Coinbase Users Suffer Major Losses: A Whopping $65M Swiped, True Losses Likely Even Greater
Exposed: The Unchecked Social Engineering Scams Plaguing Coinbase Users
Over the past two tumultuous months, Coinbase users have been stung by a surge of account restrictions, seemingly tied to the company's overzealous risk models and the relentless tide of social engineering scams.
Enter ZachXBT, the popular on-chain detective, and his compatriot 'tanuki42,' the zeroShadow researcher. Together, they've unearthed a jaw-dropping revelation — at least $65 million was purloined from Coinbase users via social engineering scams between December 2024 and January 2025. The actual sum, they suggest, is probably a lot higher, given that it doesn't factor in cases reported directly to Coinbase or law enforcement.
So, how does the grand heist unfold? Criminals, masquerading as Coinbase support, create phony emails and phone numbers, through which they deceive victims into transferring funds to compromised Coinbase Wallets. The crafty scammers then whitelist fraudulent addresses.
One particularly harrowing example involved a jaw-dropping $850,000 loss, with the loot consolidated alongside assets from over 25 other victims — all linked to the address 'coinbase-hold.eth.' ZachXBT pinned these scams on Mumbai-based syndicates and online crews, lambasting Coinbase's risk models and security measures for users, which he insists have failed to stem losses of over $300 million annually to such fraud.
The Silence at the Top
The social engineering scourge isn't the only issue Coinbase's confronting; it seems the company's also been keeping quiet about a string of security incidents that haven't seen the light of day. Among these incidents are breaches involving old API keys meant for tax software, supposedly read-only permissions, but compromised.
Then there's the recent bug, which enabled verification codes to be sent to any email address, regardless of whether it was linked to an account. Lastly, $15.9 million was swiped from Coinbase Commerce in 2023, while a nefarious actor laundered $38 million from the BTCTurk heist through Coinbase in just hours.
ZachXBT lays the blame for these oversights squarely at the feet of Coinbase's leadership, who he believes have miserably failed to address systemic security issues on several fronts. Theft-related addresses remain unreported in compliance tools for extended periods, thereby hindering fraud detection. Victims often grapple with lackluster customer support, and the company's meager availability outside US business hours creates challenges for a 24/7 global market.
When compared to competitors like Kraken, OKX, and Binance, who are more effective in managing analogous risks, Coinbase falls woefully short, lacking the decisive action it needs. ZachXBT insists that the root of the problem is rooted in leadership decisions, not the actions of individual employees.
"It's high time Coinbase steps up its game. More users are losing tens of millions each month due to these scams. Other major exchanges don’t experience these security panels generated by fraudsters. While victims share in the responsibility, it's unrealistic to expect elderly individuals to grasp the intricacies of email/phone spoofing."
Don't Miss Out!
By registering a new account using this link, you'll score a whopping $600 welcome offer on Binance! That's not all, grab a $500 free position on any coin using this link with Bybit, exclusively for our site's readers!
Facebook | Twitter | LinkedIn | Telegram
- ZachXBT's investigation revealed that at least $65 million was stolen from Coinbase users through social engineering scams between December 2024 and January 2025, with the actual amount being likely much higher.
- The social engineering scams often involve criminals pretending to be Coinbase support, sending phony emails and phone numbers to deceive victims into transferring funds to compromised Coinbase Wallets.
- Despite the alarming loss of over $300 million annually due to such fraud, Coinbase's security measures for users have been criticized as inadequate by ZachXBT, who blames the company's leadership for the systemic security issues.
- Coinbase is also grappling with a series of unreported security incidents, such as breaches involving old API keys and a bug that allowed verification codes to be sent to any email address.
- In the midst of these concerns, ZachXBT is urging Coinbase to improve its cybersecurity measures and customer support, pointing out that competitors like Kraken, OKX, and Binance are more effective in managing similar risks.
