Michaela
Popular cryptocurrency exchange Coinbase has faced backlash after a series of social engineering scams over the past two months led to users losing millions, raising concerns over security vulnerabilities and fraud prevention measures.
Blockchain investigator ZachXBT revealed in an X thread that users lost at least $65 million to social engineering scams between December 2024 and January 2025. However, he cautioned that the actual figure could be significantly higher, as his findings were based on limited data, including direct messages and on-chain transactions.
The wave of phishing scams targeting Coinbase users relied on fake emails, spoofed customer service calls, and fraudulent websites designed to mimic the exchangeās interface.
Scammers would often call victims, using stolen database information to appear credible. Posing as Coinbase staff, warning users of compromised accounts, urging immediate action. Victims were then redirected to fake Coinbase websites, where they unknowingly entered credentials or approved transactions, sending funds to the scammers.
Once stolen, the funds were quickly moved through crypto bridges and mixing services, making recovery extremely difficult.
āScammers clone the Coinbase site nearly 1:1 and allow the scammers to send different prompts to the target via spoofed emails using panels,ā ZachXBT wrote.
Related: Shytoshi Kusama Schedules New Livestream Following Inaugural Broadcast
One major incident saw a victim lose around $850,000, with the stolen funds traced to a single address linked to over 25 other victims. In another case, a user was defrauded of 110 cbBTC ā Coinbaseās wrapped Bitcoin on the Base network ā valued at $11.5 million.
Additionally, ZachXBTās investigation revealed that Coinbase experienced related security breaches that went unaddressed publicly. Despite warnings from cybersecurity professionals, the platform has struggled to implement robust security measures.
Coinbase Responds
Despite the severity of the recent attacks, Coinbaseās action toward the issue have been deemed to be largely ineffective. Numerous users have reported frustrating experiences with customer support, where agents fail to respond or provide any meaningful assistance.
ZachXBT emphasized that its support system is severely lacking, especially outside of U.S. business hours. He pointed out that the company’s limited availability is problematic, as the cryptocurrency market operates 24/7.Ā
Related: Judge Allows Insider Trading Lawsuit Against Coinbase Execs
Moreover, Coinbaseās internal risk models have drawn criticism for imposing strict restrictions on legitimate accounts while failing to stop scams. The platform has also been faulted for not flagging theft addresses in its compliance tools. This allowed scammers to continue operating without detection.
As user frustrations grow, there is increasing pressure from both experts and users for Coinbase to implement urgent security reforms to address these vulnerabilities and protect its customers.
āCoinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month. Other major exchanges do not have similar panels created by scammers for fraud,ā ZachXBT wrote.
Read More
- Coinbase CEO: Exchange Would Delist Tether if Required by U.S. Law
- Brian Armstrong: Coinbase Scales Solana Amid TRUMP Token Surge
- SEC Must Justify Crypto Policy in Coinbase Legal Win
MICHAELA
Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.
