A group of scammers have reportedly hacked an outgoing email of Coinbase, one of the world’s leading Bitcoin wallet.
As per noted by a random Bitcoin user fluffypony, the scammers are using the Coinbase email — firstname.lastname@example.org — to launch a new fake product which they call ‘Coinbase Invest Fund’. A copy of this spam mail has been published on Reddit as well, the contents of which directly points to a Ponzi Scheme getting distributed by risking the credibility of Coinbase.
At first, the so-called Coinbase Investment Fund Team happily propagates a new scheme that guarantees a maximum of 150% return from a short-term investment program, while also ensuring a minimum profit of 50% within the 10 days of investment. “You can deposit today from $100,” the email says. “Maximum deposit amount per one person or legal entity is 60 Bitcoins. That’s an astonishing opportunity to earn up to $8,500 per 10 days.”
The team meanwhile also leaves a Bitcoin address to receive the amounts, untraceable indeed.
The available information indicates the email to be associated with sendgrid.net, an email delivery and transactional email service used by Coinbase. Also, the scammers have reportedly targeted the users of localbitcoins, a Bitcoin trading platform, for many of them have claimed to receive the tainted email on addresses that are not registered with Coinbase at first place.
At it appears to us, this is clearly a case of email phishing where a hacker has the ability to have his email imitate domains that users trust. However, the well-established security practices by many leading email hosting services diverts such email to the users’ spam folders.
Coinbase however has remained a favorite phishing target for Bitcoin hackers around the globe. In November last year, the company’s 2000 accounts were phished by using Blockchain.info public notes. Three months later, the Bitcoin firm once again got tricked by spammers when some of its users became the victim of a wallet attack after signing permissions to withdraw money from fake third party apps.