On-chain investigator ZachXBT recently shared data revealing that Coinbase users lose more than $300 million annually due to social engineering scams.
Over the past few months, numerous users have taken to social media to report sudden account restrictions, which ZachXBT attributed to the exchange’s aggressive risk models and a failure to mitigate ongoing scams.
The investigation, conducted in collaboration with a researcher identified as Tanuki42, analyzed Coinbase withdrawals and direct messages from victims to estimate the extent of thefts across multiple blockchain networks.
Their data suggested that bad actors stole at least $65 million from Coinbase users between December 2024 and January 2025. However, they acknowledge that this figure is likely an underestimation, as it does not account for Coinbase support tickets or law enforcement reports.
One documented case involved a victim who lost approximately $850,000. The stolen funds were traced to a consolidation address tied to more than 25 other victims, which the report labeled “coinbase-hold.eth.”
Social engineering scams
Social engineering scams typically involve attackers contacting victims via spoofed phone numbers and using personal information obtained from private databases to gain their trust.
Victims are told that their Coinbase accounts have been subject to unauthorized login attempts. The scammers then send a fraudulent email that appears to be from Coinbase, containing a fake case ID for verification.
When instructed to transfer funds to a Coinbase Wallet and allowlist an address, victims unknowingly give the scammers control over their assets. The scams are further facilitated by fake cloned Coinbase websites and sophisticated phishing panels advertised in Telegram channels.
According to the report, two main groups orchestrate the scams: individuals from ‘The Com’ and cybercriminals based in India, who primarily target US customers.
ZachXBT also highlighted a discrepancy in Coinbase’s security recommendations. While Coinbase employees have warned users against using VPNs to prevent being flagged as suspicious, threat actors explicitly block VPN access to phishing sites, enabling them to avoid detection.
According to Chainalysis, scammers stole $4.6 billion from victims through social engineering attacks between 2023 and 2024.
Alleged incidents
The report alleged that Coinbase had experienced multiple security incidents and did not publicly address them. These include hacks involving old API keys used for tax software, a vulnerability allowing verification codes to be sent to any email, regardless of account status, and a $15.9 million theft from Coinbase Commerce in 2023.
The investigators added that the stolen funds are often not flagged in compliance tools, even after weeks of theft. Victims frequently report difficulty in reaching Coinbase customer support, particularly outside US business hours.
The report also highlighted that competing exchanges, including Kraken, OKX, and Binance, do not face similar issues.
To solve these issues, ZachXBT outlined several measures Coinbase could implement to mitigate these scams, such as making phone numbers optional for advanced users who use authentication apps or security keys, introducing a beginner/elderly user account type that includes restrictions on withdrawals, with improved customer support and outreach.
In addition, the on-chain investigator suggested increasing community engagement through blog posts on fund recovery, full-time incident response, actively flagging theft addresses, and blocking phishing domains.
Despite security concerns, the report acknowledged that Coinbase has maintained several strengths, including stablecoin on/off-ramps, the development of the Base blockchain, asset recovery tools, legal opposition to the US Securities and Exchange Commission, and its custody product.
However, the report argued that more can be done to prevent financial losses for users.
With losses reportedly reaching tens of millions monthly, Coinbase faces increasing pressure to address security vulnerabilities and improve user protection. Competing exchanges have not experienced similar levels of targeted scams, raising questions about the adequacy of Coinbase’s current security measures.
Mentioned in this article
Credit: Source link
