- Robocallers are beginning to target cryptocurrency investors, spoofing calls from Coinbase.
- Other robocallers target users of hardware wallets, like Ledger.
- These scams are particularly risky for crypto investors, as reclaiming lost assets is difficult.
"Dear Coinbase customer, your account temporarily disabled indicates that your account currently has a restriction potentially related to a security concern," said a robotic voice captured in a recording by a honeypot. "You recently attempted to withdraw 2.898 BTC worth $49,345 on a blacklisted wallet address. We require immediate attention before allowing access to your funds."
"This is a message from Ledger Nano X cryptocurrency hardware wallet," rang out another voice. "We would like to inform you that a transaction has been made on your account. The transaction amount is 2.9893 bitcoin and it was made on March 18, 2023, to a blacklisted wallet address. If you authorized this transaction please press 'one' now. If you wish to dispute this transaction, please press 'two.'"
To an unsuspecting cryptocurrency investor, these calls may seem like innocuous calls made to protect their cryptocurrency investments. In reality, the calls likely came from scammers operating overseas trying to gain access to victims' funds.
The calls were provided by Nomorobo, a premium service that screens users' phone calls to prevent them from ever making contact with scam calls. Aaron Foss, the company's founder and CEO, told Insider he estimated there were approximately 2.23 million cryptocurrency-focused robocalls that were made in the first quarter of 2023 alone.
Doug Shadel, the managing director of Fraud Prevention Strategies who works alongside Nomorobo, told Insider he's noticed several different types of scams from robocallers trying to bilk crypto investors. He said cryptocurrency scams have often become like a new-age version of gift card scams.
And while cryptocurrency schemes aren't the most prevalent robocalling scams on the market, Shadel said, "there is no doubt when they strike, they strike hard."
In one example of a similar cryptocurrency scam reported by CNBC, two investors lost $100,000 after fraudsters tricked them into handing over their two-factor authentication code.
Staying secure
Insider spoke to representatives from both hardware wallet Ledger and cryptocurrency exchange Coinbase whose users were targeted by robocallers.
Jaclyn Sales, the director of product communications at Coinbase, said the company doesn't make unsolicited calls to its users regarding the security of their accounts.
Charles Guillemet, the chief technology officer at Ledger, said the company operates in the same fashion.
"Ledger will never contact you via the phone, and Ledger will never ask you for your 24 words," Guillemet said.
The "24 words" Guillemet referred to are a string of words that act as a master key to one's crypto accounts. According to Brittany Mier y Terán, the head of business development for Harpie, a cryptocurrency protection service that's partnered with Coinbase, it's safest to hold onto the master key offline, like on paper or etched in metal.
Mier y Terán explained that it's easy to track where stolen cryptocurrency goes due to it being on the blockchain. But while it's simple to track the cryptocurrency, it's difficult to actually reclaim any lost assets.
"In a banking system or something with more regulatory authority, there's usually some sort of insurance measures that allow you to get compensated back for those assets while the institution goes out to see if they can re-obtain them. In the blockchain, you are the custodian of your own assets," Mier y Terán said.
She noted that investors in cryptocurrencies can use services like Harpie, a firewall that pulls assets out of a user's wallet if it detects an attack to protect their assets from being stolen. But once the cryptocurrency's been taken from the wallet, she said, it's difficult to get back.
"So if you do lose them and you do see where they've gone, it's very hard to get them back cause somebody else has those assets," Mier y Terán said.
David Gerard, a cryptocurrency journalist and author of the book and blog "Attack of the 50 Foot Blockchain," told Insider that given the volatility of cryptocurrencies and the propensity for scams, he thinks it's best for the "retail investor" to disengage from the assets altogether.
"A lot of ordinary people who got into crypto just lost everything in various ways or lost chunks of it," Gerard said. "And this is a lot of why I think retail investors should just keep the hell away from crypto."