Gemini Users Report Targeted Phishing Attacks: How to Stay Safe in the Crypto Space

Many of the folks who have reached out to K&S about the Gemini Earn Class Action have mentioned that they’re experiencing an onslaught of targeted phishing attacks, often to email addresses that were used EXCLUSIVELY to access their Gemini account.

 

In Fall 2022 a data breach exposed 5.7m Gemini users’ email addresses and partial phone numbers. The database of user details was auctioned on hacker forums and subsequently made available for download. We’ve discovered that a distressing number of email addresses belonging to people who have contacted us are included in the breach.

Scammers have reached out to users via email, WhatsApp, social media, and phone calls / texts. These messages can be highly sophisticated and convincing, mimicking the appearance of official company communications. They may offer to help recover funds, or promise airdrops and giveaways.

This is a common scam in the crypto space and is intended to trick investors into sharing account details, at which point the scammer is able to drain funds from the targeted account.

Here are some general tips to help you avoid having your accounts compromised:

  • Know that it is highly unusual for support staff to reach out to you directly. This is particularly true if the message arrives through text, social media, or services like WhatsApp, Telegram, or Reddit.
  • Keep in mind that some scammers are able to “spoof” phone numbers. Unless you have a pre-scheduled call with a verified company representative, it’s probably best to err on the side of caution and ignore unsolicited calls, even if the caller ID indicates that it’s coming from a seemingly legitimate source.
  • Carefully examine URLs, email addresses, and phone numbers. Usually companies will list their verified support email addresses, or they may encourage a specific method of opening a support ticket. A scammer may use a URL that’s barely distinguishable from the real thing, or a convincing username.One example: Redditors recently reported that a user named “gemini_support” was reaching out to them via DM, attempting to trick them into exposing their account information with promises of helping them to recover their funds stuck on Gemini Earn.
  • Never share your password or seed phrase with anyone, even customer support. Companies will be able to access your account information within their own systems without needing to know your password or seed phrase. Real support staff at companies like Gemini should never ask you for payment, for remote access to your account, for your two-factor authentication code, or for any other personally-identifiable information.
  • Use complex, unique passwords and a password manager.
  • Follow your gut. When in doubt, don’t click, open, or answer, and definitely do not enter your username or password on any sites that are linked in the suspicious email.

If you’ve been receiving a higher-than-usual number of phishing attempts or spam calls, it may be a good idea to check whether your own account information has been compromised. You can do this through built-in security features in your browser, or by using a free online service like Have I Been Pwnd?

Crypto aside, there’s nothing we despise more than seeing everyday people swindled out of their savings by bad actors. While individuals have limited control over factors like a company’s failure to implement sufficient security, and may not be able to stop a sophisticated sim swap or hack, a little vigilance and skepticism can still reduce the chances of your information and/or funds being stolen.

If you’ve lost crypto due to a Sim Swap or hack and want to explore your legal options, please feel free to reach out to us. And as always, stay safe in the crypto space!

– K&S