Retired Artist Scammed Out of $2M in Crypto Through Fake Coinbase Support Call

Retired Artist Scammed Out of $2M in Crypto Through Fake Coinbase Support Call

Sophisticated phishing attack targets hardware wallet holder using fake security procedures and a cloned website

New York — May 17, 2025 — A 67-year-old retired artist lost his entire $2 million crypto portfolio after falling for a highly coordinated phishing scam that impersonated Coinbase customer support. The victim, Ed Suman, a former art fabricator known for contributing to Jeff Koons’ famous Balloon Dog sculptures, now faces a financial wipeout in what experts call a textbook case of social engineering.

From Sculpture to Satoshi: A Retirement Rewritten by Deception

Suman transitioned into cryptocurrency investing after retiring, gradually building a digital portfolio of 17.5 Bitcoin (currently valued at approximately $1.8 million) and 225 Ether (worth about $549,000) — a nest egg stored on a Trezor Model One hardware wallet, long considered a safer alternative to leaving funds on exchanges.

But that protection was fatally bypassed.

In March, Suman received a text message claiming to be from Coinbase, alerting him to “suspicious account activity.” Minutes later, a man who introduced himself as “Brett Miller from Coinbase Security” called, allegedly confirming that his funds were at risk — despite being on a cold wallet.

The fraudster then led Suman through a “security check,” directing him to enter his 24-word seed phrase into a fake Coinbase webpage.

Second Strike: Final Blow Came Nine Days Later

Suman, still unaware of the fraud, received a second call nine days later from another man also claiming to be from Coinbase. Using the same technique, the attacker again convinced him to input his recovery phrase. All his assets disappeared shortly after.

The incident is part of a larger trend of scammers impersonating crypto exchanges and exploiting the lack of direct, verifiable customer service lines in Web3 finance.

Coinbase Data Breach: A Breeding Ground for Scams

The scam follows a recent data breach at Coinbase, in which customer support agents in India were bribed to leak sensitive information. The breach, which reportedly affected around 1% of Coinbase’s monthly transacting users, included names, account balances, and transaction histories.

Among those affected was Roelof Botha, managing partner at Sequoia Capital, although there’s no indication his funds were accessed. Coinbase has not commented on individual cases but stated that the rogue customer agents were terminated and that remediation between $180 million and $400 million is being planned for affected users.

Lessons from a $2M Mistake

This incident underscores the critical importance of never sharing seed phrases, even with those claiming to be from legitimate organizations. Hardware wallets only protect assets as long as the private key remains secret — and in this case, deception bypassed technology.