Coinbase phishing email warning
Emails impersonating Coinbase are sneaky attempts to steal customer login details.
Coinbase is a cryptocurrency exchange company. It is a platform for buying, selling, transferring and storing crypto, a digital currency.
Scammers are always seeking new tactics to steal data and cash through phishing emails. Action Fraud reported that since 2020, more than 41 million phishing attempts had been reported to the Suspicious Email Reporting Service.
Which? found four different versions of scam emails claiming to be from Coinbase in order to steal your login details to the platform.
Read on to find out how these Coinbase email scams work.
Sign up for scam alerts
Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.
Sign up for scam alerts
Coinbase scam emails
Which? discovered four dodgy emails which either claim you need to complete the updated 'know your customer (KYC) registration,' that your 'identity verification is incomplete' or that the identity documents you’ve provided, such as your ID and proof of address, don’t match the account you selected on Coinbase.
One of the emails said that to restore access to your account, you need to follow the link included in the email and upload an identity document, such as your passport, driver’s licence or utility bill.
All of the emails included a link to dodgy websites which ask for your Coinbase login details.
Which? analysed the link included in one of the scam emails. We found that the link includes redirects to a page that looks like Coinbase’s login – however, it's actually asking you to allow a third-party app to access your Coinbase account without needing your password. By entering your Coinbase email address, the fraudster behind the scam will gain access to your account.
If you've fallen for this scam, change your Coinbase password immediately.
Coinbase told us: ‘As the most trusted crypto exchange, Coinbase is deeply committed to our customers’ safety. Coinbase's dedicated security team works around the clock to monitor and mitigate threats, ensuring the highest level of protection for our customers.
'Additionally, we proactively alert users about potential phishing campaigns and collaborate with cybersecurity organisations to enhance our defences.
'Even though we work tirelessly to protect our customers, scammers use many tactics to socially engineer crypto users into giving up their personal information.
'It is crucial that users know that Coinbase will never contact you asking for your seed phrases, passwords, 2-step verification codes, remote access to your device or ask to transfer your funds into a new wallet for security reasons.’
Spotting and reporting scam emails
One giveaway that these emails were sent by fraudsters is that they were sent from random email addresses that aren't associated with Coinbase.
Coinbase said that official email addresses end in @mail.coinbase.com, @coinbase.com, @updates.coinbase.com and @info.coinbase.com.
Another sign is that the links in the emails to the ‘privacy policy’, ‘terms of service’, and ‘support centre’ don’t work.
If you receive a suspicious email that you’re unsure of, take these steps:
- Check the sender's email address to see who it's really from.
- Analyse the branding, and look for poor spelling and grammar.
- Hover over the link in the email body and the links at the bottom to see where they lead.
- See if the email asks for personal information or bank details or tries to rush you into making a decision.
- If you have an account with the company the email claims to be sent from, log in to your account with that company to see if the details in the message are genuine.
Scam emails can be reported by forwarding them to report@phishing.gov.uk.
If you've fallen victim to a text scam, you can report it to Action Fraud or the police if you live in Scotland.
This article was first published on 31 July 2025 and updated on 4 August 2025 with new scam examples.
