Retired Artist Loses $2M in Crypto to Coinbase Impersonation Scam

Ed Suman, a 67-year-old retired artist, lost $2 million in crypto after falling for a Coinbase impersonator scam.

Ed Suman, a 67-year-old retired artist, fell victim to a crypto scam that began with a text message from Coinbase and ultimately saw him lose an estimated $2 million in Bitcoin and Ether.

The scam unfolded in March 2025, when Suman received a text message from what appeared to be Coinbase, warning him of suspicious activity on his account. Shortly after, a man named Brett Miller phoned Suman, introducing himself as a member of Coinbase security.

The caller expressed concern over Suman’s wallet being compromised and instructed him to enter his seed phrase into a web address provided. The web address led to a site that looked exactly like Coinbase, complete with the same branding, login format, and support sections. However, the site also asked for full access credentials.

Suman followed the directions, entering his seed phrase and providing the requested credentials. Nine days later, another caller went through a similar process with Suman, transferring his Bitcoin and Ether holdings. However, when Suman went to check his balance, his funds had vanished.

At the time, Suman was holding 17.5 Bitcoin and 225 Ether in a Trezor Model One hardware wallet. Bitcoin was trading at around $103,869 at the time, while Ether was valued at $2,507, putting the total value of Suman’s crypto savings at over $2 million.

Coinbase’s Recent Data Breach Exposed Customer Info

Earlier this year, Coinbase disclosed a data breach that occurred in India. According to Coinbase, India-based contractors were bribed to provide access to customer data. The leaked information included customer names, account balances, and transaction history.

Coinbase stated that about 1% of its monthly active users were affected by the breach. Among those affected is Sequoia Capital managing partner Roelof Botha, who declined to comment.

Coinbase said the involved contractors have since been terminated. Philip Martin, Coinbase’s chief security officer, confirmed the breach and said the company expects remediation costs to be in the range of $180 million to $400 million.

The phishing site used in the scam to defraud Suman was an exact copy of Coinbase’s interface, complete with the same branding, login format, and support sections. It also asked Suman to input his seed phrase, which is the private key for his hardware wallet.

Once Suman entered his seed phrase, the attackers gained full access to his hardware wallet. However, Suman didn’t receive any alerts from Coinbase about the large outflows of cryptocurrency. By the time Suman checked his balance, all of his funds had been transferred out and there were no pending transactions.

The scam is likely linked to the recent Coinbase data breach. The attackers used the leaked data from the breach to contact Suman with accurate details, including his name and account activity. They also used a combination of text messages and phone calls to escalate the situation and guide Suman through the scam.

Coinbase has previously warned users that they will never ask for their seed phrases. However, the recent data breach provided attackers with enough information to impersonate official Coinbase support.

Suman, who was unaware of the breach, followed what he thought was Coinbase’s instructions, leading to the loss of his entire crypto savings.