Examining the intersection of cryptocurrency and government

Was this newsletter forwarded to you? Sign up here. 

Not a fan? Unsubscribe here

Welcome to State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. I’m your host, Nikhilesh De. 

Coinbase won't call customers to warn them that their accounts may have been compromised. It's a common scam vector. Still, someone tried it on me.

In this report, we lay the groundwork for our crypto pairs trading strategy by exploring why cointegration matters more than mere correlation when navigating the volatile crypto markets. In one sentence: We introduce the core idea that meaningful, long-term relationships between digital assets can create more stable and reliable trading opportunities.

Learn how applying cointegration and statistical methods can help develop concrete trading signals.

Amberdata delivers comprehensive digital asset data and insights into
blockchain networks, crypto markets, and decentralized finance empowering
institutions with the critical data required to participate in digital assets.
 
Trusted by Citi, NAB, Nasdaq, Franklin Templeton and more.

This photo has absolutely nothing to do with crypto or this story but it's late and I'm tired. In case you're wondering, this photo was taken at the new airport overlook at Charlotte Douglas International Airport, a lovely space. (Nikhilesh De/CoinDesk)

Last weekend, an unknown California number called me. A helpful gentleman informed me that my Coinbase account had been compromised during its recent data breach and he was there to assist me in not losing my assets. 

Oh no, the horror!

All right, so obviously this is a scam. Right after hanging up with this supposed help desk agent, I texted a Coinbase spokesperson to verify that at no point would the exchange call a customer to tell them their account was compromised. It's scam 101 — if you're getting a phone call informing you that your account's been compromised, whether at a crypto exchange, a bank, the IRS, whatever, it's a scam. Do not share your personal details and do not provide any passwords if you get a call like this. 

There were a few flaws in the attempt to get me to, presumably, move my funds from my supposedly compromised Coinbase account to another address. But I'm hopeful that this can be a useful teaching moment for the nearly 70,000 people who have been affected by Coinbase's recent breach disclosure, as well as anyone else who receives a phone call claiming their information has been compromised. Here's how this went down. 

Let's start from the beginning. On Saturday, May 24, I received a call from a number I didn't recognize to my personal phone, not my public-facing work number. It being a weekend, one where I was actually visiting family in another state, I didn't pick up. Then the same number called back and I still didn't pick up (yes I know, riveting, but it's 2025 and you can leave a voicemail or text). 

Ten minutes later, I received a third call from a different number, which I did pick up because at that point I was curious.

A fast-talking gentleman who called himself Riccardo told me he was part of Coinbase's Actions and Protections Department and that he was reaching out because my Coinbase account information had been compromised and a new email had just been added to my account. 

I was pretty confused, for reasons I'll get into below. But I was also intrigued because there were immediately several red flags. For simplicity's sake, I'll refer to the caller as "the agent" from here on out, but to be absolutely clear, I doubt he is an actual customer service agent, representative or other employee of Coinbase, and he certainly was not reaching out to me as an authorized representative of the exchange. 

First off, the phone call itself is a big red flag. Coinbase will never call a customer about a breach, but rather will contact customers via email, it previously said in a tweet. 

This is actually standard. The Federal Trade Commission website notes there is a vast range of scams wherein someone will call you, and numerous other companies have warnings that their employees will never proactively call a customer about account issues. 

The agent I spoke to said they would freeze my account for 24 hours to ensure no funds could be stolen (thanks, I guess?) and that a supervisor would reach out to me (I continue to wait for this supervisor to call). This supposed freeze on my account can be extended to three months if there are multiple failed login attempts. 

To wrap up the call, he said he'd send me an email summarizing all the details we'd discussed. On Saturday night, I received an email with the subject line "your case is under review." 

The follow-up email this very helpful customer service representative sent was extremely informative. 

For one thing, the email address they had associated with my account is a public-facing address, but is not the email address attached to my actual Coinbase account (in fairness, I forgot that part until I tried to find my login information a few days later).

Gmail initially (correctly) flagged this email as spam. I moved it to my inbox, where Gmail then showed me that the sender (help@info-coinbase.com) was not the actual sender — the email arrived via learnindonesian.online. Even the info-coinbase.com part is sketchy — for one thing, Coinbase's website is coinbase.com, though it does send emails from info@info.coinbase.com — still, you wouldn't expect a hyphen in a support email domain. For another, the info-coinbase domain was first created in November 2024 (according to an ICANN lookup) and isn't a real website.  

The email headers were also not super helpful in terms of providing any sort of identifying information, but they did confirm that the sender appeared to have tried to obfuscate their information. 

Curiously, the "Visit Coinbase" link at the bottom appeared to link to the actual Coinbase website and there do not appear to be any hidden embedded images or other attached files in the email at all. I'm not totally sure what's going on there. A real scammer could have embedded a virus of some sort into the email or even a tracking pixel. Another common tool scammers might use is putting in a phishing link in place of a legitimate one in an email, tricking the user into going to a website intended to steal their login information (this is not legal, technical or any other sort of advice; if you decide to try and scam somebody using information you gleaned from this newsletter, stop it). 

While scammers might sometimes know how much their intended victims have in a wallet or account, the person who called me did not appear to have that information (as I have zero crypto in my Coinbase account). 

I called the number back on Friday to see what might happen. No one picked up. I guess my account must be secure now. 

Apex 2025 — One of the Biggest Blockchain Events of the Year

Join the XRPL community in Singapore for Apex 2025. Hosted by Ripple, this three-day event features 60+ sessions on institutional DeFi, RWAs, EVM compatibility, and more.

Connect with Ripple leaders like David Schwartz and Brad Garlinghouse, explore new dApps, and network with developers, founders, and investors driving blockchain adoption. Don’t miss Apex After Hours — an exclusive experience in the heart of Singapore.

Get your ticket now with code coindesk20 for 20% off! [Register]

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at nik@coindesk.com or find me on Bluesky @nikhileshde.bsky.social.

You can also join the group conversation on Telegram. 

See y’all next week!

Crypto's Most Influential Event Returns in 2026. 

Dealmaking. Networking. Big moves. Consensus 2026 is where the industry’s top players connect, innovate, and build what’s next. Register early to lock down the best deals. 

State of Crypto: A newsletter from CoinDesk

Were you forwarded this newsletter? Sign up here. 

Copyright © 2024 CoinDesk, All rights reserved. 

169 Madison Ave., Ste 2635, New York, NY 10016, USA

See all of CoinDesk’s newsletters | Manage subscriptions