CoinGecko CEO Exposes Fake Crypto Summit Phishing Scam

The phishing attempt, which Ong shared on social media, presented itself as a legitimate conference announcement from Booking.com, claiming the travel platform had formed a strategic partnership with Coinbase to launch a crypto travel service. The fake email invited recipients to an “Exclusive Crypto Travel Summit” supposedly scheduled for November 2025 in Dubai, United Arab Emirates, featuring an impressive but entirely fabricated roster of keynote speakers including Coinbase CEO Brian Armstrong and Ethereum co-founder Vitalik Buterin.

According to Ong’s analysis, the scam contained several obvious red flags, most notably an RSVP deadline set for September 30, 2025—a date that had already passed when the emails were circulated. This temporal inconsistency pointed to recycled or hastily constructed scam content, a common characteristic of phishing campaigns that reuse templates without proper updates. The CoinGecko CEO immediately advised anyone receiving such communications to delete them without interaction and urged Booking.com to escalate the issue to its security team.

The official Booking.com account later acknowledged the security concern in a reply to Ong’s social media post, stating: “We regret to hear that you are receiving fake emails,” and requested additional details via direct message to facilitate their investigation. This prompt response indicates the travel platform recognizes the seriousness of brand impersonation in cryptocurrency-related fraud schemes.

This Booking.com impersonation scheme is not an isolated incident but part of a broader pattern of increasingly sophisticated scams targeting cryptocurrency users. In September alone, Binance issued two separate warnings about different types of fraud affecting the ecosystem. The first alert concerned fake “listing agents” who were purportedly promising blockchain projects a spot on the Binance platform in exchange for significant fees—a scheme that preys on developers seeking exchange listings for their tokens.

Days later, Binance CEO Richard Teng detailed an even more concerning phone scam where impersonators posed as legitimate customer support agents from the exchange. According to Teng’s warning, these fake support representatives guided users through changing their account’s API settings, a technical process that ultimately allowed the scammers to drain victims’ funds from their wallets. This method demonstrates how fraudsters are leveraging technical knowledge to exploit security vulnerabilities.

The community reaction to Ong’s warning reflected widespread recognition and frustration with these evolving threats. Social media user SkylineETH commented on the increasing complexity of such schemes, writing: “appreciate the warning, these scams keep leveling up.” Another user, Kevin Lee, expressed a common concern about email security protocols, questioning whether there was a safer approach than even clicking ‘unsubscribe’ links in suspicious newsletters—a practice that can sometimes confirm active email addresses to scammers.

Bobby Ong emphasized the adversarial nature of the cryptocurrency world, noting that it requires participants to carefully scrutinize every email they receive. This heightened level of vigilance stems from the irreversible nature of most cryptocurrency transactions and the pseudonymous environment that can make recovering stolen funds nearly impossible. The prevalence of such sophisticated phishing attempts underscores why security remains a paramount concern for both individual holders and institutional participants in the crypto space.

The fake summit scam specifically leveraged the credibility of established brands like Booking.com and Coinbase, along with the star power of industry figures like Brian Armstrong and Vitalik Buterin, to create a veneer of legitimacy. This tactic of borrowing credibility through association with trusted entities and personalities represents an evolution in social engineering techniques targeting crypto users. The mention of Dubai as the event location also taps into the city’s growing reputation as a cryptocurrency hub, adding another layer of plausibility to the fraudulent invitation.

As these schemes grow more sophisticated, the responsibility falls on both platforms and users to maintain security awareness. The prompt collaboration between CoinGecko’s Ong and Booking.com’s security team demonstrates how industry cooperation can help mitigate these threats. However, as Ong himself noted, the ultimate defense lies in user education and the development of critical evaluation skills when encountering unsolicited communications promising crypto-related opportunities, especially those involving travel to major hubs like the United Arab Emirates or partnerships between seemingly unrelated major companies.