On-chain investigator ZachXBT has claimed that Coinbase users lost over $65 million to social engineering scams between December 2024 and January 2025, warning that the actual losses could be much higher.
Background
- According to ZachXBT, scammers used stolen personal information from private databases to deceive victims into thinking their accounts were compromised.
- Fraudsters impersonated Coinbase support, sending fake emails with fabricated case IDs and instructing victims to transfer funds to a Coinbase Wallet while whitelisting a specific address.
- These phishing attacks are carried out through nearly identical clones of Coinbase’s official site, allowing scammers to spoof emails and send fraudulent prompts.
- ZachXBT estimated that annual losses from social engineering scams could exceed $300 million.
- He also criticized Coinbase's security practices, claiming the exchange has failed to properly address the growing issue.
Why should you pay attention?
- Over $65 million in losses in just two months highlights the scale of phishing attacks targeting crypto users.
- Many cases go unreported, meaning the real financial impact could be significantly higher.
- Unlike other major exchanges, Coinbase allegedly does not effectively block scammer panels, making it an attractive target for fraudsters.
- Scammers often operate openly on Telegram, where phishing kits are advertised and sold.
- Coinbase has been accused of not flagging fraudulent addresses, allowing scams to persist for weeks before action is taken.
Who said what?
- ZachXBT stated:
“Scammers clone the Coinbase site nearly 1:1 and allow the scammers to send different prompts to the target via spoofed emails using panels.”
- He criticized Coinbase’s handling of the issue, saying:
“Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month.”
- Addressing security flaws, he noted:
“A Coinbase employee told people on X to stop using VPNs to avoid being flagged as suspicious, meanwhile threat actors will explicitly block VPNs from phishing sites. This shows Coinbase’s failure to diagnose the actual problem.”
- ZachXBT urged Coinbase leadership to implement stronger protections, suggesting:
Making phone number input optional for KYC users.
Introducing a beginner account type that restricts withdrawals to prevent unauthorized transactions.
Improving community education and security outreach.
Zooming out
- The rise in social engineering scams highlights the growing sophistication of cybercriminals targeting crypto holders.
- If Coinbase does not take action, it could face regulatory scrutiny over user safety and fraud prevention.
- User awareness is crucial—as phishing techniques evolve, crypto holders must be cautious of suspicious emails and links.
- With over $300 million in potential annual losses, exchanges may need to tighten security measures to prevent widespread financial damage.
