“Coinbase Support” Is Calling: Phishers Now Want Your Seed Phrase

As phishing tactics evolve, a new voice-based scam is targeting Coinbase users – to access exchange accounts and extract seed phrases from connected third-party wallets like MetaMask and Trust Wallet. The attack combines spoofed calls, personal data exposure, and phishing links disguised as Coinbase support interfaces.

According to blockchain security firm Chainalysis, phishing attacks resulted in over $295 million in stolen cryptocurrency in 2024. Voice-based social engineering represents a growing threat as scammers adapt to increased user awareness of email phishing.

How the Attack Works

The incident was detailed by TikTok user Steve (@tripiville), who recounted nearly falling victim to a convincing impersonation scam. The process began with an automated voice message:

This is Coinbase. And there’s been fraud on your account. If you are [name], press 1.

After Steve confirmed his name, he received a second call from a California number that was not flagged as spam. The caller spoke fluent American English and knew Steve’s full name, email, and home address. They claimed someone had tried to change his Coinbase account information via online chat.

While Steve had already changed his Coinbase password independently, he agreed to continue the conversation. The attacker said Steve would receive an email with a unique security link. When it arrived, it mimicked a legitimate Coinbase domain and interface.

The site prompted him to reject suspicious logins, then asked him to estimate his account balance:

It had ranges, so I said, ‘OK, well, what’s the harm in that?

The attacker then asked whether Steve had any third-party wallets linked to his account. When Steve declined to answer, the caller claimed the alleged hacker might already have access to them – and advised removing them through the provided interface.

The Extraction Playbook

The next screen, labeled “Third Party Wallets,” showed what Steve believed was the MetaMask logo. It then asked him to input the 12-word recovery phrase for his external wallet.

It prompted me to put in the 12-word passkey for my third-party wallet, which, of course, I understood was, you know, not something you should be doing.

Steve refused to proceed and said he didn’t have the phrase available. The caller pressed him to do it immediately. When Steve stalled, the line disconnected.

Why This Scam is Different 

The attack illustrates how phishing scams are adapting to user awareness. Instead of generic emails, scammers now use real-time voice calls, behavioral cues, and personalized information to establish legitimacy. Importantly, the true target often lies beyond the exchange – the self-custodied assets behind a seed phrase.

This case also highlights a shift in phishing tactics: the use of layered interaction – voice + link + branded UI – to guide the user step-by-step toward a critical security breach. Even cautious users can be manipulated into disclosing seemingly harmless information that builds attacker confidence and increases the chance of success.

How to Protect Yourself

1. Never share seed phrases with anyone, regardless of who claims to need them Coinbase support will never ask for your seed phrase or private keys 
2. Verify suspicious calls by hanging up and calling Coinbase directly 
3. Be wary of unsolicited calls, even if they know personal information 
4. Enable two-factor authentication on all crypto accounts

Steve avoided full compromise by recognizing the seed phrase request as suspicious. However, this incident reveals how phishing operations are becoming more sophisticated, combining multiple attack vectors to appear legitimate. 

The key takeaway: legitimate cryptocurrency services will never ask for your seed phrase. If someone claims to need it for security purposes, it’s a scam – no matter of how convincing they sound or how much personal information they possess.