment drives victims to click without examining the email carefully.

"Security Update Required"

This template claims Coinbase has updated its security protocols and your account requires re-verification. It often requests document uploads or personal information that can be used for identity theft.

"Withdrawal to Unknown Address"

A particularly effective template notifies you that a withdrawal has been initiated to an unfamiliar wallet address. The "Cancel Withdrawal" link leads to a phishing page that captures your credentials and 2FA code in real time, allowing scammers to actually drain your account.

How to Identify a Fake Coinbase Email

Check the Sender Address

Every legitimate Coinbase email comes from an address ending in @coinbase.com. Scam emails use lookalike domains such as:

• @coinbase-support.com
• @coinbaseglobal.com
• @coinbase-security.net
• @cb-verify.com
• @coinbase.com.suspicious-domain.com

Pay close attention to the full domain after the @ symbol. Scammers often place "coinbase" somewhere in the address to make it appear legitimate at a glance.

Hover Over All Links

Before clicking anything, hover your cursor over links and buttons to preview the destination URL. Legitimate Coinbase links point to coinbase.com subdomains. If you see an unfamiliar domain, a misspelled URL, or a shortened link, do not click it.

Look for Urgency and Threats

Phishing emails rely on fear and time pressure. Phrases like "immediate action required," "your account will be permanently locked," or "you have 24 hours to respond" are designed to prevent you from thinking clearly.

Check for Attachments

Coinbase does not send email attachments. Any email with an attached file, regardless of the file type, is not from Coinbase.

Examine the Writing Quality

While AI-generated phishing emails have improved significantly, many still contain subtle grammar mistakes, inconsistent formatting, or awkward phrasing that would not appear in official corporate communications.

What to Do If You Receive a Suspicious Email

1. Do not click any links in the email
2. Do not download any attachments
3. Forward the email to security@coinbase.com
4. Delete the email from your inbox
5. Log into Coinbase directly by typing coinbase.com into your browser to check your account status

What to Do If You Already Clicked

If you entered information on a phishing site, act immediately:

1. Change your Coinbase password from the official website or app right now
2. Enable or reset 2FA using an authenticator app or hardware key (not SMS)
3. Lock your account using the in-app lock feature if available
4. Check for unauthorized transactions and contact Coinbase support if any are found
5. Enable withdrawal allow-listing so funds can only be sent to pre-approved wallet addresses
6. Check your email account for unauthorized access, since scammers may try to intercept password reset emails
7. Report the phishing site to security@coinbase.com with all details
8. File a report with the FTC and the FBI IC3 if you lost funds

How to Protect Your Coinbase Account

Use Hardware-Based 2FA

SMS-based two-factor authentication is vulnerable to SIM swapping attacks. Use a hardware security key (like YubiKey) or at minimum an authenticator app (like Google Authenticator or Authy) for your Coinbase account.

Enable Withdrawal Allow-Listing

This Coinbase feature restricts crypto withdrawals to wallet addresses you have explicitly approved. Even if an attacker gains access to your account, they cannot send funds to an unknown address. New addresses require a 48-hour waiting period before they become active.

Use a Unique Password

Your Coinbase password should not be used on any other service. Use a password manager to generate and store a strong, unique password.

Bookmark Coinbase.com

Rather than following email links, always access Coinbase through a saved bookmark or by typing the URL directly. This simple habit eliminates the risk of landing on a phishing page.

The Bigger Picture

Coinbase phishing emails are part of a broader ecosystem of crypto scams that target exchange users across every major platform. The Identity Theft Resource Center recommends monitoring your accounts closely after any data breach. The tactics described here also apply to fake emails impersonating Binance, Kraken, and other exchanges. Learning to spot scam websites and recognize phishing patterns protects you across all of your financial accounts, not just Coinbase.

Related Resources

Staying safe from Coinbase phishing emails comes down to a simple rule: never interact with emails that create urgency around your account. When in doubt, close the email, open Coinbase directly, and check your account status from there. That one habit defeats the vast majority of phishing attempts.