In a shocking blend of art-world prestige and digital deception, retired artist Ed Suman, 67, lost $2 million in cryptocurrency to scammers posing as Coinbase support agents. The elaborate fraud fuelled by a recent Coinbase data breach highlights rising risks for crypto investors as criminals exploit stolen user data to orchestrate convincing cons.
A Retirement Dream Crumbles
Ed Suman spent 20 years crafting iconic sculptures like Jeff Koons’ Balloon Dog before retiring to pursue cryptocurrency investing. By early 2025, he’d amassed 17.5 Bitcoin and 225 Ether, nearly $2 million stored securely in a Trezor hardware wallet. “It was my safety net,” Suman later told Bloomberg. But in March, a single text message unravelled his financial future. Posing as Coinbase security, scammers warned of “unauthorised access” to his account. Within days, Suman’s savings vanished. Furthermore, Coinbase disclosed a breach exposing user data, including names and balances, after hackers bribed customer service staff in India.
The Elaborate Scam: A Two-Act Tragedy
The first call came from “Brett Miller,” a supposed Coinbase security agent. He knew Suman used a Trezor wallet, a detail likely leaked in the breach and warned of vulnerabilities. “He sounded professional, even urgent,” Suman recalled. The scammer directed him to a fake Coinbase site to enter his 12-word seed phrase, granting full wallet access. Nine days later, a second impostor repeated the ruse. By April, Suman’s wallet was empty. “I felt sick,” he said. Investigators later traced the funds to untraceable offshore accounts, leaving little hope of recovery.
Coinbase’s Security Crisis
Days after Suman’s loss, Coinbase revealed hackers had bribed India-based support staff to steal data on 6,000 users, 1% of monthly clients. Venture capitalist Roelof Botha, a Sequoia Capital partner, was among those targeted, though his funds remained safe. Chief Security Officer Philip Martin confirmed firing implicated contractors and pledged $180–$400 million in reimbursements. However, critics argue the response came too late. “This breach gave scammers a roadmap,” said crypto investigator Nano Baiter. “They knew exactly who to target.”
How the Scam Worked
The phishing site mirrored Coinbase’s login page, complete with official branding and security badges. “It looked legitimate,” Suman admitted. Once he entered his seed phrase, attackers swiftly drained his wallet. Coinbase clarified it never requests seed phrases and is cooperating with law enforcement, offering a $20 million reward for information on the hackers. Yet, for Suman, the damage is irreversible.
Public Outrage: “Never Share Your Seed Phrase”
The case ignited fury on social media. “Seed phrases are like DNA never give them out!” tweeted investor @HonestBrontoS. Others, like @the_RockDAO, questioned exchanges’ accountability: “If Coinbase can’t protect data, why trust their support teams?” Experts warn such scams are surging. “Criminals use fear tactics fake alerts, and urgent calls to override logic,” Baiter explained. Remote access tools and AI voice clones further blur the line between fraud and reality.
Protecting Your Crypto Future: Lessons from a $2M Loss
- Suman’s wallet hack shows we need more critical safeguards like:
- Never share seed phrases or passwords, even with “support” agents.
- Verify contacts independently; call official numbers or use in-app chat.
- Enable two-factor authentication and hardware wallet locks.
- Monitor accounts routinely for unauthorised transfers.
Coinbase now urges users to report suspicious activity immediately. Still, as Suman learned, vigilance is the ultimate firewall. “I thought I was safe,” he said. “Now I tell everyone: question everything.”
Response from Coinbase (Updates)-
Coinbase has addressed the matter with the following clarification, as stated in the company’s official response through mail:
- Ed Suman was not part of the victim population affected by the recent social engineering attack.
- The funds involved were held in self-custody using a Trezor hardware wallet
- This customer has not transacted on Coinbase since 2022.
Written By Fazal Ul Vahab C H
