How do I spot a fake crypto exchange email?
Fake crypto exchange emails mimic real platforms to steal your login or trick you into sending funds to a 'verification wallet' — legitimate exchanges never ask you to send crypto to prove ownership.
Last reviewed: 10 June 2026
Explanation
Cryptocurrency exchanges are a prime target for impersonation because their users hold significant assets and are accustomed to emails about deposits, withdrawals, and account security. Fraudsters send emails that look identical to communications from Coinbase, Binance, Kraken, or other major platforms, using copied logos, fonts, and formatting.
The two most common attack types are login phishing and 'wallet verification' fraud. In login phishing, the email claims your account has been suspended, a withdrawal was initiated, or unusual activity was detected. You are directed to a fake login page that captures your email, password, and two-factor code in real time, using them immediately to log in to the real exchange and drain your account.
In wallet verification fraud, the email claims your account requires verification and instructs you to send a small amount of cryptocurrency to a 'verification address'. This is pure theft — no legitimate exchange has ever asked users to send crypto to prove wallet ownership. Ownership is verified cryptographically through the platform, never by outbound transfer.
Check the sender domain carefully. Real exchanges use their own exact domain for all communications. A sender like [email protected] or [email protected] is not from the real company. The real domains are @coinbase.com and @binance.com. If in doubt, log in to the exchange by typing the URL yourself and check the notifications section there.
Common red flags
- Sender domain is not the exchange's exact official domain
- Email asks you to send cryptocurrency to 'verify' your wallet
- Claims your account will be closed unless you act within hours
- Login link goes to a domain that is not the exchange's official website
- Requests your seed phrase, private key, or full password
- Email came without you taking any action — unsolicited security alerts
What to do now
- Do not click any links in the email
- Log in to the exchange by typing its address directly in your browser
- Check the exchange's official notification centre for any real alerts
- Enable two-factor authentication if not already active
- Report the phishing email to the real exchange's security team
- If you entered credentials, immediately change your password and 2FA and move funds to a secure wallet
Frequently asked questions
Can two-factor authentication protect me from these attacks?
Partially. Some phishing attacks capture your 2FA code in real time and use it immediately. Use a hardware key (YubiKey) rather than SMS-based 2FA where possible.
What if I already sent crypto to the verification address?
Cryptocurrency transactions are irreversible. Report the fraud to the exchange, Action Fraud, or the FTC. Recovery is not typically possible but reporting helps track criminal operations.
Should I use the same email for my crypto account as everything else?
No. Using a unique email address for your exchange account means phishing attempts targeting it are easier to identify, as you rarely receive email there.