I Got the ‘Coinbase’ Warning Text: Here’s Exactly What Happens If You Call

Key Takeaways: Coinbase Text Scam 💡

🔑 1. Can you get scammed even without a Coinbase account? Yes. Scammers blast thousands of numbers simultaneously. You don’t need an account to be targeted or tricked into calling a fake support line.

🔑 2. Is my stolen crypto recoverable? Almost never. Blockchain transactions are irreversible, and Coinbase’s insurance explicitly excludes phishing losses from coverage.

🔑 3. Did Coinbase actually get hacked? Yes. Bribed overseas contractors stole data from approximately 69,461 accounts. Coinbase estimates the damage at $180 to $400 million.

🔑 4. What’s the single best defense? Switch from text-based two-factor authentication to a hardware security key or authenticator app immediately. Text-based verification is the weakest link.

🔑 5. Will Coinbase ever text me a login link? Never. Any text containing a link claiming to be from Coinbase is fraudulent, no exceptions.

🔑 6. What’s a SIM swap attack? Criminals convince your phone carrier to transfer your number to their device, intercepting all your verification codes in real time.

🔑 7. Where do I report a scam text? Forward it to 7726 (the universal carrier spam code), email a screenshot to [email protected], and file reports with both the FTC and the FBI’s IC3.

🔑 8. How do scammers make their texts look legitimate? They spoof official-looking sender numbers, use international domain name tricks to mimic the Coinbase URL, and reference real account details stolen from data breaches.

🔑 9. Are older adults at higher risk? Dramatically so. The FTC found that adults 60 and over reported losing $2.4 billion to fraud in 2024, with cryptocurrency transfers being a major payment method.

🔑 10. What’s the most dangerous thing I can do after receiving a scam text? Call the phone number in the message. That connects you directly to a scammer posing as Coinbase support, and the social engineering begins immediately.

📱 1. The May 2025 Coinbase Breach Created a Scammer’s Dream Database, and Your Data Might Be In It

I need you to understand something critical that fundamentally changes how dangerous these text scams have become. This isn’t just about random phishing anymore. There’s a specific, verified data breach fueling the current wave.

According to court documents, an employee named Ashita Mishra at Coinbase’s outsourced support center run by TaskUs in Indore, India, began stealing sensitive customer data in September 2024, photographing up to 200 customer records per day. She allegedly sold those images to hackers for $200 per photograph. The stolen records included names, email addresses, phone numbers, home addresses, bank account identifiers, government identification images, transaction histories, and account balances.

When the attackers demanded a $20 million ransom, Coinbase refused to pay and instead established a $20 million reward fund for information leading to the arrest and conviction of those responsible.

But here’s what concerns me most as an investigator: the breach actually occurred on December 26, 2024, but wasn’t detected until May 11, 2025, nearly six months later. That’s six months where your stolen data was circulating among criminal networks before anyone even knew it was gone.

📊 What Was Stolen	🔒 What Was Not Stolen	⚠️ Why It Still Matters
Names, dates of birth, home addresses	Passwords and login credentials	Scammers use personal details to impersonate Coinbase support convincingly 🎭
Last 4 digits of Social Security numbers	Private keys and seed phrases	Partial SSN data is enough for identity theft and account verification bypass 🆔
Masked bank account numbers and identifiers	Coinbase Prime account data	Bank details enable follow-up financial fraud beyond crypto theft 🏦
Government ID images (driver’s license, passport)	Two-factor authentication codes	Fake ID documents can be created from these images for further fraud 📋
Transaction history and account balances	Direct access to wallets or funds	Knowing your balance lets scammers craft perfectly tailored urgency messages 💰

💡 Pro Tip: If you received an email from Coinbase on May 15, 2025 at 7:20 a.m. Eastern, your data was confirmed compromised. But even if you didn’t receive that notification, the breach only covered accounts the specific contractors accessed. Other stolen data from previous breaches may also be in play.

🎭 2. Here’s Exactly How the Scam Unfolds in Real Time, Step by Terrifying Step

I’ve mapped out the anatomy of a Coinbase text scam based on hundreds of victim reports, law enforcement warnings, and Coinbase’s own security advisories. What strikes me most is how psychologically sophisticated the attack sequence has become.

It starts with the text. The messages typically claim there’s an urgent issue with your account, such as an unusual login attempt detected, your account being temporarily locked, or suspicious activity requiring immediate verification. The language is clean, professional, and almost always includes a link or phone number.

