I lost over $50,000 from a DApp phishing scam in Coinbase Wallet
Updated: Feb 22, 2022
When Rambutan saw the earnings on his brother-in-law's Coinbase Wallet account from joining a mining pool, recommended to his brother-in-law by an individual he only met on Facebook [scammer profile here], Rambutan was intrigued. New to cryptocurrency in general, he did some research before downloading both Coinbase and the Coinbase Wallet apps from the Google Play Store to start his journey in crypto investing. When he and his brother-in-law transferred large amounts into their Coinbase Wallet, Rambutan assured his sister that it was akin to putting money in one's own wallet: no one could take it out without one's own permission. Or so he thought.
A few days ago, all my money, $58,797, in my Coinbase Wallet was drained from my wallet without me knowing about it until I opened my wallet.
I believe Coinbase Wallet users can easily get phished to give a DApp (Decentralized Application) to take control and grant spending permission to an external entity.
My empty wallet 😢
Contacting Coinbase/Wallet Support, which was the only way I knew to reach them, was not helpful. All Coinbase said was that I may have leaked the recovery phrase to the scammers, without looking into the details I provided.
I found a recent review on Google that I thought describes the situation really well.
A recent user review on the Google Play Store
What happened to me
My brother-in-law showed me his Coinbase Wallet a few weeks ago after he joined a mining pool and they were giving out Ethereum every day. He is also a Coinbase user, so he showed me the Coinbase app I needed to download. I was new to crypto, so I installed both the Coinbase and Coinbase Wallet apps from the Google Play Store to my Android phone and started my journey.
Reading about Coinbase Wallet from Google's search results, it is considered one of the most secure wallets out there:
Thus, I chose to install Coinbase Wallet as my first crypto wallet to start mining, with full trust in the app. Here's the version of Coinbase Wallet that I had installed:
Coinbase Wallet version 25.8.398
The "mining pool" I joined is a DApp with the address u2e-free.com. This address is only accessible using a DApp browser inside the wallet (or with a wallet browser extension, which I found out later).
The DApp u2e-free.com
The DApp also has a promotional website here: https://u2e-free.vip/, where for the first 10 days, the DApp gave out Ethereum as expected. It was a large profit, so I transferred a lot of Tether (USDT) to my wallet. The more USDT I had in my wallet, the higher the yield.
The big "profit" rates (per day)
I was totally confident with Coinbase Wallet's reputation, ignoring the suspicion of the unrealistic high profit. I believed that as long as money stays in my safe Coinbase Wallet and no one else knew my recovery phrase, it could not be taken out without my approval. I was wrong. All my money drained from my Coinbase Wallet through this transaction: https://etherscan.io/tx/0x28fe570dc54f6432db9fd7b7fce68083c081f9eff69c8334a30c9077d22e775c
The transaction where my money was stolen
Reviewing the transaction, there was something that does not look right: the address that interacted with the USDT contract (highlighted in orange) is not the same address with my address (highlighted in yellow).
How can another address drain my wallet? Thus, I looked further and found a transaction that granted Authorized Spender permission in a Smart Contract to an external entity: https://etherscan.io/tx/0x5d3b28977f2f9b591f705bd24eeb777d50b9c35dd19cc3bf80223377f7072f7f
My Coinbase Wallet granted Approved Spender permission to an external entity to spend unlimited USDT in my wallet after I tapped Confirm. Notice that there is $0 at risk because the scammers took it all in one go.
I looked further into what that entity is doing and discovered that the entity is draining money from a lot of other wallets too.
The "spender" is draining a lot of wallets, including mine (highlighted)
Reviewing one of the addresses where that entity transferred money to, we can have some ideas on the amount of money that were taken. This entity has been active since 10/16/2021 and is currently draining people's wallets.