Fake Coinbase QR-Code Quishing Scam
Fraudsters print or send fake QR codes styled with Coinbase branding that link to phishing pages mimicking Coinbase's login portal or a fake 'crypto ATM deposit' interface, harvesting exchange credentials or directing victims to send funds to attacker-controlled wallets.
Part of: Quishing: Physical Payment Point QR Code Scams
Last reviewed: 8 June 2026
QR codes have become a common interface in cryptocurrency — they encode wallet addresses, payment requests, and app links in a scannable format. Coinbase itself uses QR codes within the app for address sharing and in-person crypto transactions. Criminals exploit this familiarity by creating malicious QR codes that mimic Coinbase's visual identity and are distributed in contexts where victims expect to interact with Coinbase.
Common distribution channels include fake crypto ATM instructions — where a sticker over a legitimate crypto kiosk's QR prompts the user to visit a fake Coinbase portal to 'register their wallet' — and social media posts claiming a Coinbase QR code must be scanned to 'receive' a purchased asset. Physical stickers at crypto conferences and fintech events have also been used.
Because a QR code's destination is invisible until scanned, and because Coinbase's branding is recognisable, victims do not question the process until it is too late.
How this scam works on the Coinbase brand
Real Coinbase QR codes link only to coinbase.com subdomains or open the official Coinbase app. The app uses QR codes for wallet-address sharing and device pairing within the official flow — not for web-based login prompts or payment registration steps that appear outside the app.
The quishing attack: a victim at a crypto ATM scans a QR code that should initiate a transaction. The QR has been overlaid with a fraudster's sticker. The scanned site presents a convincing Coinbase-branded portal asking for account login credentials or asking the user to send a 'test payment' to verify wallet connection. Credentials entered are harvested; test payments sent are simply stolen.
A digital variant circulates on Twitter and Telegram: a post claims that scanning the included Coinbase QR code will 'receive' a airdrop or promotional credit. The QR leads to a phishing login page or a wallet-connect drainer.
Common red flags
- A QR code at a physical location or in a social-media post asks you to log in to Coinbase via a browser page, not through the Coinbase app
- The QR links to a site that is not coinbase.com
- The page asks for your Coinbase password and 2FA code after scanning
- A physical QR-code sticker at a crypto ATM looks like it may have been placed over an original
- The QR is presented alongside claims of receiving free crypto, an airdrop, or promotional funds
- The 'coinbase' domain in the URL has extra characters, hyphens, or subdomains that are not standard (e.g. coinbase-login.net)
How to protect yourself
- Only log in to Coinbase through the official Coinbase app or by navigating directly to coinbase.com in your browser
- Before scanning a QR code at a crypto ATM, inspect it for sticker overlays — run your finger across it to feel for a sticker edge
- Check the URL that a QR code resolves to before entering any credentials
- Never send a 'test payment' or verification fee to receive cryptocurrency — this is always a scam
- Use Coinbase's in-app QR sharing for your own wallet address rather than third-party generated codes
- Report suspicious QR codes at public crypto infrastructure to the venue and to Coinbase
How to report it
- Report the phishing URL to Coinbase at help.coinbase.com
- Submit the malicious URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish/
- Report physical tampered ATMs to the ATM operator and to local law enforcement
- File a report with the FTC at reportfraud.ftc.gov
- Report to IC3.gov (US) or Action Fraud 0300 123 2040 (UK)
Frequently asked questions
Is it safe to scan QR codes at legitimate crypto ATMs?
Legitimate crypto ATMs generate QR codes as part of their own flow — the kiosk's screen shows the address to send to, and the kiosk software generates the QR. The risk arises when a physical sticker has been placed over the legitimate screen or printed material. Always inspect QR codes at ATMs for signs of tampering.
How can I check where a QR code links before following it?
Most modern smartphone cameras display the URL that a QR code encodes before you open it. Read the domain carefully. If it does not exactly match coinbase.com, do not proceed. Some QR-scanner apps also provide a preview and risk assessment.
What if I entered my Coinbase credentials on a fake page?
Change your Coinbase password immediately, then change the password for your Coinbase-linked email account as well. Enable an authenticator-app 2FA if you have not already. Review your account's recent login sessions in Security settings and revoke any you do not recognise.