2 hours ago
806
Scammers posing as members of CoinMarketCap support are targeting crypto investors in an attempt to steal sensitive information, according to a warning issued by the digital asset data provider.
CoinMarketCap, which was acquired by Binance in 2021 but operates independently, said fraudsters have been reaching out to users pretending to represent its customer support team. The impostors are trying to trick victims into revealing their private keys or seed phrases “for help,” which could provide full access to crypto wallets.
“BEWARE of scammers trying to impersonate CoinMarketCap members. CMC does NOT have a phone number and we will NEVER call you,” the company wrote in an alert on X Tuesday. It also asked users to verify any suspicious communication through its official support portal at coinmarketcap.com/request before taking any action.
Social engineering scams spread to CMC
CoinMarketCap’s latest warning adds to the number of reported social engineering scam cases, a tactic attackers use to manipulate people into disclosing confidential information through psychological manipulation, deception, and building trust.
Criminals pose as exchange representatives or law enforcement officers to pressure or persuade victims into sharing their recovery phrases or signing fraudulent transactions.
As reported by Cryptopolitan, in August, North Wales Police opened an investigation into a theft of roughly $2.8 million worth of Bitcoin after a victim was tricked by a senior UK police officer impersonator. The suspect convinced the victim that their identification documents were found on an arrested person’s phone and instructed them to “secure” their funds through a phishing link.
The victim entered their 12-word wallet seed phrase on a sophisticated spoof website, unknowingly giving the scammer full access to their digital assets. The alleged criminal reportedly stole and laundered the funds.
In the same month, another victim lost 783 Bitcoins after criminals approached them posing as both exchange and hardware wallet support teams. Blockchain data reviewed by investigators showed the stolen funds were laundered through crypto tumbler Wasabi Wallet.
Data leaks started impersonation tactics, ZachXBT
According to blockchain security sleuth ZachXBT, these kinds of scams became sophisticated due to the abundance of personal information leaked online by “big firms.” ZachXBT said attackers can now convincingly imitate customer service personnel since they have real names, email templates, and case numbers of victims’ legitimate accounts.
“Large-scale breaches have exposed massive amounts of personal data, making it easier for threat actors to impersonate trusted institutions,” he wrote. “They simply use these leaks to build trust before carrying out the scam.”
A H1 2025 report from TRM Labs found a record $2.1 billion had been stolen through hacks and exploits, with more than 80% of those losses originating from compromised private keys or seed phrases.
The organization reiterated that most of these breaches originated from social engineering tactics or insider threats, where attackers could smoothly bypass even strong technical defenses once they have human cooperation.
TRM also reported that the average hack size doubled from 2024, reaching $30 million. The Bybit incident in February, which the firm attributed to North Korean state-sponsored actors, accounted for nearly 70% of total losses.
Coinbase’s social engineering scam led to $400 million worth of losses
Impersonation scams also reached the US’s largest exchange, Coinbase, earlier this year. On May 15, Coinbase confirmed that criminals had stolen personal data from tens of thousands of customers, although it insisted that hackers did not gain access to the exchange’s crypto vaults.
The leaked customer information allowed fraudsters to impersonate Coinbase support staff and contact users directly. Many victims were persuaded to transfer their funds to what they believed were “safe” wallets controlled by the attackers.
ZachXBT estimated that Coinbase users collectively lost over $65 million between December 2024 and January 2025 through social engineering schemes. He further insisted the figure is conservative since many incidents were not reported to Coinbase or law enforcement.
because there’s so many breaches that make your personal information widely available online so threat actors can exploit it
— ZachXBT (@zachxbt) August 21, 2025
In one example, he spoke about on his investigations channel, a scammer used leaked customer information to claim a victim’s account had unauthorized login attempts. The perpetrator followed up his scam call with a forged email disguised as an official Coinbase message, complete with a fake case number.
The email “instructed” the victim to move their funds to a “Coinbase Wallet” address, which in reality was controlled by the thieves.
Join Bybit now and claim a $50 bonus in minutes
English (US)