That text claiming your Coinbase account is "locked" or "pending verification" could cost you everything. Smishing attacks posing as Coinbase have exploded over the past year, and they're getting smarter, more polished, and far more dangerous. Here's what you need to know to stay ahead of the scammers.

What Is a Coinbase Scam Text?

A Coinbase scam text is a fraudulent SMS designed to look like an official message from the Coinbase exchange. Scammers send these texts hoping to trick you into clicking a malicious link, sharing login credentials, or transferring crypto to a wallet they control.

These messages often look convincing because scammers use spoofing technology to make the sender ID appear as "Coinbase" or a similar official-looking label. Some even include partial account details harvested from earlier data breaches to add credibility.

The goal is always the same: separate you from your crypto. Unlike a bank, crypto transactions are typically irreversible, which makes Coinbase users a particularly attractive target for SMS phishing, also known as "smishing."

Common Types of Coinbase Text Scams

Scammers have developed several variations of the fake Coinbase text. Recognizing them is your first line of defense.

1. Account Locked or Suspended Alerts

You receive a text stating your Coinbase account has been locked due to "suspicious activity" or a "security review." The message urges you to click a link immediately to verify your identity. That link leads to a fake login page designed to harvest your credentials and two-factor authentication codes.

2. Fake Verification Codes

Some scammers send a text that appears to be a legitimate Coinbase verification code you never requested. Moments later, you may receive a follow-up message claiming someone is trying to access your account, with a "support" number to call. This is a classic two-step scam that pressures you into acting before thinking.

3. Withdrawal or Deposit Confirmations

A text claims a large withdrawal or deposit has been made on your account, and you need to click a link to cancel or confirm. Panic drives action, and scammers count on that emotional reaction.

4. Reward or Airdrop Offers

"You've been selected for a free crypto airdrop." All you need to do is "verify" your wallet. These texts almost always lead to wallet-draining schemes or credential theft.

How to Spot a Fake Coinbase Text

Even sophisticated scams have telltale signs. Watch for these red flags:

  • Urgency and fear. Messages threatening account closure, frozen funds, or pending suspensions are designed to make you panic.
  • Suspicious links. Real Coinbase messages will only direct you to coinbase.com or its official app. Hover (don't click) to preview any URL before interacting.
  • Spelling and grammar errors. Legitimate corporate communications are proofread. Obvious typos are a major red flag.
  • Unexpected verification codes. If you receive a code you didn't request, someone is actively trying to log into your account.
  • Requests for sensitive info. Coinbase will never ask for your password, full SSN, or 2FA codes via text message.

What to Do If You Clicked the Link

If you receive a suspicious text but didn't click anything, you're already in good shape. Simply delete the message, block the sender, and report it directly to Coinbase through their official support channels.

If you did click the link or entered credentials, act fast:

  • Change your Coinbase password immediately. Use a strong, unique password you haven't used anywhere else.
  • Revoke any active sessions from your account security settings to kick out the attacker.
  • Enable or rotate your 2FA. Switch to an authenticator app or hardware key rather than SMS-based 2FA, which itself can be hijacked.
  • Contact Coinbase support directly through the official app or website — never through any number provided in the scam text.
  • Monitor your linked bank accounts for unauthorized transactions and alert your bank if anything looks off.

For US residents, you can also report the scam to the FTC at ReportFraud.ftc.gov and to the FCC, which tracks smishing complaints across the country.

How to Protect Yourself Going Forward

Defense is the best strategy in crypto. A few habits go a long way toward keeping your Coinbase account safe from scam texts and similar attacks.

First, never click links in unsolicited texts, even if they look official. Open the Coinbase app directly or type coinbase.com into your browser to verify any claim independently.

Second, use the strongest available 2FA. Hardware security keys like YubiKey or authenticator apps are far more secure than SMS verification, which is vulnerable to SIM-swapping attacks.

Third, set up a withdrawal allowlist in your Coinbase account so crypto can only be sent to pre-approved wallet addresses you control.

Finally, stay informed. Scammers evolve their tactics constantly, and Coinbase regularly updates its security guidance. Bookmark the official Coinbase security page and check back periodically for new warnings.

Key Takeaways

  • Coinbase scam texts are fraudulent SMS messages designed to steal your credentials or crypto through phishing links and fake "support" channels.
  • Common scams include fake account locks, unsolicited verification codes, and bogus airdrop offers.
  • Never click links in unexpected texts — always navigate to Coinbase directly through the app or official website.
  • If you suspect compromise, change your password, revoke active sessions, and rotate your 2FA immediately.
  • Report scams to Coinbase, the FTC, and the FCC to help protect other users in the crypto community.