A hacker who withdrew over $900,000 from the accounts of several Coinbase users has been sent to prison.
UK-based Elliot Gunton and his accomplices designed fake websites that mimicked a leading cryptocurrency exchange. Coinbase users who attempted to log in to the exchange were redirected to these malicious websites, compromising their accounts as a result.
These websites are often designed to collect user data. When a victim enters their login information, sensitive data is recorded and sent to the attackers.
While the exact details of Gunton’s tactics were not disclosed, Norwich Crown Court Judge Alice Robinson said the plan was “extremely complex” and the result of significant planning and technical expertise.
The phishing scheme was reportedly active between 2018 and 2019. According to a 2020 Chainlysis report, this period saw a significant increase in crypto crimes, with more than $4.3 billion in cryptocurrencies lost in various attacks and scams.
Gunton, who was 17 at the time, hacked into more than 500 Coinbase accounts and embezzled more than $900,000. One U.S. resident allegedly lost more than $16,000, while hundreds and thousands of dollars were embezzled from others.
He pleaded guilty to conspiracy to commit fraud and money laundering charges outside the UK and faces a 43-month prison sentence.
Coinbase, meanwhile, has become the most imitated crypto platform among global brands. According to a June 24 report by Mailsuite, the crypto exchange’s brand has been linked to 416 reported phishing attacks in the past four years.
Most recently, on July 8, scammers impersonated Coinbase employees and stole $1.7 million from a victim’s self-custody wallet. The victim was socially engineered to click on a phishing link that compromised part of their key phrase.
Scammers have also impersonated Coinbase Pro, Coinbase’s defunct professional trading platform. In May, an Indian citizen was accused of stealing $37 million worth of crypto from unsuspecting users via a fake Coinbase professional phishing website.
Security firm SlowMist has stated that phishing is one of the leading causes behind crypto thefts in the second quarter of 2024.