Coinbase User Loses $4.2M to “Spear Phishing:” How to Spot It

Canadian teenagers steal $4.2 million by impersonating Coinbase. Find out if you would fall for a similar attack.

Hunter spearing a digital crypto whale.
Created by Gabor Kovacs from DailyCoin
  • A Coinbase user fell victim to a spear-phishing attack by two teenagers.
  • Understanding how to spot spear phishing attacks is crucial for the safety of crypto traders.
  • Users can take measures to protect themselves from attacks like these.

When dealing with cryptocurrency, security should be top of mind. The sheer amount of capital in the space continues to attract unsavory characters. This is why despite an overall decrease in crypto scams, scammers still run rampant. One Coinbase user recently lost millions to a scam by two teenagers. 


On Tuesday, July 4, two Canadian 17-year-old boys were charged with stealing $4.2 million from a Coinbase user in a spear phishing attack. But what is spear phishing, and how did two teenagers steal millions in crypto? This article will break down their strategy and help you prevent this from happening to you. 

How Attackers Used Spear Phishing to Steal Millions

Spear-phishing is a cyberattack method that hackers use to steal sensitive information or install malware on the devices of specific victims. Unlike general phishing attacks sent en masse, spear-phishing attacks are highly targeted and often more effective. 

A graphic illustrating the difference between phishing, spear phishing and whaling in cybersecurity.
Source: Wallarm

Target Identification and Research – The attackers gather as much information about their target as possible. This could include email addresses, job titles, and information about their personal and professional networks. The more information the attackers have, the more convincing their scam can be.

The Hook – With this information, the attackers craft a personalized message to trick the target into revealing sensitive information. In the case of the Canadian teenagers, they impersonated Coinbase support in their spear-phishing attack, a trusted entity.

The message creates a sense of urgency or fear, prompting the target to act. The attackers may ask the target to confirm their account details, reset their password, or reveal other sensitive information. In this case, the teenagers tricked the Coinbase user into giving them access to his Ethereum and Bitcoin holdings.


The Catch – If the target falls for the scam and reveals sensitive information, the attackers can use it. In this case, the teenagers were able to steal $4.2 million in cryptocurrency from the Coinbase user.

Understanding how spear-phishing attacks work is the first step in preventing them. By being aware of these tactics, you can be more vigilant and protect your sensitive information from falling into the wrong hands.

How to Keep Yourself Safe from Spear Phishing

Preventing spear-phishing attacks requires a combination of vigilance, awareness, and good cybersecurity habits. Here are some tips on avoiding spear-phishing attacks:

  • Keep private information private – The success of spear-phishing attacks is often driven by the wealth of online personal data. Be cautious about what information you share and where you share it.
  • Know the basic signs of phishing scams – Phishing emails, texts, and phone calls often try to trick you into sharing sensitive information. Be wary of unsolicited requests for information, especially if they ask for sensitive data like passwords or financial information.
  • Use secure and updated systems – Ensure your computer, mobile devices, and all applications are updated. Use security software and consider using a network firewall for added protection.
  • Be skeptical of email and message attachments – Be wary of unsolicited attachments, even from people you know. If an email or message seems suspicious, contact the sender to verify its authenticity.
  • Educate yourself and others – Stay informed about the latest phishing tactics and how to recognize them. Share this information with friends, family, and colleagues to help them protect themselves too.

Remember, the key to preventing spear-phishing attacks is vigilance and awareness. Always think before you click; when in doubt, don’t share your information.

On the Flipside

  • Phishing attacks are not unique to crypto. In fact, they are as old as the internet itself. 
  • Losses due to crypto-related scams and hacks have dropped substantially in 2023, down 75% from last year. 

Why This Matters

As digital assets become more mainstream, they become more attractive targets for cybercriminals. Therefore, traders must be vigilant about their online security and be aware of the tactics used by cybercriminals. 

Read more about the infamous North Korean Lazarus Group: 

Atomic Wallet Hack: Is North Korea Behind It? 

Read more about UK’s new rules that aim to keep crypto investors safe: 

Get Ready for New Crypto Marketing Rules: UK Regulator

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

David Marsanic

David Marsanic is a journalist for DailyCoin who covers the intersection of crypto, traditional finance, and government. He focuses on institutionalized crypto entities like major cryptocurrency exchanges and Solana, breaking down complex topics into easy-to-understand writing. David's prior experience as a business journalist at various crypto and traditional news sites has enabled him to maintain a critical approach to news while adhering to high journalistic integrity standards.