A large-scale Coinbase phishing attack is tricking users into setting up a new wallet using a pre-generated recovery phrase controlled by attackers. The phishing email, titled "Migrate to Coinbase Wallet," falsely claims Coinbase is shifting to self-custodial wallets due to legal issues. Instead of including phishing links, the email provides a recovery phrase, which, if used, allows attackers to steal cryptocurrency from the victim's wallet. The scam bypasses security checks like SPF, DMARC, and DKIM, making it harder to detect. Coinbase and Akamai are investigating the issue, urging users to stay vigilant and never use a recovery phrase received via email. Victims who have already set up a wallet with the fraudulent phrase should transfer their funds immediately to prevent theft.

‍