A Los Angeles artist lost over $2 million in crypto assets due to a fraudulent scheme linked to a data breach at Coinbase. The perpetrators stole his crypto retirement savings, which he had stored in a cold wallet, by convincing him to enter his seed phrase.
This is reported by Finway
Ed Suman, a former master artist known for his work on sculptures, including Jeff Koons’ Balloon Dog series, reported that his cryptocurrency retirement savings, including 17.5 BTC and 225 ETH, were stolen as a result of the fraud. At the time of the loss, their value was approximately $2.4 million.
Data Breach and Fraudulent Activities
According to Coinbase, hackers began accessing customers’ personal data as early as January by bribing customer support employees in India to obtain names, addresses, account balances, and transaction histories. This information was used by the criminals to conduct social engineering attacks, including on Suman.
On March 8, Suman received a text message allegedly sent from Coinbase, warning him of suspicious login activity on his account. After responding to the message, he received a call from a security representative named Brett Miller. Media reports indicated that the fraudster was aware that Suman stored his cryptocurrencies in a Trezor Model One hardware wallet.
Coinbase’s Promises and Victim’s Reaction
The perpetrator convinced Suman that hackers could access his wallet even if it was not connected to the internet and offered to “eliminate the threat,” which led to him entering his seed phrase on a fake website. After that, the assets vanished instantly.
“The attack becomes much more effective when the perpetrator possesses personal information: balances, account history. If you have personal data, it’s a whole different level of fraud,” explained John Wingate, CEO of Bank Social, which specializes in digital asset security.
In a statement regarding the incident, Coinbase promised to reimburse losses for customers who fell victim to fraud. However, Suman has not received any confirmation regarding compensation for his losses. He believes that Coinbase should have taken fraud awareness measures by sending warnings to all its customers.
Coinbase representatives declined to comment on Suman’s statements and noted that less than 1% of their active users were affected by the data breach. Among other victims is Roelof Botha, managing partner at venture firm Sequoia Capital. Currently, there is no confirmation that his account was hacked. It is worth noting that following the data breach, users have filed two class-action lawsuits against Coinbase in the Northern District of California and the Southern District of New York.