CoinMarketCap Alerts Users About Staff Impersonators Seeking Private Keys

Scammers Targeting Crypto Investors: A Warning from CoinMarketCap

Scammers impersonating CoinMarketCap support members are on the prowl, targeting unsuspecting cryptocurrency investors with deceptive tactics aimed at stealing sensitive information. This alarming trend was recently highlighted by CoinMarketCap, the leading digital asset data aggregator that operates independently after its acquisition by Binance in 2021. The company has issued a stern warning to users about these malicious actors who are attempting to manipulate victims into revealing private keys or seed phrases—information that can grant complete access to their crypto wallets.

“Beware of scammers trying to impersonate CoinMarketCap members. CMC does NOT have a phone number and we will NEVER call you,” the platform emphasized in an alert posted on X (formerly Twitter) on a recent Tuesday. It urged users to authenticate any suspicious communications by checking its official support portal at coinmarketcap.com/request before proceeding with any actions.

Understanding Social Engineering Scams

This warning from CoinMarketCap comes amid a broader wave of social engineering scams. These sophisticated tactics utilize psychological manipulation, deception, and the creation of trust to lure victims into disclosing confidential information. Scammers often masquerade as representatives from exchanges or even law enforcement agencies to coerce victims into sharing their recovery phrases or signing off on fraudulent transactions.

For instance, in an alarming case reported by Cryptopolitan, North Wales Police are probing a case where a victim lost approximately $2.8 million worth of Bitcoin after being duped by a criminal impersonating a senior UK police officer. The fraudster claimed that the victim’s identification documents had been found on an arrested individual’s phone and instructed them to use a phishing link to “secure” their funds.

Unknowingly, the victim entered their 12-word wallet seed phrase on a carefully crafted spoof website, subsequently granting the scammer complete access to their digital assets. The criminal then allegedly stole and laundered the funds through various methods.

Similarly, another victim was led astray by fraudsters posing as a hardware wallet and exchange support team, resulting in the loss of 783 Bitcoins. Investigations traced the laundered funds back to a crypto tumbler service called Wasabi Wallet.

The Role of Data Leaks in Scams

Experts like blockchain security investigator ZachXBT suggest that the recent surge in impersonation scams can be attributed to the prevalence of personal data leaks from major firms. With an arsenal of real names, email templates, and case numbers from valid accounts, attackers gain an alarming level of authenticity when posing as legitimate customer service representatives.

“Large-scale breaches have exposed massive amounts of personal data, making it easier for threat actors to impersonate trusted institutions,” ZachXBT noted. He explained that attackers are leveraging these leaks to establish trust with potential victims before executing their schemes.

A report from TRM Labs disclosed that in the first half of 2025, a staggering $2.1 billion was reported stolen through various hacks and exploits. Notably, over 80% of these losses stemmed from compromised private keys or seed phrases—a testament to the effectiveness of social engineering tactics and insider risks. The average size of these breaches dramatically increased, reaching $30 million, which reflects the evolving nature of threats faced by investors in the crypto realm.

Coinbase and the Ripple Effect of Scams

Impersonation scams aren’t limited to CoinMarketCap; they have also struck Coinbase, the largest cryptocurrency exchange in the United States. On May 15, Coinbase confirmed that criminals accessed personal data from tens of thousands of its customers. Fortunately, the exchange reassured users that its crypto vaults remained secure, but the leaked data allowed fraudsters to impersonate Coinbase’s support staff and make direct contact with users.

Many victims were led to believe they were transferring their funds to “safe” wallets when, in reality, they were sending their assets straight to the scammers. Data from ZachXBT estimated that Coinbase users collectively lost over $65 million during a surge of social engineering schemes between December 2024 and January 2025, underscoring how many incidents go unreported.

In one notorious example shared by ZachXBT, scammers utilized leaked customer information to warn a victim of unauthorized login attempts on their account. They followed up with an email, disguised as an official Coinbase message, featuring a forged case number. The email directed the victim to transfer their funds to a “Coinbase Wallet” address, which was, unbeknownst to them, controlled by the thieves.

As the cryptocurrency landscape continues to evolve, the tactics employed by scammers grow increasingly sophisticated, highlighting the importance of vigilance and awareness among investors.