Retired Artist Loses Millions in Crypto After Fake Coinbase Call

The scam exploited a fake website and a very convincing story to trick Suman into revealing his hardware wallet’s seed phrase. Additionally, Coinbase is grappling with a major data breach that allegedly involved bribed customer service agents in India. The breach compromised sensitive user data, including that of Sequoia Capital partner Roelof Botha. This raised serious alarms about the potential compromise of other partners at Sequoia Capital, which is one of the world’s most influential venture firms. The attackers reportedly demanded $20 million in hush money. In France, authorities are responding to the spike in crypto-related kidnappings by offering enhanced police protection to crypto executives. The incidents are part of the escalating physical and digital threats targeting crypto holders around the globe. Scammers Pose as Coinbase Staff Retired artist Ed Suman, 67, reportedly lost more than $2 million in cryptocurrency after falling victim to a sophisticated scam that involved imposters claiming to be Coinbase support staff. A Bloomberg report published on May 17 revealed that Suman turned to crypto investing after retiring from a decades-long career in the art world. With a portfolio that included 17.5 Bitcoin (BTC) and 225 Ethereum (ETH), Suman stored his assets securely in a Trezor Model One hardware wallet, which is considered one of the safest options for safeguarding digital currencies offline. However, the security of that setup was upended in March when Suman received a text message warning him of alleged unauthorized access to his Coinbase account. Trezor Model One What followed was a very carefully orchestrated social engineering attack . A man who introduced himself as Brett Miller from Coinbase’s security team called Suman shortly after the message and had an uncanny familiarity with Suman’s setup, including the fact that his crypto was stored on a hardware wallet. The caller appeared highly credible, and convinced Suman that despite the wallet’s offline nature, his funds could still be at risk. He then guided Suman through a so-called “security procedure” that required entering his wallet’s seed phrase into a spoofed website that is designed to imitate Coinbase. Just over a week later, another person claiming to be from Coinbase contacted Suman and repeated the security walkthrough. By the time the call ended, Suman’s life savings in crypto were completely drained. The incident has coincided with news of a major data breach at Coinbase. The breach was reportedly carried out by bribing customer service agents in India, and resulted in hackers accessing sensitive user information including names, account balances, and transaction histories. Coinbase Data Breach Hit Top VC The recent data breach at Coinbase reportedly impacted one of the most well known figures in venture capital, which raised new concerns about the depth and seriousness of the incident. According to a May 16 report by Bloomberg, Sequoia Capital Managing Partner Roelof Botha had personal data compromised after the cybercriminals got unauthorized access to Coinbase user information. (Source: Sequoia Capital ) Although Botha has not publicly revealed his net worth, estimates suggest he controls hundreds of millions of dollars in assets. The breach not only affected him but raised serious alarms about the potential compromise of other partners at Sequoia Capital, which is one of the world’s most influential venture firms with deep investments in the tech and crypto sectors. The attackers reportedly tried to extort Coinbase for $20 million in exchange for withholding the data breach from the public, an offer the company declined. Coinbase addressed the incident in a May 15 blog post , and confirmed that a subset of users fell victim to social engineering attacks after their personal account details were accessed. The company stated that the breach stemmed from customer service contractors based in India who were subsequently fired. In a filing with the US Securities and Exchange Commission (SEC), Coinbase estimated it may have to spend between $180 million and $400 million on reimbursement and remediation for the affected users. The situation may also extend beyond Coinbase. Another Bloomberg report indicated that similar social engineering attacks were attempted against users on other major platforms, including Kraken and Binance. In the midst of the data breach, Coinbase CEO Brian Armstrong was in Washington, DC, pushing for crypto legislation that is currently under review in Congress. There is a Senate vote on a stablecoin bill expected soon and the House is evaluating a new digital asset market structure framework. Coinbase stock price over the past 24 hours (Source: Google ) Meanwhile, Coinbase’s stock fell over 7% after the breach was reported, though it has since rebounded. France Acts After Crypto-Related Kidnappings Coinbase users are not the only people in the crypto industry who are being specifically targeted by criminals. France is taking urgent steps to improve the safety of crypto entrepreneurs and their families after a surge in kidnapping attempts linked to the crypto sector. A May 16 report from Politico revealed that France’s Interior Minister, Bruno Retailleau, announced a suite of enhanced protective measures in response to the growing threat. These include priority access to police emergency lines, specialized home security evaluations, and direct safety briefings from law enforcement officials that are aimed at helping crypto professionals adopt stronger personal protection strategies. These changes were made after three alarming incidents over the past few months. Most recently, on May 13, attackers tried to abduct the daughter and grandson of Pierre Noizat, the CEO of French crypto platform Paymium. The attack took place in broad daylight, and local authorities reported that Noizat’s daughter heroically disarmed one of the attackers by seizing and discarding a weapon before managing to escape. Just ten days earlier, on May 3, police in Paris rescued the father of a crypto entrepreneur who was kidnapped and held for ransom in a €7 million ($7.8 million) extortion scheme. And in January, David Balland, co-founder of crypto hardware wallet company Ledger, was abducted from his home in central France. He was held overnight before being freed the next evening. Retailleau believes these cases may be interconnected and pledged to respond with both immediate and long-term countermeasures. This includes specialized training for law enforcement in combating crypto asset laundering, as well as engagement with the crypto industry to build tailored security protocols. Since 2014, there have been more than 150 reported cases of crypto-related robberies or kidnappings globally, with at least 23 occurring in 2025 alone. This is according to a database that is kept up to date by Bitcoin advocate Jameson Lopp . Many of these incidents are believed to stem from criminals tracking victims via public events, social media, or overt displays of wealth. Lopp warned against peer-to-peer trades with unknown individuals, showing off crypto wealth online, and wearing crypto-branded merchandise that might draw attention.

Source: Coinpaper