Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124

Ed Suman, a 67-year-old retired artist with a background in high-profile art fabrication, lost over $2 million in cryptocurrency to a sophisticated scam. His retirement savings, primarily held in Bitcoin and Ether, were stored in a Trezor Model One hardware wallet, a device typically considered secure.
The scam began with a text message seemingly from Coinbase, warning of unauthorized account access. This was followed by a phone call from an individual claiming to be a Coinbase security staffer named Brett Miller. The scammer displayed a surprising level of knowledge, correctly identifying Suman’s use of a hardware wallet. He then convinced Suman that his wallet was still vulnerable and guided him through a fraudulent “security procedure.” This involved entering his seed phrase – the crucial recovery key for his wallet – into a convincingly realistic imitation of the Coinbase website.
This process was repeated nine days later by another caller, also posing as a Coinbase employee. After the second call, Suman’s entire cryptocurrency portfolio was emptied. This incident highlights a growing threat: scammers actively impersonating legitimate cryptocurrency exchange support staff to steal user funds.
The timing of the scam is particularly noteworthy, occurring shortly after Coinbase publicly disclosed a significant data breach. Attackers bribed customer support agents in India to access sensitive user information, including customer names, account balances, and transaction histories. Coinbase confirmed that approximately 1% of its monthly transacting users were affected. While the breach impacted prominent figures like venture capitalist Roelof Botha, there’s no indication that his funds were compromised.
Coinbase responded by firing the implicated customer service agents and announced plans to spend between $180 million and $400 million on remediation and user reimbursements. This case serves as a stark warning about the risks associated with cryptocurrency investments and the importance of heightened vigilance against sophisticated phishing and social engineering attacks. The incident underscores the need for users to exercise extreme caution when interacting with individuals claiming to represent cryptocurrency exchanges or other financial institutions. Independent verification of contact information and suspicion of any unsolicited requests for sensitive information are crucial safeguards.