Retired Artist Loses $2M in Crypto as Coinbase Support Breach Fuels Targeted Scam

A 67-year-old retired artist lost over $2 million worth of crypto after falling victim to a scam linked to a recent breach of Coinbase’s customer support data.

Ed Suman, who turned to crypto investing after two decades in the art world, was contacted in early March by someone posing as a Coinbase security agent. The impersonator reached out after a text warning of “suspicious activity” on his account—despite Suman storing his funds in a hardware wallet.

The caller, identifying himself as “Brett Miller,” referenced Suman’s use of a Trezor Model One. He insisted that even hardware wallets could be vulnerable and urged Suman to complete a “security check” on a website mimicking Coinbase’s interface. Suman was instructed to enter his wallet’s seed phrase.

Nine days later, another scammer claimed the initial fix had failed and walked Suman through the same process again. Shortly after, his entire crypto portfolio—comprising 17.5 BTC and 225 ETH, valued at over $2 million—vanished.

The attackers’ knowledge of Suman’s specific holdings and wallet type raised suspicion about how they gained access to such details. It now appears the scam may be connected to a broader support breach at Coinbase, confirmed by the company on May 15.

Breach Tied to Insider Threats

Coinbase said the breach did not stem from a technical exploit but from social engineering. According to internal investigations, third-party support contractors in India were bribed into leaking sensitive user data. The information included names, account balances, transaction records, and in some cases, Know Your Customer (KYC) documents and partial Social Security numbers.

The breach was discovered through internal monitoring, though evidence suggests the campaign may have begun as early as January—months before Coinbase went public with the information.

Reports indicate that attackers also attempted to extort Coinbase for $20 million in exchange for withholding the stolen data. The exchange refused the demand.

While Coinbase says less than 1% of its monthly transacting users were affected, that still amounts to tens of thousands of customers. Among those affected was Roelof Botha, managing partner at Sequoia Capital.

Fallout and Compensation Unclear

The company estimates remediation and reimbursement costs could range from $180 million to $400 million. Coinbase has pledged to cover losses for users impacted by scams tied directly to the breach.

However, Suman told reporters he has yet to receive confirmation that he will be compensated.

He had deliberately chosen cold storage to avoid precisely this kind of loss. The experience has left him both financially and emotionally shaken, offering yet another stark reminder of the risks posed by data leaks and social engineering in the crypto world.

What It Means for You [NFA]

If you use crypto platforms, be cautious of unsolicited texts, emails, or calls—even if they sound convincing. No legitimate exchange will ever ask for your seed phrase. Always verify URLs and contact support through official channels. Storing assets in a hardware wallet reduces risks, but social engineering can still be dangerous if sensitive information is leaked. Stay alert.