The fraudulent website the link directs you to is typically a pixel-perfect clone of the official Coinbase login portal. We’re not talking about some obviously fake page with broken images and misspelled words. These clones are so sophisticated that even experienced tech users have been fooled. The scammers use similar-looking domain names with subtle character substitutions, like replacing a lowercase “b” with a special accented character that looks nearly identical.

Here’s the step-by-step kill chain:

Step 1 — The hook text arrives. It creates urgency through fear: someone is accessing your account, a withdrawal is processing, your security is compromised.

Step 2 — You click the link or call the number. If you click, you land on a cloned Coinbase site. If you call, a professional-sounding “representative” answers.

Step 3 — You enter your credentials. On the fake site, your email, password, and two-factor code are captured in real time by the attackers.

Step 4 — The attackers log into your real account instantly. They use your captured credentials before the two-factor code expires, which is typically within 30 seconds.

Step 5 — Your crypto is transferred to the attacker’s wallet. Because blockchain transactions are irreversible, the funds are gone permanently within minutes.

🚩 Stage	🎯 What Scammers Do	🛡️ Your Defense
Text delivery	Send spoofed message mimicking Coinbase alerts	Never click links in texts, go directly to the Coinbase app 📲
Fake website	Clone Coinbase login page with near-identical domain	Always verify the URL is exactly coinbase.com, nothing else 🔍
Credential harvest	Capture your email, password, and authentication code live	Use a hardware security key instead of text-based codes 🔑
Account takeover	Log into your real account within seconds	Enable Coinbase Vault and withdrawal allow-listing ⚙️
Fund extraction	Transfer crypto to untraceable wallets	Set up withdrawal delays and additional ID verification 🧊

💡 Pro Tip: Many phishing sites now use SSL certificates showing the padlock icon in your browser, so the presence of “https” is no longer proof a site is legitimate. The only reliable check is the exact domain name.

📞 3. The Phone Call Follow-Up Is Where Victims Lose Everything, and It’s Devastatingly Effective

Here’s something that shocked me during my investigation: the text message often isn’t the actual attack. It’s the setup. The real damage happens during the phone call.

Coinbase’s own security team has documented that phishing scams often begin with a phone call where an attacker impersonates a Coinbase employee claiming to help with an urgent security issue. In the post-breach landscape of 2025, these calls are terrifyingly convincing because the caller already knows your name, your account details, and sometimes even your recent transactions.

The pattern I’ve seen reported over and over works like this: you receive the text, you panic, and you call the number provided. The “representative” on the other end sounds professional, reassuring, and knowledgeable. They walk you through “securing your account,” which actually means handing them every piece of information they need to drain it.

Coinbase has stated explicitly that they will never call or text you to give you a new seed phrase or wallet address to move your funds to, and will never ask for your password, two-factor codes, or request that you transfer assets to a specific address.

I cannot stress this enough: if someone calls claiming to be from Coinbase and asks you to do anything with your money or share any security codes, that person is a criminal. Hang up immediately and contact Coinbase directly at 888-908-7930.

🔴 What Fake Support Says	🟢 What Real Coinbase Does	💡 Reality Check
“We need your verification code to cancel this transaction”	Never asks for your authentication codes	No legitimate company requests two-factor codes verbally, ever 🚫
“Transfer your assets to this secure wallet for protection”	Never asks you to move funds to any address	This is the #1 way victims lose their entire portfolio 💸
“I’m sending you a link to verify your identity”	Only directs users to coinbase.com	Any other domain is a phishing trap, no matter how official it looks 🕸️
“Don’t tell anyone about this call for security reasons”	Encourages users to report suspicious contacts	Secrecy is a manipulation tactic designed to prevent you from getting help 🤐
“Your account will be permanently closed in 24 hours”	Does not threaten account closure via phone	Artificial urgency is the scammer’s most effective psychological weapon ⏰

💡 Pro Tip: Program Coinbase’s real support number (888-908-7930) into your contacts right now. If you ever receive a suspicious call, hang up and call that number yourself. Never trust a number provided to you in a text or voicemail.

🔄 4. SIM Swap Attacks Are the Nuclear Option, and Your Phone Carrier Is the Weakest Link

This is the escalation path that takes Coinbase text scams from annoying to catastrophic, and almost nobody talks about it.

Coinbase text scams can escalate into SIM swap attacks, where scammers hijack a phone number to intercept two-factor authentication codes. Here’s how it works: the attacker contacts your mobile carrier, pretending to be you. Using personal information they’ve already gathered (your name, address, last four SSN digits from the Coinbase breach data), they convince the carrier representative to port your phone number to a new SIM card that the attacker controls.

The moment that transfer happens, your phone goes dead. No calls, no texts, no data. But the attacker’s phone is now receiving everything intended for you, including every two-factor authentication code sent by Coinbase, your bank, your email provider, and every other service tied to your phone number.

