Send phishing emails from OFFICIAL Coinbase domain (real, NOT spoofing)

[tainted_l0ve]

Not relevant

 

[tainted_l0ve]

Still working as of 15.12.24.

Some questions I received over PMs

Q: How come you're not using this yourself?

Although I very much could, I am not into draining, and 2) this method requires funding your CB account. The amount of emails you can send is tied to your balance.

Q: So I need to have funds in my account?

Yes. The minimum I could get Coinbase to generate such phishing emails for, is $1 per email. So if you want to send 200 emails, you will need ~$200 in your account. Theoretically, this money can be returned to your account in 30 days, but I only tested with a new account. If you have an aged one, these limits might be lower or cancelled altogether. Still consider, this an exploit for the privilege of using CB's email server at $1.

I'm open to tests (paid).

Also, totally not a tactic, but I'm going to raise the price on this soon. I don't know anyone who offers something like this. Get in touch if you're interested.

 

[0xtsar]

We discovered a vulnerability in Coinbase platform that allows sending phishing emails from official Coinbase domain.

Caveat: this works only on non-Coinbase associated emails. If email is already CB user, it will not work. Other email accounts that have not been associated with CB - works 100%.

You can insert text of your choosing up to 120-200 characters, including links.

Suggestion for use: send crypto target email that they won some kind of prize, or that there is a transaction pending and they have to go to your phishing link to claim it. Many possibilities, use your imagination or ask us for more ideas ;-)

Again, this is NOT spoofing Coinbase[.]com. This email comes from the real, official CB domain and inboxes immediately.

[+] We are open to demo this vuln for users with rep. You must have a verified Coinbase account for this.
Non-rep users, one mail test fee of $75
[+] Guarantee/deposit more than welcome.

I DON’T wanna waste my Time on bullshit, can i have a test before? You send just one email with coinbase

 

[tainted_l0ve]

I DON’T wanna waste my Time on bullshit, can i have a test before? You send just one email with coinbase

All tests and questions welcome in DM.