Fake Coinbase, Binance, or crypto exchange account phishing — fraudulent email impersonating Coinbase, Binance, Kraken, Gemini, or another cryptocurrency exchange claiming the recipient's account has been restricted, suspended, frozen, or compromised due to suspicious activity or an account review — directing them to click a link to verify their identity, provide KYC documentation, submit a government ID, or confirm account details to restore access — a credential-harvesting and identity theft attack targeting holders of potentially high-value cryptocurrency accounts

Phishing emails impersonating Coinbase, Binance, Kraken, Gemini, Crypto.com, or other cryptocurrency exchanges — claiming the recipient's account has been restricted, suspended, frozen, or compromised due to suspicious activity, an account review, or KYC verification — then directing them to click a link to verify their identity, submit a government ID, complete KYC documentation, or provide account details to restore access. Crypto exchange phishing is a high-value category because accounts may hold significant cryptocurrency balances. Key facts: (1) Coinbase is one of the top-5 most impersonated brands in financial phishing — Coinbase's 108M+ verified users (as of 2024) and high public profile make it the primary target among crypto exchange impersonations; Binance phishing campaigns are the dominant target in Asian and European markets; (2) Crypto account compromise consequences are uniquely severe: unlike bank fraud, cryptocurrency transfers are generally irreversible, there is no FDIC insurance or chargeback mechanism, and losses may be total; a compromised Coinbase account with $50,000 in BTC/ETH results in an immediate, unrecoverable loss; (3) The "withdrawal suspended" and "account frozen" lures exploit a specific crypto anxiety — exchange platforms do legitimately freeze accounts for KYC/AML compliance, creating plausible urgency in the phishing scenario; (4) Crypto exchange phishing frequently requests KYC documents (government ID + selfie) in addition to login credentials — the identity documents are separately monetizable for identity fraud even if the exchange account has no balance; (5) Legitimate crypto exchanges complete all identity verification and account security actions through the authenticated exchange platform — never via email links requesting credential entry or document submission. Warning signs: non-official exchange domain (not coinbase.com, binance.com, or kraken.com), account restriction or suspension with external link, government ID or KYC documents requested via email.