AnyDesk Scam: How Shared-Screen Crypto Support Drained $18K

The shared-screen scam

July 2025. A holder in Miami clicks a "verified" customer service account on X that responded to her complaint about a delayed Coinbase deposit. The account claims to be "Coinbase Premium Support" and walks her through "verifying her account" by installing AnyDesk so the agent can "check the issue from her side."

The agent's first action after gaining remote access: open the Coinbase tab, click Send, enter a wallet address, and trigger the SMS 2FA. He then asks her to "read the verification code aloud so I can confirm the system received it." She does. 18,000 USDC leaves the account in three transactions.

Why remote-desktop scams keep winning

Remote-access software (AnyDesk, TeamViewer, Chrome Remote Desktop) is legitimate. Most adults have used it at work. The scammer leverages that familiarity. Once installed, the attacker has full keyboard and mouse access — they can move your mouse to make it look like you are clicking — and they can see your screen, including any 2FA codes that pop up.

The three non-negotiables

• No legitimate exchange support ever asks to install remote-access software. Not Coinbase, not Kraken, not Gemini, not Binance.US. The request itself is the proof of fraud.
• Never read a 2FA code aloud. The code is a one-time password. If anyone has it, they can log in as you. Period.
• "Verified" on X is not vetted. Anyone with $8/month and a name match gets a blue check. The check is not a business-legitimacy verification.

If you already installed AnyDesk

Uninstall it now. Then change passwords for every account accessed during the session — exchange, email, cloud storage. Enable a hardware security key (YubiKey) on the email and exchange accounts; SMS 2FA is no longer enough after a remote-desktop compromise because the attacker may have changed phone-recovery settings. Then move funds to a fresh wallet you generated on a different device.

The 30-second mental checklist

Before installing any remote-access tool: ask yourself if the person asking is someone you can identify by their actual name and employer. If the answer is "the customer service bot on X," close the tab.