Help Center Security & Scams
🛡️ Security Center

Protect yourself from scams

Scammers target crypto users. Learn how to recognize, avoid, and report fraud attempts — and keep your Coinbase account secure.

The Golden Rules

If you remember nothing else, remember these:

01

Never share your recovery phrase

Your 12 or 24-word recovery phrase (seed phrase) gives complete control of your wallet to anyone who has it. Coinbase will never ask for it. Not in support chat. Not on the phone. Not in an email. Never.

02

Never share your password or 2FA code

Your password and one-time 2FA codes are yours alone. Sharing them — even with someone claiming to be Coinbase — gives attackers full access to your account.

03

Coinbase will never call you first

Coinbase does not make unsolicited outbound calls. If you receive a call from "Coinbase," hang up. Call us back through the official number in the app if you're unsure.

04

Crypto sent is gone — verify twice

Crypto transactions are irreversible. Always double-check the recipient's address before sending. Scammers use clipboard malware to swap addresses at the last second.

05

Too-good-to-be-true = scam

Promises of guaranteed returns, "double your crypto" offers, exclusive investment opportunities, or celebrity endorsements are always scams.

06

Coinbase support only through official channels

Real support is available only via the Coinbase app and help.coinbase.com. DMs from "Coinbase" accounts on Twitter/X, Telegram, Instagram, or Discord are fake.

Common scam types

📞

Impersonation calls

HIGH RISK

Fraudsters call pretending to be Coinbase security, claiming your account has been compromised. They pressure you to "verify" your identity by providing your password, 2FA code, or recovery phrase.

What to do:
  • Hang up immediately
  • Do not call back the number that called you
  • Lock your account in the Coinbase app if you're concerned
  • Report via Settings → Contact us in the app
📧

Phishing emails

HIGH RISK

Emails that look exactly like official Coinbase messages, with logos, similar email addresses (e.g. "no-reply@coinbase-support.com"), and urgent language like "Your account has been suspended."

What to do:
  • Check the sender — real Coinbase emails end in @coinbase.com only
  • Never click links in suspicious emails — go to coinbase.com directly
  • Enable 2FA so a stolen password alone isn't enough
  • Forward phishing emails to security@coinbase.com
💌

Romance / pig butchering scams

HIGH RISK

Scammers build a fake romantic relationship over weeks or months, then introduce a "can't-miss" crypto investment. Victims are coached to invest increasing amounts before the scammer disappears with the funds.

What to do:
  • Never invest in opportunities introduced by someone you met online
  • Be skeptical of platforms not accessible outside the scammer's links
  • Talk to someone you trust before sending any funds
  • Report to the FTC at reportfraud.ftc.gov
🤖

Fake investment platforms

HIGH RISK

Fraudulent websites or apps that show impressive "returns" to lure victims into depositing more crypto. When you try to withdraw, you're told to pay "taxes" or "fees" — which don't go to any real institution.

What to do:
  • Only use regulated, established exchanges
  • Research any platform before depositing — search the name + "scam"
  • No real platform requires you to pay fees to access your own funds
🧑‍💻

Tech support scams

MEDIUM RISK

Pop-ups or calls claiming your computer is infected and you need to grant remote access. Once in, scammers can see your screen while you log in to Coinbase, and steal your credentials.

What to do:
  • Never grant remote desktop access to unsolicited callers
  • Close the browser tab — the pop-up is fake
  • Use a hardware security key where possible
🎁

Giveaway & airdrop scams

MEDIUM RISK

Fake social media posts from spoofed accounts of celebrities or Coinbase executives promising to "double" any crypto you send them. The sent crypto is never returned.

What to do:
  • Sending crypto to get more back is always a scam — 100% of the time
  • Report the post on the platform where you saw it
  • Verify any announcements on official Coinbase channels only

Secure your account — checklist

Complete these steps to significantly reduce your risk of being hacked

Enable 2-factor authentication

Use an authenticator app (like Google Authenticator) — not SMS — for stronger protection

Use a strong, unique password

Use a password manager. Never reuse passwords across sites

Add a hardware security key

A YubiKey or similar device provides the strongest form of 2FA

Review linked devices

Go to Settings → Security → Trusted devices and remove any you don't recognize

Enable withdrawal address allow-listing

Restrict withdrawals to pre-approved addresses only

Set up account activity alerts

Get notified of every login, withdrawal, and account change

Secure your email account

Your email is the key to account recovery. Protect it with 2FA too

Never store your seed phrase digitally

Write it on paper. Never screenshot it, email it, or save it in cloud storage

0 of 8 completed

How to report a scam

📱

Report in the Coinbase app

Go to Settings → Help → Contact us and select "I think my account has been compromised" or "Report a scam."

🏛️

Report to government agencies

File a complaint with the FTC at reportfraud.ftc.gov, the FBI IC3 at ic3.gov, or your state's attorney general.

📧

Report phishing emails

Forward phishing emails to security@coinbase.com and to the Anti-Phishing Working Group at reportphishing@apwg.org.

⚠️
Important: Unfortunately, crypto transactions are irreversible. Coinbase cannot reverse a completed transaction, even if it was the result of a scam. The best protection is prevention. If you've been scammed, report it immediately but understand that fund recovery is rarely possible.