Ed Suman, a former artist from Los Angeles, lost over $2 million in crypto assets due to a fraudulent scheme following a data breach at the cryptocurrency exchange Coinbase. This occurred after the perpetrators gained access to his personal information, convincing him to enter his seed phrase, which allowed them to steal his retirement savings.
This is reported by Business • Media
Fraud Through Data Breach
Suman, who began investing in cryptocurrencies in 2017, accumulated 17.5 BTC and 225 ETH, which was worth $2.4 million at the time of writing. However, due to a recent data leak involving Coinbase customers, which the company officially reported last week, Ed lost these savings.
According to information from Coinbase, hackers began accessing customers’ personal data as early as January. They bribed customer support employees in India to obtain data such as names, addresses, account balances, and transaction histories. The perpetrators used this information to conduct social engineering attacks, including on Suman.
Manipulations with Fraudulent Calls
On March 8, Suman received a text message allegedly sent by Coinbase regarding a suspicious login to his account. After responding to the message, he received a call from a fraudster posing as a security representative named Brett Miller. He convinced Suman that his assets were at risk and offered to “eliminate the threat,” prompting the artist to enter his seed phrase on a fake website.
Nine days later, the fraudsters contacted Suman again and repeated their manipulation, resulting in the disappearance of all his assets.
“The attack becomes much more effective when the perpetrator possesses personal information: balances, account history. If you have personal data, it’s a whole different level of fraud. They approach you with information that seems entirely legitimate,” said John Wingate, CEO of Bank Social.
Coinbase promised to reimburse customers who fell victim to the scam; however, Suman claims he has not received any confirmation that his case will be compensated. He emphasized that the company should have taken steps to raise awareness about fraud much earlier to prevent such incidents.
Representatives from Coinbase declined to comment on Suman’s statements, noting that less than 1% of its monthly active users were affected by the breach. Among other potential fraud victims is Roelof Botha, managing partner at venture firm Sequoia Capital, although there is currently no confirmation that his account was hacked.
It is worth noting that as a result of this data breach, two class-action lawsuits have already been filed against Coinbase in the Northern District of California and the Southern District of New York.