The post $20M Coinbase Scam Busted: Crypto Users Tricked by Fake Websites! appeared first on Coinpedia Fintech News Coinbase just helped take down a million-dollar global crypto scam, but not without catching some heat of its own. In a major coordinated effort, the crypto exchange worked with U.S. authorities to stop a phishing operation that stole more than $20 million in crypto using fake versions of its own website. This was a polished, persistent setup with dozens of phishing domains targeting Coinbase users across the world. Phew! At the center of it all was Chirag Tomar, now convicted for running a scheme that tricked victims into handing over sensitive login info – and watching their funds disappear within minutes. But just as Coinbase celebrated the win, a few tough questions started circling. Let’s unpack it all. The Copy-Paste Scam That Fooled Everyone It started back in mid-2021. Victims were lured to lookalike websites like coinbasepro.com and other fake domains. These sites were designed to mirror the real thing almost perfectly. Once someone logged in, they’d usually get a phone call from someone pretending to be Coinbase support. From there, the scam kicked into full gear – phishing for 2FA codes, guiding victims to install remote access tools, and draining wallets before anyone knew what hit them. One person lost $240,000 in just a few minutes. Others had their entire holdings wiped out. “Crypto leaves a permanent, traceable trail,” said Paul Grewal , Coinbase’s Chief Legal Officer. That transparency helped law enforcement follow the stolen funds, even as they were funneled through crypto wallets and spent on luxury goods in different countries. Eventually, it led them to Tomar. He was arrested at the Atlanta airport in December 2023 and sentenced to five years in prison after pleading guilty to conspiracy to commit wire fraud. Victory or Distraction? Coinbase’s Own Crisis Builds Coinbase may have helped close a case that’s been in the works for years, but the timing is complicated to say the least. Just a day before announcing the takedown, Coinbase was hit with a class-action lawsuit over a recent data breach – one that exposed user info and led to a $4.5 million fine from the UK’s Financial Conduct Authority. The lawsuit claims the breach involved an insider threat and that Coinbase failed to warn users about the risk. The company allegedly refused a $20 million ransom before turning to law enforcement for help. A Breach in Public Trust This story is a reminder of two things: crypto’s transparency can be a powerful tool for justice – but trust remains fragile. The scam worked not because of technical flaws, but because people believed what they saw and heard. The websites looked legit. The fake support agents sounded convincing. And once users gave up control, the damage was instant. The lesson here? Be skeptical. Real support won’t ask for 2FA codes. Double-check URLs. Don’t let urgency cloud your judgment. This case may be closed, but the questions it raises about crypto security, trust, and transparency are far from over.
