Did you receive an alarming email from ‘Coinbase’? Did you panic and click? Maybe it was late and you were distracted. Maybe the email looked completely legitimate. Not sure if the email was even real? Check our guide on how to spot Coinbase phishing emails.
It doesn’t matter how it happened. What matters now is how quickly you move.
Phishing attacks on crypto users are designed for speed. The moment you submit your login details on a fake site, someone on the other end may be attempting to access your account in real time. Every minute counts.
Here’s exactly what to do. The steps below are ordered by urgency, do them in sequence.
Change Your Password Right Now
Don’t finish reading this article first. Open a new browser tab, type coinbase.com manually (not from any link), and change your password immediately.
Use something completely new, not a variation of your current one, not a password you use anywhere else. At least 16 characters, mix of letters, numbers, and symbols. If you are stuck, we got you covered with a Password Generator.
Do not use any link from the suspicious email to do this.
Force-Logout All Active Sessions
Coinbase lets you revoke access for all devices at once from your security settings. Do this immediately, it will kick out anyone who may have already logged in.
Check What Happened to Your Account
Once you’re back in with a new password, look at everything. If you see unauthorized transactions, document them with screenshots before doing anything else. You’ll need this for reporting.
Reset or Enable Two-Factor Authentication
If you had 2FA enabled, reset it now. There’s a chance the attacker captured your code and is still working with it.
If you weren’t using 2FA, enable it today.
One important note: use an authenticator app (Google Authenticator, Authy) rather than SMS. Text-based 2FA can be bypassed through SIM swapping, where attackers convince your carrier to transfer your phone number to a device they control. Authenticator apps aren’t vulnerable to this.
Authy
Not vulnerable to SIM swaps
Works offline
Carrier can be deceived
Number can be redirected
Better than nothing, but barely
Contact Coinbase Through Official Channels Only
Go to help.coinbase.com or use support through the official app. Do not call any phone number or reply to any email address from the suspicious message, those are controlled by the attacker and designed to keep you in their hands.
When you contact support, explain what happened and ask them to flag your account for any suspicious activity they might see on their end.
Report the Phishing Attempt
Forward the phishing email to [email protected]. This helps Coinbase track active campaigns and get fake domains taken down faster.
Also report it to your email provider, there’s usually a “report phishing” option in the message menu. And if the scam came through SMS or social media, report it on that platform directly.
Check Your Other Accounts
If you used the same password elsewhere, like email or other exchanges, change those too. Attackers often try stolen credentials across multiple services immediately.
Check your email account, especially carefully. If they got into that, they can reset passwords for everything else connected to it.
Did You Install Something?
If you downloaded or ran any file from the suspicious email, the situation is more serious. Run a full malware scan with your security software immediately. If you don’t have any, Malwarebytes has a free version that’s effective.
If you gave someone remote access (TeamViewer, AnyDesk, or similar), disconnect immediately and assume the device is compromised. Change passwords from a different, clean device.
If Funds Were Already Stolen
This is the hardest part: cryptocurrency transactions are irreversible. If funds were transferred out before you took action, recovery through Coinbase is not possible.
You should still report it, to Coinbase, and to your local cybercrime authority. Reporting creates records that help investigators track patterns, even if individual recovery isn’t realistic.
After the Crisis: Protecting Yourself Going Forward
Once you’ve dealt with the immediate threat, a few lasting changes will significantly reduce your risk.
Can a VPN Actually Help Against Phishing?
A VPN won’t stop a phishing email from landing in your inbox, but it does add a meaningful layer of protection around what happens before and after.
Here’s what changes when you have a VPN running:
A Note on Why This Happens to Everyone
Falling for a phishing attack isn’t a sign of carelessness or lack of knowledge. These attacks are professionally designed by people who study exactly which emotional triggers override critical thinking.
Fear and urgency work because they’re supposed to, your brain prioritizes fast action under threat. Sophisticated phishing exploits that instinct. Security professionals with years of experience have been caught by well-crafted attacks.
The goal going forward isn’t to feel bad about what happened. It’s to build habits that make you a harder target: pause before acting, verify before clicking, navigate manually when anything feels sensitive.
You already know more now than most people who’ll receive the same email tomorrow.
- Roksolana KogutRoksolana dives deep into online privacy, security, and the tools that make the internet work better for everyone. She has a natural taste for taking technical subjects and making them feel approachable, useful, and worth reading.
