If they had come to an email client I would have exported the email as a complete file to save all that info. But this is a new email I made just to do Coinbase and I'm only accessing it via a web interface.

1 went to my inbox. I reported it as a spam email to my provider. The other went to my junk box and I set it to block. I then made sure to remove all trace of them from my account by deleted thing even from my deleted items ASAP. It was like 4 AM and just a quick knee-jerk reaction and I just went back to sleep after.

It occurred to me to maybe save them and report it to Coinbase but judging by their Reddit, I doubt it would ever get on their radar. Plus if I post the header here, it would then correlate to this forum account I have on clearnet forever for the hackers. I'm not a fan of that. Hence I'm also reluctant to say when I signed up, what email provider I used, etc.

Just to add, I tried using a VPN>Tor to signup, but Coinbase wouldn't even load so I just did it over standard https from a known uncompromised computer. Which is maybe to my advantage, as looking at the logs Coinbase keeps of account access that I can see, if I logged in with random MACs, from random countries with random IPs, they would probably lock my account and put me through ID verification hell.