Coinbase Users Suffer Significant Losses Due to Social Engineering Scams: Over $65 million in stolen cryptocurrency; potential for increased losses.
The Cryptocurrency Crunch at Coinbase: A Storm of Scams and Account Restrictions
Over the last two months, Coinbase users have experienced a rapid increase in account limitations, seemingly triggered by the platform's aggressive risk models and a wave of social engineering scams.
A well-known on-chain investigator going by the name ZachXBT, partnering with the researcher 'tanuki42,' has uncovered that at least $65 million was swindled from Coinbase users via social engineering tricks between December 2024 and January 2025. This staggering figure is likely an underestimate, considering it neglects cases reported directly to Coinbase or law enforcement.
These scams typically operate under the guise of Coinbase support, utilizing spoofed phone numbers and emails to dupe victims, often employing personal data sourced from private databases. Tactics involve persuading unsuspecting victims to transfer funds to compromised Coinbase Wallets and whitelist fraudulent addresses. A single incident involving stolen funds totaling $850,000 saw the stolen assets consolidated with assets from over 25 other victims, all linked to the address 'coinbase-hold.eth.' The perpetrators behind these scams allegedly hail from India and cybercriminal communities like Com.
ZachXBT criticizes Coinbase's risk models and customer security measures, claiming they've failed to halt over $300 million in yearly losses due to such criminal activities. Furthermore, ZachXBT points to several unreported security incidents experienced by Coinbase, including breaches involving outdated API keys meant for tax software and a recent bug that enabled verification codes to be sent to any email, regardless of account association.
In 2023, $15.9 million was pilfered from Coinbase Commerce, with a menacing threat actor moving $38 million from the BTCTurk hack through Coinbase in just a matter of hours. ZachXBT places much of the blame on Coinbase's leadership for systemic failures in security and customer response.
Meanwhile, some question whether Coinbase's measures are even effective. Account thieves exploiting old addresses often slip through the cracks, and users face indifferent customer support, with many receiving little assistance or follow-up communication.
Compared to competitors such as Kraken, OKX, and Binance, Coinbase struggles to manage these risks—even tackling low-level US-based threat actors with shoddy operational security remains an unaddressed issue. ZachXBT argues that the problems stem not from individual employees but rather from leadership decisions.
"Coinbase needs to make drastic changes immediately," says ZachXBT, "as users continue to lose millions every month due to these scams. Major exchanges like Kraken, OKX, and Binance don't face similar issues with fraudulent panels being created against them."
It's important to remember that victims bear partial responsibility for these scams. However, it's unrealistic to expect elderly users to remain immune to sophisticated phishing techniques. The best course of action remains securing crypto assets with multiple layers of protection, and for Coinbase, addressing internal vulnerabilities to better protect the value of users' digital investments.
In light of the ongoing crypto scams targeting Coinbase users, it's crucial to enhance cybersecurity measures, especially when it comes to wallet security. Users should be vigilant about confirming transactions and sharing sensitive information only with trusted sources, as these tactics are often used in social engineering scams.
Moreover, in an era where technology increasingly intertwines with casino-and-gambling platforms, it's essential for crypto exchanges like Coinbase to prioritize security to protect their users' digital assets and maintain customer trust.
