Crypto users are reporting an increase in scam emails designed to look like official messages from exchanges such as Coinbase and Gemini. These emails aim to trick users into creating new wallets using pre-generated recovery phrases controlled by scammers.

Posts on X have shown examples of these fraudulent emails. One claims to be from Coinbase, instructing users to switch to self-custody wallets and download the legitimate Coinbase Wallet app, with a supposed deadline of April 1 to complete the process.

Is anyone else getting the fake @coinbase emails and texts? They’re getting increasingly sophisticated.

One is a fake verification text to get you to call a fake support number and the other is an email getting you to set up a real wallet they can drain.

Stay safe out there. pic.twitter.com/8SgjPQeUqk

— Steve ?? (@SteveKBark) March 14, 2025

The catch? The email provides users with recovery phrases that are already compromised. Anyone who sets up a wallet using these phrases and transfers their crypto funds ends up giving scammers full access to their assets, which can then be stolen.

The scam message refers to a fabricated class-action lawsuit accusing Coinbase of selling unregistered securities. It falsely claims that a court ruling requires users to move their assets to Coinbase Wallets while Coinbase becomes a registered broker.

In reality, the U.S. Securities and Exchange Commission (SEC) dismissed its case against Coinbase on February 27, where it had previously accused the company of being an unregistered broker and selling unregistered securities.

Coinbase has acknowledged the scam and highlighted in a March 14 post on X that it will never send users a recovery phrase and warns never to trust a recovery phrase provided by anyone else.

Reminder: Beware of recovery phrase scams.

We're aware of new phishing emails going around pretending to be Coinbase and Coinbase Wallet.

We will never send you a recovery phrase, and you should never enter a recovery phrase given to you by someone else. pic.twitter.com/E9Us5jNS4C

— Coinbase Support (@CoinbaseSupport) March 14, 2025

Gemini has also been impersonated in similar email scams. The fraudulent messages use the same tactic, claiming that a recent court ruling requires users to set up a new wallet using pre-generated recovery phrases.

Gemini had been under scrutiny by the SEC over its Earn program, accused of offering unregistered securities, but that case was dropped by the regulator on February 26.

Looks like massive phishing scams ongoing. Got two emails targeting @coinbase and @Gemini users.

Everyone be safe! pic.twitter.com/ceP1jqWQ1Z

— Sukesh Tedla (@sukeshtedla) March 14, 2025

Blockchain security firm CertiK identified phishing scams like these as one of the biggest Web3 security threats of 2024. According to its annual report, phishing attacks cost users $1 billion across 296 incidents last year.

These email scams come amid reports of at least three crypto founders narrowly avoiding hacking attempts by suspected North Korean threat actors. The attackers posed as potential business partners and arranged Zoom meetings, during which they claimed to have audio issues and shared malicious links to alternative video calls, aiming to install malware and steal sensitive data.