Indian National Pleads Guilty to Spoofing Coinbase Site to Steal over $9.5 Million

TRM InsightsInsights
Indian National Pleads Guilty to Spoofing Coinbase Site to Steal over $9.5 Million

According to court documents filed in federal court in Charlotte, North Carolina, Indian national Chirag Tomar, 30, pleaded guilty this week to charges that he created a fake version of Coinbase's website, stealing real usernames and passwords and more than $9.5 million in cryptocurrency from hundreds of victims.

Specifically, according to the factual basis for the guilty plea filed in court, Tomar and his co-conspirators spoofed the legitimate Coinbase Pro website through the use of a similar, yet unaffiliated website URL "" When a victim would inadvertently visit, he or she would be redirected to one of many websites designed to be similar to the actual Coinbase log-in website. The victim would then login with their real Coinbase credentials which resulted in the fraudsters gaining access to those credentials. Victims would then be notified that their Coinbase account was locked and prompted to either call a phone number that was provided in order to speak to a purported Coinbase customer service representative or use the website's live chat box feature. At this point in the fraud scheme, a real password reset link was sent to the victim and the fraudulent Coinbase representative would request that the victim provide the real password-reset link from Coinbase allowing the scammer to change the victim's Coinbase account password and gain control of the victim's account. This enabled Tomar and his co-conspirators to steal millions of dollars in various cryptocurrencies. Between at least June 2021 and Tomar’s arrest in late 2023, at least 542 victims were scammed.

U.S. Secret Service was able to identify Tomar because he used an email account in his real name to communicate with co-conspirators in the fraud and kept a spreadsheet of his victims including amounts stolen. Coinbase's financial crime team worked closely with authorities on the case.

As shown in TRM’s graph visualizer, after obtaining login credentials for victims accounts, Tomar withdrew funds, sent them through a circuitous network of nonmonetary transactions, then sent the funds to international exchanges to cash out the victims’ proceeds.

In addition, authorities relied on evidence Tomar made internet searches for “fake coinbase page,” “coinbase scam,” “scams in the USA,” and “how to take money from coinbase without OTP." Tomar used the same email address to apply for his travel visa to the U.S. leading to his arrest in December 2023 when he transited through the Atlanta airport.

According to prosecutors, Tomar used stolen monies to fund a lavish lifestyle buying high end watches, luxury vehicles such as Lamborghinis and Porches, and traveling to London, Dubai and Thailand.

This is some text inside of a div block.
Subscribe and stay up to date with our insights

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Transaction Monitoring/Wallet Screening
Training Services
Training Services
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.