Coinbase Text Scam: How to Spot It, What to Do, and How to Stay Safe

juli 01, 2026 • security

A new wave of Coinbase text scam messages is targeting cryptocurrency users in 2025 and 2026. These phishing SMS messages impersonate Coinbase support, claim your account has been suspended, or warn you of suspicious activity — all to steal your login credentials and drain your crypto wallet.

If you received a text message from “Coinbase” asking you to click a link or call a number, do not interact with it. This guide explains exactly how the scam works, how to spot a fake Coinbase text, and what to do if you already clicked.

What Does the Coinbase Text Scam Look Like?

The Coinbase SMS phishing scam typically arrives as a text message that looks urgent and official. Common variations include:

  • “Your Coinbase account has been suspended.” A link follows, directing you to a fake login page.
  • “Unusual activity detected on your Coinbase account.” You are told to verify your identity immediately.
  • “Your withdrawal of $X,XXX is pending confirmation.” Designed to scare you into acting fast.
  • “Coinbase Support: We’ve locked your account for security reasons. Call 1-800-XXX-XXXX.” The number connects to a scammer posing as Coinbase staff.
  • “Your Coinbase 2FA code is XXXXXX. Do not share.” If you receive an unsolicited code, a scammer is actively trying to log in with your credentials.

The messages are designed to create panic. Crypto users are particularly vulnerable because transactions are irreversible — once funds move, they cannot be recovered.

How the Coinbase Scam Text Works (Step by Step)

Understanding the scam’s mechanics helps you recognize it before it’s too late.

Step 1: The Hook

You receive a text claiming to be from Coinbase. The sender ID may even display “Coinbase” due to SMS spoofing, a technique that makes fraudulent texts appear to come from legitimate senders.

Step 2: The Fake Website

The link in the text leads to a website that looks identical to Coinbase’s real site (coinbase.com). The URL will be slightly different — something like coinbase-support.net, coinbase-secure.com, or a string of numbers followed by a domain. The page asks for your email, password, and sometimes your 2FA code.

Step 3: Credential Theft

When you enter your login details, the scammer captures them in real time and uses them to access your actual Coinbase account within seconds.

Step 4: Wallet Drain

With access to your account, the attacker immediately transfers your crypto to an external wallet they control. Because blockchain transactions are irreversible, recovery is nearly impossible.

Real Coinbase vs. Scam Text: How to Tell the Difference

FunktionReal CoinbaseScam Text
SenderShort code or verified numberSpoofed “Coinbase” or random number
LinksAlways coinbase.comLookalike domains
UrgencyLow — you can verify in the appExtreme — “act now or lose access”
Asks for password/2FANever via SMSAlways
Phone callsCoinbase does not call you firstScammers may follow up with a call

Golden rule: Coinbase will never ask for your password, seed phrase, or 2FA code via text message, email, or phone call.

I Already Clicked the Link — What Should I Do?

If you clicked the link but did not enter any information, you are likely safe. Run a security check on your device to be sure.

If you entered your password or 2FA code, act immediately:

  1. Change your Coinbase password right now at coinbase.com/settings/security.
  2. Revoke all active sessions under Security Settings → Active Sessions.
  3. Enable or reset your 2FA using an authenticator app (not SMS, which can be SIM-swapped).
  4. Withdraw funds to a secure wallet if you still have access.
  5. Contact Coinbase Support at support.coinbase.com and report the incident.
  6. Report the scam to the FTC at reportfraud.ftc.gov and to the FBI’s IC3 at ic3.gov.
  7. Check your email account for unauthorized access, since scammers often target your email next.

How to Report a Coinbase Scam Text

Reporting the scam helps protect other users and can speed up the takedown of fake websites.

  • Forward the scam text to 7726 (SPAM) — this reports it to your carrier.
  • Report the phishing URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish.
  • Report to Coinbase directly by forwarding the message to [email protected].
  • File an IC3 complaint at ic3.gov if you lost funds.

How to Protect Your Coinbase Account from SMS Scams

Prevention is significantly easier than recovery. These steps make your account nearly impossible to compromise:

Use an Authenticator App Instead of SMS 2FA

SMS-based 2FA is vulnerable to SIM swapping attacks, where a scammer convinces your carrier to transfer your phone number to their SIM card. Switch to Google Authenticator, Authy, or a hardware key like a YubiKey for your 2FA method.

Enable Coinbase’s Advanced Account Protection

In your Coinbase security settings, enable login notifications so you are alerted to any new sign-in attempts immediately.

Bookmark the Real Coinbase Website

Never click links from text messages. Bookmark coinbase.com in your browser and always navigate there directly. Check that the URL shows a valid SSL certificate padlock and reads exactly “coinbase.com.”

Use a Unique, Strong Password

Your Coinbase password should be used nowhere else. Use a password manager to generate and store a long, random password.

Consider a Dedicated Email for Crypto

Use a separate email address exclusively for your Coinbase account. This email should not be shared publicly and should have its own strong, unique password.

Why Coinbase Users Are Prime Targets

Cryptocurrency accounts are uniquely valuable to scammers for three reasons:

  1. Irreversibility: Unlike bank transfers, crypto transactions cannot be reversed or disputed.
  2. Speed: Funds can be moved within seconds of gaining account access.
  3. Anonymity: Crypto wallets make it difficult to trace stolen funds.

The Coinbase scam text is part of a broader category of cryptocurrency phishing that generated over $5.6 billion in losses in 2023 according to the FBI’s Internet Crime Report — making crypto fraud the highest-loss category of any cybercrime.

Vanliga frågor

Is a text from Coinbase always a scam?

No. Coinbase does send legitimate texts for account activity alerts. However, any text asking you to click a link, call a number, or provide credentials is a scam. Legitimate Coinbase notifications will never ask you to log in via a text link.

Can Coinbase refund money lost to a scam?

In most cases, no. Coinbase’s terms of service state that they are not liable for losses resulting from unauthorized access when your credentials were compromised through phishing. Some exceptions exist if Coinbase’s own security was breached, but these are rare.

What if I gave the scammer my phone number?

Contact your mobile carrier immediately and add a SIM swap protection or port freeze to your account. This prevents scammers from transferring your number to a new SIM card.

Are Coinbase scam texts illegal?

Yes. SMS phishing (smishing) is a federal crime under the Computer Fraud and Abuse Act (CFAA) and the CAN-SPAM Act. Perpetrators can face significant prison time and fines.

How did scammers get my number?

Your phone number is likely in a data breach database. Billions of phone numbers from breaches at companies like Facebook, LinkedIn, and various crypto exchanges are sold on dark web marketplaces. You can check if your email was breached at haveibeenpwned.com.

What is SIM swapping and how does it relate to Coinbase scams?

SIM swapping is when a scammer convinces your mobile carrier to transfer your phone number to a SIM card they control. Once they have your number, they can receive your SMS 2FA codes and reset your Coinbase password via email. This is why switching from SMS 2FA to an authenticator app is critical.

security, Cybersecurity Author at Security Briefing

säkerhet

admin är en senior personalförfattare för Government Technology. Hon skrev tidigare för PYMNTS och The Bay State Banner och har en BA i kreativt skrivande från Carnegie Mellon. Hon är baserad utanför Boston.

sv_SESwedish