Blockchain security firm SlowMist recently took to X(Twitter) to warn users about a new scam targeting cryptocurrency holders. They shared that several people have received text messages appearing to come from well-known exchanges.
These messages claim a withdrawal request was made and provide a verification code. If the recipient did not make the withdrawal, the message urges them to call a number for help.
Crypto Users Targeted By Phony “Exchange Support”
When victims call back, they hear that there was a “security breach.” The caller pretends to be from “hardware wallet support.” They then direct users to a fake website designed to steal their mnemonic recovery phrase.
Once the scammers have this phrase, they drain the user’s cold wallet. According to SlowMist, these scams have already led to losses of more than one million dollars.
The Broader Scam Landscape
In a detailed blog post, SlowMist noted that social engineering scams have surged in recent months. They highlighted on-chain investigator Zach’s update on May 7. Zah reported that more than $45 million was stolen from Coinbase users in just one week.
Over the past year, Zach’s Telegram channel and X(Twitter) account have been filled with alerts about massive thefts.
His February 2025 report revealed that between December 2024 and January 2025, scammers stole over $65 million using similar tactics. By his estimate, Coinbase users lose around $300 million each year to these schemes.
Unlike a direct hack of Coinbase’s systems, these scammers gained access thanks to insider data. They obtained user names, home addresses, contact details, account information and identification photos.
With this information, they could convincingly pose as exchange representatives. They used that trust to guide users into sending their funds to fraudulent wallets.
Ancient Ledger Device Scams Resurface
This wave of social engineering is not entirely new. Since 2021, phishing gangs have mailed out fake Ledger hardware wallets. These counterfeit devices arrive with a letter claiming that Ledger suffered a data breach.
The letter tells users to transfer their mnemonic phrases from their real Ledger devices into the new ones. Cybersecurity researcher Yu Xian of SlowMist first exposed this ploy.
By sending a fake device, scammers exploit users’ fears and anxieties. Recipients believe their current wallets are compromised because of the claimed data breach.
They then willingly hand over their mnemonic phrase to the new device. Once the scammers have this phrase, they can empty the real hardware wallet.
Ongoing Threat to Crypto Users
Social engineering attacks have become a major threat in the crypto world. As more people hold digital assets, scammers have found new ways to trick them.
These schemes often target trust in well-known exchanges and wallet providers. That trust makes it easier to fool users into taking actions that put their funds at risk.
Since early 2025, stories of Coinbase users losing millions to social engineering have spread across online forums and social media.
Community members have grown increasingly concerned about the persistence and scale of these attacks. They now stress the need for stronger security practices and better awareness of how scammers operate.
Protecting Yourself and the Path Forward
For now, experts urge users to treat unexpected messages and calls with extreme caution. Exchanges and wallet providers will never ask for mnemonic phrases or direct users to unknown websites.
Anyone who receives a suspicious message should verify information through official channels before taking any action. As the crypto industry continues to evolve, so will the tactics of those who seek to exploit it.
Also Read: Blockchain Security Firm SlowMist Warns of Fake Telegram Groups Running Phishing Scams