Jameson Lopp, co-founder of CasaHODL, has warned about a new phishing scam targeting Gemini users.
In a Sept. 3 post on X, Lopp shared a screenshot revealing that scammers are using a fake data breach notice to trick Gemini users into transferring their funds to malicious actors.
The notice falsely claims that Gemini is partnering with Trust Wallet to protect users’ funds after a “security breach compromised several multi-signature wallets on our backend storage servers.” The scammers urge users to transfer their funds to a wallet controlled by a seed phrase they provide, claiming it is a “Unique Recovery Phrase.” The image also falsely states that users have one week to secure their funds.
Yu Xian, founder of SlowMist, noted that phishing scams involving mnemonic phrases are not new in crypto. He emphasized the low cost of sending these scam emails, often based on leaked data from the dark web, making them a persistent threat to the industry.
Meanwhile, experts caution that users who rely on third-party custody platforms are particularly at risk. Psifour, a developer for Taproot Wizard, suggested that publicizing the scam could help prevent newcomers from falling victim. He stated:
“That is probably wildly successful against the type of user has only ever used a custodian to manage/custody their coins. Good on you for shouting it out as if it prevents even one newbie from getting scammed it is worth the moment to read.”
As of the time of writing, Gemini has acknowledged the phishing attempt and urged users to remain vigilant.
Phishing scams
Phishing scams have become increasingly prevalent in the industry, resulting in substantial losses for crypto users.
Blockchain security firm Scam Sniffer reported that in August, crypto phishing scams led to $63 million in losses for 9,145 victims. The firm noted a 215% increase in stolen funds despite a 34% decrease in the number of victims.
The Scam Sniffer report also noted a decline in fake accounts on the social media platform X, thanks to recent efforts to combat fraud. However, the growing sophistication of phishing attacks highlights the need for more robust security measures and increased user awareness.