BleepingComputer reports that major U.S. cryptocurrency exchange Coinbase is having its users subjected to a massive phishing attack campaign that involves fake notifications regarding a mandatory wallet migration.
Threat actors using an email address and a SendGrid account from Akamai sent malicious emails warning of Coinbase's shift to "self-custodial wallets" following a class action lawsuit, which included a unique recovery phrase that was instructed to be imported into the Coinbase Wallet.
Attackers' knowledge of the recovery phrase enables the exfiltration of cryptocurrency assets even without phishing links. Coinbase has warned its users regarding the intrusions.
"We will never send you a recovery phrase, and you should never enter a recovery phrase given to you by someone else," said Coinbase.
Meanwhile, Akamai has already launched an investigation into the potential compromise of one of its SendGrid accounts.
"We are working to address the situation and will continue to monitor and mitigate any related risks," Akamai noted.
