Recent findings from an investigation led by on-chain analyst ZachXBT have illuminated a troubling reality for Coinbase users: they collectively lose upwards of $300 million each year due to social engineering scams. As cryptocurrency navigates through its volatile landscape, an increasing number of users have reported abrupt restrictions on their accounts, prompting concerns about the exchange’s risk management practices. This trend sharply contrasts with the expectations of those who entrust their assets to a platform of Coinbase’s stature. The investigation, conducted in tandem with researcher Tanuki42, utilized data from transactions and victim communications to paint a clearer picture of the thefts afflicting the platform.
Their data reveals that an estimated $65 million was pilfered from Coinbase users between late 2024 and early 2025 alone. However, these figures are probably underestimated due to the exclusion of user support requests and law enforcement reports. Such formidable numbers portray a concerning tale; one victim reportedly lost about $850,000, a staggering individual loss that resonates starkly across the broader user base. The stolen assets were traced back to a specific address intertwined with multiple victim portfolios, highlighting the pervasive nature of such scams within the Coinbase ecosystem.
How Social Engineering Scams Operate
Social engineering scams exploit human emotions rather than technological vulnerabilities. Attackers utilize deceptive strategies, often communicating through forged phone numbers and leveraging sensitive personal information sourced from illicit databases. In a typical scenario, scammers will impersonate Coinbase representatives, alerting victims to supposed unauthorized access attempts on their accounts. This manipulation is usually followed by the delivery of a fraudulent email masquerading as an official communication from Coinbase, which compels victims to act on false urgency by transferring funds to a scam-controlled wallet.
These scams thrive on elaborate techniques, such as creating counterfeit Coinbase websites and deploying sophisticated phishing panels via platforms like Telegram. The report notably identified two primary groups orchestrating these scams: a collective referred to as ‘The Com’ and various cybercriminal entities operating from India, predominantly concentrating their efforts on US customers. Such specificity reinforces the need for a more vigilant and adaptive security infrastructure within Coinbase.
ZachXBT’s investigation revealed a significant discrepancy in Coinbase’s security recommendations. Noteworthy was the warning against the use of VPNs, which Coinbase advised could trigger suspicion, while concurrently, scammers have found ways to exploit vulnerabilities in these protocols. The fact that attackers can block VPN access to phishing websites presents an alarming counter-narrative to the platform’s suggested security measures. This contradiction highlights an urgent need for Coinbase to reevaluate its internal guidelines and better align them with the realities of the threat landscape.
The gravity of the situation is further illustrated by comprehensive analysis from Chainalysis, which indicates that scammers have managed to extract a staggering $4.6 billion from victims through social engineering attacks over the past two years. Other alarming security incidents have emerged from Coinbase, including thefts linked to outdated API keys and critical vulnerabilities allowing erroneous verification code distributions. These events underscore an overarching theme: Coinbase faces dire security challenges that remain inadequately addressed in public disclosures.
Victims of these scams frequently report their frustrations with accessing Coinbase’s customer support, particularly during non-US business hours, which exacerbates their distress during crises. The report starkly points out that rival exchanges, including Kraken, OKX, and Binance, seem to have evaded such extensive issues affecting their user security, calling into question Coinbase’s effectiveness in upholding its promised security standards.
To combat rising losses and enhance protection measures, ZachXBT proposed multiple actionable strategies. These include establishing optional phone numbers for advanced users, introducing account structures tailored to beginners or the elderly with restrictions on withdrawals, and amplifying community engagement through educational initiatives surrounding fund recovery. Further recommendations for Coinbase involve alerting users through blog posts, setting up a dedicated response team, and actively monitoring and blocking known phishing domains.
While the investigation acknowledges several strengths within Coinbase—such as stablecoin on/off-ramps, development initiatives like the Base blockchain, and asset recovery tools—the findings indicate that an increase in security efforts is paramount. As it stands, losses attributed to these scams are alarmingly high, and the pressure mounts for Coinbase to confront its shortcomings head-on. By addressing glaring security vulnerabilities and fostering a more supportive environment for users, Coinbase stands a chance to regain the trust of its community while fortifying its position within the increasingly competitive cryptocurrency landscape. The need for robust measures is no longer optional but rather an essential step in protecting users from the surging tide of social engineering scams.
Leave a Reply