Casa Founder Uncovers Scammers’ Targeting Tactics

A perpetrator involved in a scam targeting Coinbase users shared details of his operation in a conversation with Casa co-founder Nick Neuman.

Recently I was called by someone pretending to be Coinbase support, trying to steal bitcoin.

I decided to turn the tables on him and ask him about being a scammer.

Things got wild — he completely changed his personality & told me everything.

Presenting: To Catch a Scammer ?️‍♂️ pic.twitter.com/OZ6TQAiq5s

— Nick Neuman (@Nneuman) November 20, 2024

According to Neuman, on November 20, he received a call from someone claiming to be a Coinbase employee, who informed him of a non-existent password change request and asked him to click on a phishing link in an email. The businessman seized the opportunity to question the scammer about his work.

The scammer revealed that the scheme generates five-figure sums in dollars weekly. The process is streamlined: operators use contact details from a database that automatically includes additional information about potential victims, including their assets and positions.

To Neuman’s surprise, the primary targets of the fraudsters are advanced cryptocurrency users. The contact list includes Coinbase clients with assets of $50,000 and above. The information was sourced from the Unchained Capital database, which the scammer claimed was easily accessible.

“We don’t call the poor. Our information is taken from a database of those with $50,000 and above. We have the Unchained database, and we assume that if you’re interested in cryptocurrencies, you have a Coinbase account,” the scammer noted.

He stated that the scheme’s organizers deliberately target managers and programmers “because they have money.” Education and experience, it turns out, do not play a significant role. A sufficient percentage of advanced users fall victim to the scam to justify the effort spent finding and “processing” them.

During the conversation, it emerged that Neuman was fortunate: typically, operators have access to fake email addresses with the Coinbase domain, but on that day, due to technical issues, the scammers were without it, making the attempt less convincing.

The scammer emphasized that his task was not to get a click on the phishing link, but to persuade the victim to transfer cryptocurrency to the desired wallet.

The stolen assets were laundered through Tornado Cash, with some converted into Monero. Instead of platforms with KYC, they used hardware wallets. For conversion to fiat, intermediaries were employed.

One commentator on X noted that the call sounded staged and was surprised that the scammer readily disclosed the scheme to the head of a crypto project.

“You’re the ceo of cah-sah, whatever the fuck that is” ???

— Rob Hamilton (@Rob1Ham) November 20, 2024

The scammer mentioned that there is little time to process a contact. If something goes wrong, such as the victim not having a Coinbase account, the operator often simply hangs up.

Another user pointed out that the whole story seemed like excellent advertising for Casa, a provider of non-custodial storage solutions.

This is hands down the greatest Casa Marketing pitch I’ve ever seen

— Keags (@ProofOfKeags) November 20, 2024

Neuman assured the audience that the call was not staged and there was no deception involved.

In October, analyst ZachXBT estimated that Coinbase users had lost $100–150 million to fraudulent schemes over the past year.