Ed Suman, a 67-year-old retired artist, lost $2 million in crypto after falling for a Coinbase impersonator scam. In March 2025, he received a text warning about suspicious activity on his Coinbase account. A man calling himself Brett Miller then phoned, claiming to be from Coinbase security.
The caller said Suman’s wallet might be at risk. He instructed him to enter his seed phrase into a site resembling Coinbase. The site asked for full access credentials. Suman followed the directions. Nine days later, another caller repeated the process. After that, his Bitcoin and Ether holdings were gone.
Suman had stored 17.5 Bitcoin and 225 Ether in a Trezor Model One hardware wallet. At the time, Bitcoin traded near $103,869 and Ether at $2,507. The total value of his holdings exceeded $2 million.
Coinbase Data Breach Exposed Customer Info
Coinbase confirmed a security breach in May 2025. Attackers bribed India-based contractors to access customer data. Leaked information included names, balances, and transaction history. Coinbase said around 1% of active monthly users were affected.
Among them was Sequoia Capital’s managing partner, Roelof Botha. He declined to comment. Coinbase stated that the involved contractors were fired. Philip Martin, Chief Security Officer, confirmed the breach. The company expects remediation costs between $180 million and $400 million.
Fake Coinbase Website Collected Seed Phrase
The phishing site used in the scam looked identical to Coinbase’s interface. It copied branding, login format, and support sections. The site asked Suman to input his seed phrase — the private key for his hardware wallet.
Once entered, the attackers gained full control. Suman didn’t receive any alerts. The transfers happened quietly. By the time he checked his balance, all funds had been moved. There were no recovery updates.
The attackers likely used leaked data from the Coinbase data breach. They contacted Suman by phone and SMS, using accurate account details. They escalated the situation with follow-up calls and guided steps.
Coinbase clarified it never asks for seed phrases. The breach provided attackers enough information to impersonate official support. Suman, unaware of the breach, followed instructions. His entire crypto savings disappeared.