Fake Coinbase Two-Factor Reset Social Engineering Scams
Criminals posing as Coinbase support agents use social engineering to trick users into revealing or bypassing their 2FA, then use the access to drain account balances.
Part of: Two-Factor Reset & Social Takeover Scams
Last reviewed: 8 June 2026
Coinbase has publicly documented cases of social engineering attacks against its users where criminals called victims posing as Coinbase fraud prevention specialists. These calls typically claim that suspicious activity has been detected and that immediate verification — including 2FA codes — is needed to protect the account.
This type of attack is specifically designed around Coinbase's known support procedures. Scammers know that Coinbase does contact users about fraud alerts in some contexts, which gives the impersonation added credibility. The caller references the victim's partial account details — often scraped from data breaches — to appear legitimate.
Coinbase's genuine fraud prevention team will never ask a user to share their 2FA code, provide their password, or install remote access software over the phone. A 2FA code by its nature is a one-time secret that only the account holder should possess; sharing it with any caller immediately enables account takeover.
How this scam works on the Coinbase brand
The call begins with the caller identifying themselves as a Coinbase Trust and Safety specialist and citing a specific incident: 'We detected a login attempt from [city] and wanted to verify this was you.' The caller already knows the victim's name, email, and partial account details from third-party data sources.
To 'verify identity,' the caller asks the victim to read out the 2FA code just sent to their phone or authenticator app. Unknown to the victim, the attacker has simultaneously initiated a login on the real Coinbase site with stolen credentials and triggered the 2FA request — the victim reads the code they think is for verification but is actually the access key the attacker needs.
Some variants instruct the victim to 'reset' their 2FA by following an emailed link that leads to a phishing page, or to install Coinbase's 'security tool' — which is a remote access application. Coinbase does not request 2FA codes by phone and does not send unsolicited 'security tool' install links.
Common red flags
- Phone caller claiming to be Coinbase asks you to read out a 2FA code to 'verify your identity'
- Caller already knows your name and email address, which lends false credibility to the call
- Caller instructs you to install software or click a link while on the phone
- Caller warns of imminent account closure or fund seizure if you do not comply immediately
- The 2FA code request arrives on your phone at exactly the moment the caller needs it — because the attacker triggered the login
- Caller asks you to approve a transaction or 'security reset' through your Coinbase app
How to protect yourself
- Never share a 2FA code with anyone over the phone, regardless of who they claim to be — Coinbase will never ask for this
- If you receive an unexpected call claiming to be Coinbase, hang up and call back using the number listed on coinbase.com
- Enable a withdrawal address whitelist on Coinbase so new addresses require a 48-hour delay even after a successful login
- Use a FIDO2 hardware security key as your 2FA method — these cannot be phished over the phone
- Register a trusted device on Coinbase so additional verification is required for logins from new devices
How to report it
- Report the call to Coinbase at [email protected] with details of the phone number and caller claims
- File a complaint with the FTC at reportfraud.ftc.gov (US) or Action Fraud at actionfraud.police.uk (UK)
- Report the phone number to your carrier's fraud line
- If your account was accessed, contact Coinbase support immediately via coinbase.com/support to initiate a security review and freeze withdrawals
Frequently asked questions
Does Coinbase ever call users to ask for 2FA codes?
No. Coinbase will never call you and ask you to read out a 2FA code. A 2FA code is a one-time authentication secret for your use only. Any caller asking for it is attempting to take over your account.
How do scammers know my name and email before calling?
Personal details are often available through prior data breaches, social media, or third-party data brokers. Knowing your name and email does not mean the caller is actually from Coinbase.
What should I do if I already shared a 2FA code?
Act immediately. Log into coinbase.com as quickly as possible, change your password, and disable then re-enable 2FA to generate new credentials. Enable the withdrawal whitelist. Contact Coinbase support through the official site to alert them and request a security review.