A few hours ago, users began receiving the following phishing e-mail from firstname.lastname@example.org:
“In This Issue:
Get 150% profit with Coinbase Invest Fund
We’re happy to announce a new product – Coinbase Invest Fund, reliable platform for
small and medium scale investments. Fund assets are diversified among emerging Forex
positions at Coinbase Exchange. Deposits are risk-free insured by institutions such as the New
York Stock Exchange.
Want to become a professional investor?
Our first short-term investment program starts today – GET 150% FOR A 10-DAY DEPOSIT.
Investment offer is active from 20th of April 12:00 AM Pacific until 30th of April.
Coinbase offers you a fixed return with a 50% growth for a 10 day period.
You can deposit today from $100. Maximum deposit amount per one person
or legal entity is 60 Bitcoins. That’s an astonishing opportunity to earn up to $8,500 per 10 days!
Investors who want to apply, please make a deposit to
1E1dEorC4fEb7BJKmBwiEi2qMSxmq1fUCd or click the link below
Once a payment is made you will get an e-mail about successful participation.
Please note: Initial deposit amounts exceeding +30 Bitcoins will qualify your membership for a 2nd level upgrade.
We will return your initial deposit with dividends on 1st of May, 2015 12:00 AM Pacific Time.
(for example: investing 10 Bitcoins today will return 15 Bitcoins in a 10 day period)
Profits are withdrawn without any delay and Coinbase waives all fees for 1st level investments.
Hurry up! This is a limited, one-time opportunity.
The Coinbase Invest Fund Team
Do not reply to this e-mail”
Coinbase executives have informed alarmed users on Twitter and Reddit that scammers managed to gain access to their secondary e-mail provider, Sendgrid. The leaked recipient e-mails however didn’t proceed from a breach of their databases and thus far several users have reported being contacted on addresses they’d only used on LocalBitcoins and Bitcoin24 while many recipients aren’t even registered at Coinbase.
Admins from the site have already taken steps to stop further activity from the scammers as well as disabling their Sendgrid account while they investigate the matter.
Each e-mail includes an unique Bitcoin address, so at the moment it’s impossible to estimate what percentage of users may have fallen for the scam.
This breach comes on the heels of Coinbase’s announcement of its second Hackathon, which will give out $70,000 in prizes to Bitcoin app developers.