Coinbase Outgoing Email Hacked

As noticed by #bitcoin-assets user fluffypony, and later confirmed by reddit user CoinbaseAdrian, a sendgrid.net account associated with em.coinbase.com has been compromised. The scammers behind this attack have used it to send email to a list composed mostly of, but not limited to, users of localbitcoins.com.

"The Coinbase Investment Fund Team," as described in the email, promises impossible returns on any funds send to a particular Bitcoin address.1 Recipients of the email each were provided a unique address; this makes it difficult to ascertain whether or not anybody has foolishly obliged such a ridiculous request. Even coming from a seemingly authorized sender, any unsolicited offer promising "50% growth for a 10 day period"2 should be considered with extreme scepticism. Quoted below is an example of such an email:

From: Coinbase news@coinbase.com Date: April 8, 2015 at 2:32:26 PM EDT
To: @gmail.com
Subject: , We've got a message for You In This Issue: Get 150% profit with Coinbase Invest Fund
Dear ,

We're happy to announce a new product – Coinbase Invest Fund, reliable platform for small and medium scale investments. Fund assets are diversified among emerging Forex positions at Coinbase Exchange. Deposits are risk-free insured by institutions such as the New York Stock Exchange.

Want to become a professional investor? Our first short-term investment program starts today – GET 150% FOR A 10-DAY DEPOSIT.

Investment offer is active from 20th of April 12:00 AM Pacific until 30th of April. Coinbase offers you a fixed return with a 50% growth for a 10 day period. You can deposit today from $100. Maximum deposit amount per one person or legal entity is 60 Bitcoins. That's an astonishing opportunity to earn up to $8,500 per 10 days!

Investors who want to apply, please make a deposit to

1LLkNuQQ2GkS5DmQzsTxCmErUH8ew6dnDi or click the link below
https://blockchain.info/qr?data=1LLkNuQQ2GkS5DmQzsTxCmErUH8ew6dnDi&size=400

Once a payment is made you will get an e-mail about successful participation. Please note: Initial deposit amounts exceeding +30 Bitcoins will qualify your membership for a 2nd level upgrade.

We will return your initial deposit with dividends on 1st of May, 2015 12:00 AM Pacific Time. (for example: investing 10 Bitcoins today will return 15 Bitcoins in a 10 day period) Profits are withdrawn without any delay and Coinbase waives all fees for 1st level investments.

Hurry up! This is a limited, one-time opportunity.

Kind regards,

The Coinbase Invest Fund Team

Do not reply to this e-mail

This phishing attempt is not the first to come under the banner of Coinbase3. Similar examples were reported over the course of the last half year. One occurred last November, and another three months later.


  1. This is apparently how USG properties, rather than bitcoin properties, handle their public relations. A real bitcoin business is in the WoT, publishes GPG signed statements, and is available in uncensorable and uneditable IRC channels. A USG business pretends the WoT doesn't exist, and makes unsigned statements on highly censored and edited social media platforms. 

  2. The best part is the line about how sending 30 bitcoin will qualify the victim for some "2nd level upgrade." It seems as though MPEx has set the standard for "professional investors."  

  3. Customers of this service make for especially good targets seeing as how they are the kind of people who prefer user friendliness over actual security. There has yet to be a reported instance of a spam phishing mailer credibly targeting MPEx users. 

3 thoughts on “Coinbase Outgoing Email Hacked

  1. Heh. I also received this phishing attempt and also also just received the following follow-up notice alleging to be from 'the real coinbase' from a support@coinbase.com address :

    Hi there,

    Earlier today, a spam email claiming to from Coinbase was sent to some of our customers, announcing a "Coinbase Investment Fund".

    If you received this email, please disregard it. We apologize for any inconvenience this may have caused.

    Note: This email is no way affects the safety of your Coinbase account, and no customer data was compromised.

    If you have any questions, please don't hesitate to contact support@coinbase.com.

    Kind Regards,
    Coinbase Security

    Because safety is whatever they say it is, like a feeling, rather than, y'know, a thing that's implemented.

  2. And how did the derpstomers email list leak ? Never explained ?

Leave a Reply to Pete Dushenski Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>