Coinbase strongly recommends using an authenticator app like Google Authenticator or Authy rather than text-based two-factor authentication because authenticator apps generate time-based one-time passwords locally, making them immune to SIM swapping.

🔓 Vulnerability	💣 How Attackers Exploit It	🛡️ How to Close the Gap
SMS-based two-factor authentication	Hijack your number via SIM swap, intercept all codes	Switch to hardware key (YubiKey) or authenticator app immediately 🔑
Weak carrier security questions	Social-engineer your carrier using stolen personal data	Set up a carrier PIN or port-freeze with your provider 📌
Single phone number for everything	One compromised number gives access to all accounts	Use a separate number or Google Voice for crypto accounts 📱
No notification of SIM changes	You don’t know your number was ported until it’s too late	Ask your carrier about SIM swap alerts and account lock features 🔔

💡 Pro Tip: Call your mobile carrier today and request a SIM lock or port-out PIN. This is a separate security code required before anyone (including you) can transfer your phone number to a new device. AT&T, Verizon, T-Mobile, and all major carriers offer this feature, but none of them enable it by default.

💸 5. Your Money Is Gone the Second It Leaves Your Wallet, and Here’s Why Recovery Is Nearly Impossible

I wish I could soften this, but I’d be doing you a disservice. Unlike bank deposits, cryptocurrency isn’t FDIC insured, and while some exchanges carry private insurance, phishing losses are almost always excluded. There is no “chargeback” mechanism on the blockchain. Once your Bitcoin, Ethereum, or any other cryptocurrency is transferred to an attacker’s wallet, the transaction is permanent and irreversible.

Coinbase’s own user agreement makes this clear: the company carries crime insurance for certain digital asset thefts, but it does not cover losses resulting from unauthorized access to your personal account. Read that again. If someone tricks you into giving them your credentials and they drain your wallet, Coinbase’s insurance doesn’t apply to you.

Among those who invested in cryptocurrency, approximately 15% found the investment to be a scam, and the median reported loss to cryptocurrency and investment schemes reached $30,000.

💰 Recovery Method	📊 Likelihood of Success	⚠️ What You Should Know
Contacting Coinbase support	Low for phishing losses	They can freeze your account going forward but rarely recover transferred funds 🧊
Filing with FBI’s IC3	Very low for individual cases	Helps build cases against scam rings, but individual restitution is rare 🏛️
Hiring blockchain tracing firms	Moderate for large losses	Professional tracers can follow funds, but recovery still requires law enforcement cooperation 🔎
Private lawsuit against scammers	Extremely low	Scammers operate anonymously across international borders 🌍
Crypto “recovery services”	Zero, these are also scams	Anyone promising to recover your stolen crypto for a fee is running a secondary scam on you 🚨

💡 Pro Tip: I cannot emphasize this enough. If someone contacts you after a crypto theft claiming they can recover your funds for an upfront fee, that person is a scammer exploiting your desperation. The “recovery scam” industry is massive and specifically targets recent victims. The FBI has explicitly warned about this.

🧓 6. Older Adults Are Losing Billions, and the Scammers Know Exactly Who to Target

The data I uncovered on this is heartbreaking. The FTC estimates that older Americans 60 and above may have lost between $10.1 billion and $81.5 billion to financial fraud from 2024 to 2025, with reported losses alone reaching $2.4 billion. Those aren’t projections. Those are reported numbers, and the FTC believes the actual losses could be ten times higher because most fraud goes unreported.

Losses to cryptocurrency transfers among older adults reached $454 million in 2024, making crypto one of the top payment methods exploited in senior-targeted scams.

The Coinbase text scam is particularly devastating for older adults for several reasons. Many are newer to cryptocurrency and haven’t developed the ingrained skepticism about unsolicited messages. The texts create fear and urgency, which can overwhelm anyone’s judgment. And the phone call follow-up feels reassuring because it mimics the traditional customer service experience that older generations trust.

👤 Age Group	💵 Median Individual Loss	🎯 Most Common Attack Vector
20-29 years old	Lower dollar amount, higher report frequency	Social media-initiated investment scams 📱
30-59 years old	Moderate losses across categories	Text message phishing and fake fraud alerts 💬
60-69 years old	$502 million in total investment losses through Q3 2025	Phone calls from fake support representatives 📞
70-79 years old	Higher per-incident median losses	Government and business impersonation via phone 🏛️
80+ years old	Median losses exceeding $1,600 per incident	In-person courier scams and Bitcoin ATM direction 🏧

💡 Pro Tip: If you have elderly parents or grandparents who own cryptocurrency or use Coinbase, sit down with them today and help them switch from text-based authentication to an authenticator app. Walk them through what a real Coinbase notification looks like versus a fake one. That single conversation could save their retirement savings.

