Disclaimer: This article is for informational purposes only and does not constitute financial advice. BitPinas has no commercial relationship with any mentioned entity unless otherwise stated.
📬 Get the biggest crypto stories in the Philippines and Southeast Asia every week — subscribe to the BitPinas Newsletter.
This is a developing story and will be updated.
Users of the locally licensed crypto exchange Coins.ph are reporting receiving unauthorized push notifications from the exchange’s mobile app that redirect them to a malicious website.
The Phishing Vector: In-App Notifications
Multiple users on social media platform X and the exchange’s official Telegram group have documented receiving alerts titled “Coins.ph Security Alert” or “Urgent Identity Verification” through the app’s native notification system.
Screenshots shared by users, including X user @0xdabid, show a push notification titled “Coins.ph Security Alert” or “Urgent Identity Verification,” which warns them that their accounts are at risk of suspension due to unusual activity or new Anti-Money Laundering (AML) regulations.
Upon clicking the notification, users reported being routed to a malicious website that mimics the Coins.ph interface. The site prompts users to “Verify Now” and subsequently asks them to connect a web3 wallet such as MetaMask, Rabby, or Coinbase Wallet, or manually transfer funds to a “secure” address.
Another user, @2fast2fausty, detailed the sequence: “Sent a Push notif asking me to verify my account. Led me to a browser page, asking me to link a Crypto wallet”.
Confusion on Communication Channels
The incident has caused confusion within the community, because ther users received the alert via notification from Coins.ph mobile app.
In the official Coins.ph Filipino Telegram group, user “1terabyt3” noted, “Wla email sakin notif lang sa app” (I received no email, just a notification on the app).
Coins.ph Response
Coins.ph has acknowledged the reports and issued a security advisory.
In a message on their Telegram channel, the exchange stated: “We are aware of phishing emails currently circulating that appear to be from Coins.ph. Please do not click any links… Our team is actively investigating this matter”.
However, as reports of the push notification vector grew, Coins.ph community managers provided further clarification:
“Please don’t click on any links for now. We are further investigating the issue internally right now. Sorry about this,” wrote Cici Han, a member of the Coins.ph team, addressing users in the group chat.
User Advisory
Community members are advising all users to exercise extreme caution:
- Do not click on any push notifications or links demanding urgent verification.
- Do not connect any external Web3 wallets (MetaMask, etc.) to websites claiming to be Coins.ph.
- Verify status by opening the app directly (without clicking the notification) or checking official social media channels.
This is a developing story: Breaking: Coins.ph Users Report Suspicious In-App Push Notifications Leading to Phishing Sites; Exchange Investigating
What else is happening in Crypto Philippines and beyond?
Other Articles
How Will BTC’s Price React?
No Comment! Be the first one.