Users of Coins.ph were targeted in a phishing campaign in early March 2026 after attackers exploited a compromised third-party notification service to send fraudulent security alerts through channels that appeared legitimate.

Reports of the incident surfaced around March 7, prompting the company to issue public advisories warning users about suspicious messages posing as official security notifications.

The incident affected users primarily in the Philippines, where Coins.ph operates as a Bangko Sentral ng Pilipinas–licensed cryptocurrency exchange and digital wallet platform.

Importantly, the company said the attack did not involve a breach of its core systems or customer funds.

Fake Security Alerts Sent to Users

According to reports, affected users received push notifications and emails that appeared to originate from Coins.ph.

Many of the messages carried urgent titles such as:

• “Coins.ph Security Alert”
• “Urgent Identity Verification”

The notifications claimed that users’ accounts were at risk due to suspicious activity or anti-money laundering compliance checks.

Recipients were instructed to follow links directing them to external websites designed to mimic the official Coins.ph platform.

These phishing pages attempted to trick users into:

• connecting cryptocurrency wallets such as MetaMask
• transferring digital assets to so-called “secure” wallets
• submitting personal or KYC information.

Security experts say the scam relied heavily on social engineering, exploiting user trust in notifications that appeared to come directly from the official app.

Compromised Vendor Behind the Incident

Coins.ph CEO Wei Zhou confirmed that the incident was traced to a compromised third-party vendor account used to distribute notifications and emails.

Because the attackers gained access to a legitimate communication channel, the messages appeared authentic to recipients.

However, the company emphasized that the issue was limited to the notification system and did not involve unauthorized access to the exchange’s infrastructure or customer accounts.

No widespread losses or system compromises have been reported as a result of the campaign.

Platform Response

Following the reports, Coins.ph issued security advisories across its official communication channels, including social media and support portals.

The company said it has taken several steps to mitigate the threat, including:

• blacklisting wallet addresses linked to the phishing operation
• strengthening internal monitoring and safeguards
• warning users to ignore suspicious messages.

Coins.ph also reiterated that official communications never ask users to provide passwords, one-time passcodes, or transfer funds to external wallets.

Users were encouraged to report suspicious messages to the company’s support channels.

Safety Guidance for Users

Security experts recommend several precautionary steps for users of crypto platforms.

These include:

• avoiding links in unexpected notifications or emails
• accessing accounts only through the official Coins.ph app or website
• enabling two-factor authentication (2FA)
• regularly monitoring account activity.

Users can also verify official communications using Coins.ph’s Coins Verify tool, designed to confirm legitimate messages from the company.

A History of Crypto Security Incidents

While the latest incident did not involve a direct system breach, Coins.ph has previously faced security-related challenges common in the fast-growing cryptocurrency sector.

Notable incidents include:

• a December 2024 hack of the platform’s social media account, used to promote a fake token scam
• an October 2023 exploit involving the theft of approximately 12.2 million XRP, later linked to insider access
• a November 2023 data breach that exposed limited user information but did not affect funds.

These incidents highlight the persistent risks facing cryptocurrency platforms operating in high-adoption markets.

Rising Phishing Threats in the Philippines

Cybersecurity analysts say phishing attacks targeting Filipino users have increased sharply in recent years.

Reports indicate that phishing websites targeting users in the country surged more than 400% in 2025, fueled by growing digital finance and cryptocurrency adoption.

Common tactics include:

• spoofed notifications and emails
• SMS phishing (“smishing”)
• fake websites promoted through search engine manipulation
• social engineering schemes tied to investment or romance scams.

The Philippines is considered one of the fastest-growing crypto markets globally, but the surge in digital asset adoption has also made users more vulnerable to online scams.

The phishing campaign targeting Coins.ph users underscores the security risks posed by compromised third-party systems and social engineering attacks. While the company says its core platform and customer funds remain secure, the incident highlights the importance of user vigilance as cryptocurrency adoption continues to grow in the Philippines.

‍