🔒 7. The Exact Security Settings You Need to Change on Your Coinbase Account Right Now

I’ve compiled the most critical account hardening steps based on Coinbase’s own security recommendations and the attack patterns I’ve documented. Most Coinbase users have never touched these settings, and that’s exactly what scammers are counting on.

Coinbase offers several defensive tools including Address Allowlisting, Coinbase Vault, hardware security key support, and their Security Prompt feature through the mobile app.

First priority: Kill SMS-based two-factor authentication. Go into your security settings and switch to either a hardware security key (strongest option) or an authenticator app like Google Authenticator or Authy. This single change makes SIM swap attacks completely useless against your account.

Second priority: Enable withdrawal allow-listing. This feature restricts cryptocurrency withdrawals to only wallet addresses you’ve pre-approved. Even if an attacker gains access to your account, they cannot send your funds to their own wallet because that address isn’t on your approved list.

Third priority: Activate Coinbase Vault. Vault adds a mandatory 48-hour delay to any withdrawal, with multiple email confirmations required. This gives you a window to detect unauthorized access and cancel the transaction before funds leave.

⚙️ Security Feature	🛡️ What It Does	⏱️ How Long to Set Up
Hardware security key (YubiKey)	Requires physical device to log in, immune to phishing	10 minutes, costs $25-50 for the key 🔑
Authenticator app (Google Authenticator, Authy)	Generates codes locally on your device, immune to SIM swaps	5 minutes, free 📲
Address allowlist	Only allows withdrawals to pre-approved wallet addresses	5 minutes, 48-hour activation delay ✅
Coinbase Vault	Adds 48-hour withdrawal delay with multi-step confirmation	10 minutes to configure ⏳
Biometric login	Requires fingerprint or face recognition to access app	2 minutes, built into your phone 👆

💡 Pro Tip: The 48-hour activation delay on the address allowlist is intentional. It prevents an attacker who has momentary access to your account from adding their own wallet and immediately withdrawing funds. Never disable this delay.

🚨 8. Exactly What to Do in the First 60 Minutes If You’ve Already Fallen for a Coinbase Text Scam

Speed is everything. Cybercrime specialists recommend taking these immediate steps: lock your account by contacting Coinbase support to freeze activity, change your passwords on Coinbase and all connected accounts, switch from text-based authentication to an authenticator app or hardware key, and report the crime to the FTC, the FBI’s IC3, and local police.

I’ve organized these into a priority timeline:

Minutes 0-15: Lock your Coinbase account through the app’s security settings. Change your password from a device you trust. If you suspect a SIM swap, call your phone carrier immediately.

Minutes 15-30: Change passwords on your email account, bank accounts, and any other financial services that share the same email or phone number. Enable authenticator-based two-factor on everything.

Minutes 30-60: File a report with the FBI’s Internet Crime Complaint Center at ic3.gov. File a separate report with the FTC at reportfraud.ftc.gov. Email [email protected] with screenshots of the scam text and any details about the interaction.

Within 24 hours: Contact your bank if you shared any banking information. Place a fraud alert on your credit reports with all three bureaus (Equifax, Experian, TransUnion). Save every text, email, and screenshot as evidence.

⏰ Timeframe	🎯 Action	📞 Who to Contact
Immediately	Lock Coinbase account and change password	Coinbase support: 888-908-7930 📞
Within 15 minutes	Alert phone carrier about potential SIM swap	Your carrier’s fraud department 📱
Within 30 minutes	Change all related account passwords	All financial institutions connected to your email 🏦
Within 1 hour	File federal crime reports	FBI IC3 at ic3.gov and FTC at reportfraud.ftc.gov 🏛️
Within 24 hours	Freeze credit and document everything	Equifax, Experian, TransUnion, email [email protected] 📋

💡 Pro Tip: Forward the scam text message to 7726 (which spells “SPAM” on your keypad). This is a universal shortcode that alerts your mobile carrier to the specific number and message content, helping them block similar texts from reaching other customers.

🧠 9. The Psychological Warfare Behind These Texts Is Engineered to Bypass Your Rational Brain

After investigating dozens of victim accounts, I’ve identified the specific emotional triggers that make Coinbase text scams so devastatingly effective. These aren’t random messages. They’re precision-engineered psychological weapons.

