Coins.ph users report phishing alerts; firm says issue resolved

Around March 7, the Android application of the cryptocurrency wallet and exchange platform started sending push notifications that when tapped, led to phishing websites, with some users reporting having received phishing emails as well.

The Coins.ph application sent out multiple push notification alerts such as “Coins.ph Security – Your account has been restricted. Verify your identity to restore full access.” and “Coins.ph Security Alert – Unauthorized access detected. Transfer funds to your secure wallet immediately.”

Clicking on the alerts would open the mobile Web browser and take the user to phishing pages with multiple URLs different from the official Coins.ph website, such as coins-ph-check-id[redacted].one, coins-kyc-[redacted].vip, coins-kyc-[redacted].digital, and verification-secure-[redacted].help.

Users such as @0xdabid on X.com shared screenshots of the phishing page.

Coins.ph confirmed phishing attacks sent to users’ email addresses on their official Facebook and X.com accounts.

While the cryptocurrency platform did not explicitly acknowledge at the time that their mobile application sent out the phishing attacks, a screenshot of one of the phishing mobile push notifications was posted in their first official security advisory about the incident.

The attacks caused much concern to the cryptocurrency platform’s users, with many of them tagging the Bangko Sentral ng Pilipinas and the Securities and Exchange Commission in Facebook comments.

Users that did not fall victim to the phishing attacks reported in Facebook comments sections that their accounts were intact.

On Tuesday, March 10, Coins.ph released a statement stating that they had resolved the incident and that it was limited to their messaging provider, and did not affect user accounts, funds, or sensitive personal data.