Fraudulent emails impersonating Coinbase and Gemini tricked users into setting up wallets with pre-generated recovery phrases controlled by scammers. Social engineering attacks have also escalated, with hackers breaching Kaito AI’s social media to manipulate token prices and crypto founders being targeted through fake Zoom calls containing malware. Additionally, high-profile security breaches and physical attacks are also becoming more of a problem, especially after the recent armed home invasion of streamer Kaitlyn Siragusa.
Fake Crypto Exchange Emails Trick Users
The crypto industry is facing a surge in phishing scams targeting users of major exchanges like Coinbase and Gemini. Cybercriminals have been sending fraudulent emails that seem to come from these platforms, instructing users to transition to self-custodial wallets.
The emails provide detailed instructions on downloading the legitimate Coinbase Wallet or Gemini's wallet service but include pre-generated recovery phrases that are controlled by scammers. Once users set up wallets using these phrases and transfer their assets, the threat actors can instantly drain their funds.
In an attempt to add credibility, the fraudulent emails reference ongoing legal battles. The Coinbase-related scam falsely claims that a court ruling forced the exchange to operate as a registered broker, mandating users to move their assets to self-custodial wallets. It even mentions a class-action lawsuit against Coinbase over unregistered securities sales, although the US Securities and Exchange Commission (SEC) recently dismissed its case against the exchange on Feb. 27.
Similarly, Gemini users have been targeted with emails that refer to a supposed court decision requiring them to migrate to a new wallet. The SEC previously sued Gemini over its Earn program, but the case was also dropped on Feb. 26.
Coinbase acknowledged the scam, and warned its users never to trust pre-generated recovery phrases. The company reiterated that it will never send such phrases and urged users to stay vigilant. Gemini has yet to officially respond to the reports.
Phishing is still one of the most serious security threats in the crypto industry. Blockchain security firm CertiK’s annual Web3 security report revealed that phishing scams cost users more than $1 billion in 2024 alone, with 296 reported incidents.
The issue is not limited to email scams. In fact, cybercriminals have also been targeting crypto founders through sophisticated social engineering tactics. At least three founders recently reported that they narrowly avoided a hacking attempt involving fake Zoom meetings. The attackers posed as potential business partners and, during the call, claimed to have audio issues before sending a link to a new meeting, which contained malware that is designed to steal sensitive information.
With the rise of these increasingly deceptive attacks, crypto users and industry leaders are urged to be extra cautious.
Kaito AI Hit by Social Media Hack
Meanwhile, Kaito AI and its founder Yu Hu recently fell victim to a social media hack on March 15, with hackers taking control of the project's X account to spread false information. The attackers claimed that Kaito wallets were compromised and warned users that their funds were not safe.
These posts were part of a broader scheme to manipulate the price of KAITO tokens, as on-chain investigator DeFi Warhol revealed that the hackers opened a short position on KAITO before making the fraudulent announcements. By inducing panic selling, the perpetrators planned to crash the token’s price and profit from the market drop.
The Kaito AI team quickly regained control of their social media account and reassured its users that there was no breach of Kaito wallets. The team stated that despite having strong security measures in place, the attack bore similarities to recent incidents involving hacked Twitter accounts. This case adds to the increasing number of social engineering attacks and security breaches that are currently affecting the crypto industry.
Several high-profile exploits popped up over the past few months. On Feb. 26, the X account of Pump.fun, a fair launch platform, was hacked by an attacker promoting fraudulent tokens, including a fake governance token named "Pump." Blockchain investigator ZackXBT later connected this incident to hacks targeting the Jupiter DAO account and the DogWifCoin X account.
In another case, the Alberta Securities Commission issued a warning on March 7 about a crypto scam known as CanCap. The scheme relied on fake news articles and counterfeit endorsements using the images of Canadian politicians to lure victims. By playing on the fears of a trade war between Canada and the United States, scammers claimed that the project had the backing of Canadian Prime Minister Justin Trudeau to entice investors.
Attackers are employing increasingly sophisticated tactics to manipulate markets and defraud investors, making it crucial for users to verify information before making any financial decisions.
Four Charged in Home Invasion Targeting Bitcoin
Another major security issue plaguing crypto users is burglaries. Four suspects were charged in connection with the violent home invasion of online streamer Kaitlyn Siragusa, who is known as Amouranth.
The attack took place on March 2, when several armed people entered her home, held her at gunpoint, and demanded access to her cryptocurrency holdings. Authorities identified two of the suspects as Dylan Nesho Campbell and Bryan Anthony Salazar Guerrero, while the remaining two are minors aged 16 and 17. Each suspect faces charges of aggravated kidnapping and aggravated robbery with a deadly weapon.
Siragusa reported that the intruders beat her and tried to coerce her into handing over her private keys. Her husband, who was on speakerphone during the ordeal, realized the severity of the situation and grabbed a handgun while monitoring the invaders' movements through the home's security cameras. The armed men took the phone, believing they could use it to access a crypto app, while Siragusa managed to stall them by leading them around the house in search of a cold storage device.
While the intruders were distracted, Siragusa ran upstairs to her husband, who fired three shots at the suspects. One of the rounds may have struck one of the attackers before they fled the scene. Law enforcement arrived shortly after to secure the area and investigate the attempted robbery. The attack was very likely financially motivated, as Siragusa previously shared to her followers that she held around 211 Bitcoin, which was worth more than $20 million in late 2024.
7 gang members arrested in the UK for kidnapping
The incident adds to a growing wave of targeted kidnappings and home invasions against cryptocurrency holders. In January of 2025, a UK court sentenced seven gang members involved in the prolonged kidnapping and assault of a crypto investor, who was coerced into transferring funds. That same month, Ledger co-founder David Balland was kidnapped in France and held for ransom before being rescued by authorities.