Text message open rates are estimated to be as high as 98%, with response rates as high as 45%, compared to email open and response rates of 20% and 6% respectively. That alone explains why scammers have shifted from email to text. Your phone is the most trusted device you own, and you almost certainly read every text you receive.

The scammers exploit three primary emotional states: fear (someone is stealing your money right now), urgency (you have minutes to act before it’s too late), and authority (this message is from Coinbase, a company you trust with your financial assets). When all three emotions fire simultaneously, your brain’s rational decision-making center effectively shuts down, and you act on impulse.

Coinbase’s security team has noted that the primary differentiator between a legitimate alert and a phishing text is often just the URL, but when emotions are running high, most people don’t scrutinize that detail.

🧠 Psychological Trigger	💬 How It Appears in the Scam Text	🛡️ How to Counteract It
Fear of financial loss	“Unauthorized withdrawal of $2,847 detected”	Pause. Real threats don’t evaporate if you take 5 minutes to verify 🧘
Time pressure and urgency	“Respond within 15 minutes or your account will be locked”	Coinbase does not impose countdown timers via text 🚫
Authority and trust	Professional language, real-looking sender ID, partial account info	Legitimate companies don’t send login links or support numbers via text 📵
Confusion and overwhelm	Technical jargon about “verification protocols” and “security codes”	If a message confuses you, that’s by design. Confusion makes you compliant 🤷
Desire to fix the problem	“Call this number immediately to resolve the issue”	Never call a number from a text. Open the Coinbase app yourself 📲

💡 Pro Tip: Create a personal rule right now and make it non-negotiable: I will never take action based on a text message. No matter how urgent the text sounds, your first step should always be opening the official Coinbase app or typing coinbase.com directly into your browser. If there’s a real problem with your account, you’ll see the alert there too.

🔮 10. What’s Coming Next: AI-Generated Voice Scams and Deepfake Support Agents Are Already Being Tested

I want to prepare you for what my research suggests is the next evolution of this scam, because it’s already beginning to surface in early reports.

Criminals are now using artificial intelligence voice cloning technology to create convincing “Coinbase support representatives” that sound professional, patient, and human. Combined with the personal data stolen in the May 2025 breach, these AI-powered calls can greet you by name, reference your real account history, and respond dynamically to your questions in ways that a scripted human scammer never could.

The FTC has documented that consumers reported losing over $12.5 billion to fraud in 2024, representing a 25% increase over 2023, with scammer tactics constantly evolving. The convergence of stolen personal data, AI voice technology, and the irreversible nature of cryptocurrency transactions creates a perfect storm that will only intensify throughout 2026.

🔮 Emerging Threat	🎯 How It Works	🛡️ How to Prepare Now
AI voice cloned “support agents”	Deepfake voice technology mimics professional customer service	Never trust inbound calls, always call Coinbase yourself at their verified number 📞
Personalized phishing using breach data	Texts reference your real balance, transactions, and personal details	Assume any unsolicited contact already knows your info, that doesn’t make it legitimate 🧠
Multi-platform coordinated attacks	Text + email + phone call attack in sequence to overwhelm verification attempts	If multiple “alerts” hit simultaneously, that’s a coordinated attack, not a coincidence 🚨
Fake recovery services targeting recent victims	Scammers posing as crypto recovery experts contact people who just got scammed	No legitimate service charges upfront fees to recover stolen crypto. Zero 🚫

💡 Pro Tip: The most powerful thing you can do right now is accept an uncomfortable truth: no text message, phone call, or email from Coinbase will ever require you to take immediate action. Real security measures don’t work on countdown timers. If you internalize this single principle, you become nearly immune to every version of this scam, including the AI-powered variants that are already emerging.

📌 Your Emergency Quick-Reference Card

📌 Situation	🎯 Your Move	📞 Contact
Received a suspicious Coinbase text	Do not click. Screenshot it. Delete it.	Forward to 7726, email [email protected] 📧
Already clicked a phishing link	Lock account, change all passwords immediately	Coinbase: 888-908-7930 🔒
Gave someone your authentication code	Assume account is compromised, lock everything	Coinbase support + your bank + phone carrier 🚨
Funds were transferred out	File reports with every agency, preserve all evidence	FBI IC3: ic3.gov, FTC: reportfraud.ftc.gov 🏛️
Phone suddenly lost service	Likely a SIM swap attack, call carrier from another phone	Your carrier’s fraud line immediately 📱
Someone offers to recover your stolen crypto	This is a secondary scam targeting you because you’re vulnerable	Report them to the FTC, do not pay anything 🚫

The scammers are betting on your panic. Your greatest weapon is the five-second pause before you act. Take it every single time.