Michaela
Popular cryptocurrency exchange Coinbase has faced backlash after a series of social engineering scams over the past two months led to users losing millions, raising concerns over security vulnerabilities and fraud prevention measures.
Blockchain investigator ZachXBT revealed in an X thread that users lost at least $65 million to social engineering scams between December 2024 and January 2025. However, he cautioned that the actual figure could be significantly higher, as his findings were based on limited data, including direct messages and on-chain transactions.
The wave of phishing scams targeting Coinbase users relied on fake emails, spoofed customer service calls, and fraudulent websites designed to mimic the exchange’s interface.
Scammers would often call victims, using stolen database information to appear credible. Posing as Coinbase staff, warning users of compromised accounts, urging immediate action. Victims were then redirected to fake Coinbase websites, where they unknowingly entered credentials or approved transactions, sending funds to the scammers.
Once stolen, the funds were quickly moved through crypto bridges and mixing services, making recovery extremely difficult.
“Scammers clone the Coinbase site nearly 1:1 and allow the scammers to send different prompts to the target via spoofed emails using panels,” ZachXBT wrote.
One major incident saw a victim lose around $850,000, with the stolen funds traced to a single address linked to over 25 other victims. In another case, a user was defrauded of 110 cbBTC — Coinbase’s wrapped Bitcoin on the Base network — valued at $11.5 million.
Additionally, ZachXBT’s investigation revealed that Coinbase experienced related security breaches that went unaddressed publicly. Despite warnings from cybersecurity professionals, the platform has struggled to implement robust security measures.
Coinbase Responds
Despite the severity of the recent attacks, Coinbase’s action toward the issue have been deemed to be largely ineffective. Numerous users have reported frustrating experiences with customer support, where agents fail to respond or provide any meaningful assistance.
ZachXBT emphasized that its support system is severely lacking, especially outside of U.S. business hours. He pointed out that the company’s limited availability is problematic, as the cryptocurrency market operates 24/7.
Moreover, Coinbase’s internal risk models have drawn criticism for imposing strict restrictions on legitimate accounts while failing to stop scams. The platform has also been faulted for not flagging theft addresses in its compliance tools. This allowed scammers to continue operating without detection.
As user frustrations grow, there is increasing pressure from both experts and users for Coinbase to implement urgent security reforms to address these vulnerabilities and protect its customers.
“Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month. Other major exchanges do not have similar panels created by scammers for fraud,” ZachXBT wrote.
Read More
- Coinbase CEO: Exchange Would Delist Tether if Required by U.S. Law
- Brian Armstrong: Coinbase Scales Solana Amid TRUMP Token Surge
- SEC Must Justify Crypto Policy in Coinbase Legal Win
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
