Coinbase Users Lose $65M in Two-Month Scam Spree as Security Lapses – ZachXBT

Coinbase, the largest cryptocurrency exchange in the United States, is under fire after a wave of social engineering scams between December 2024 and January 2025 caused millions in losses for its users.

According to a report by blockchain investigator ZachXBT, at least $65 million was stolen from Coinbase customers during this two-month period.

1/ Over the past few months I imagine you have seen many Coinbase users complain on X about their accounts suddenly being restricted.

This is the result of aggressive risk models and Coinbase’s failure to stop its users losing $300M+ per year to social engineering scams. pic.twitter.com/PjtX7vmjqc

— ZachXBT (@zachxbt) February 3, 2025

The report sheds light on a broader issue, with total estimated losses exceeding $150 million over the past year.

The common thread in these scams is the use of phishing emails, spoofed customer service calls, and fraudulent websites that mirror Coinbase’s interface.

Attackers trick victims into transferring funds to scam wallets under the guise of account security verification.

Once the funds are moved, they are rapidly laundered through bridges and mixing services, making recovery nearly impossible.

Despite repeated warnings from cybersecurity experts, Coinbase has struggled to implement effective countermeasures, leaving users vulnerable to the growing threats.

How the Scams Work and Why Coinbase is Struggling to Respond

In the detailed breakdown, ZachXBT and a fellow researcher analyzed withdrawal data and user reports, revealing a pattern of sophisticated scams exploiting Coinbase’s security shortcomings.

One noteworthy case involved a victim who lost approximately $850,000, which was traced to a single consolidation address linked to over 25 other victims.

Another high-profile theft saw a Coinbase user lose 110 cbBTC, which is Coinbase’s wrapped Bitcoin on its Base network, worth $11.5 million.

ZachXBT’s investigation reveals that scammers employ a mix of advanced tactics and psychological manipulation to gain access to user accounts.

Attackers often initiate contact via phone calls, leveraging data from breached databases to appear legitimate.

They pose as Coinbase representatives, warning users that their accounts have been compromised and requiring immediate action.

Victims are then directed to fraudulent websites that perfectly mimic Coinbase’s interface, where they are prompted to enter their login credentials or approve transactions—unknowingly transferring funds to scam addresses.

5/ They then sent a spoofed email which appeared to be from Coinbase with a fake Case ID further gaining trust.

They instructed the victim to transfer funds to a Coinbase Wallet and whitelist an address while “support” verified their accounts security. pic.twitter.com/pOTQpnMfCz

— ZachXBT (@zachxbt) February 3, 2025

Beyond phishing tactics, scammers manipulate Coinbase’s own security features.

They deceive victims into whitelisting malicious addresses or transferring assets under the pretense of securing their funds in a “safe” Coinbase Wallet.

After the initial transfer, scammers act quickly, swapping, bridging, and mixing the assets across multiple chains to obscure their trail.

This rapid laundering process ensures the stolen funds become nearly impossible to track or recover.

Despite the scale of these attacks, Coinbase’s response has been inadequate. Users report difficulties reaching customer support, and some cases have remained unresolved for weeks.

Many victims claim they received generic responses or were ignored entirely. Meanwhile, competing exchanges such as Kraken, Binance, and OKX have not faced similar large-scale phishing operations.

Adding to the problem, Coinbase’s internal risk models have led to aggressive restrictions on legitimate user accounts while failing to prevent scams.

The exchange has also been criticized for failing to flag theft addresses in compliance tools, allowing scammers to continue operating undetected.

Calls for Urgent Security Reforms

As frustration mounts, experts and users alike are calling for urgent security reforms within Coinbase.

ZachXBT outlined several measures the exchange should take to protect its users.

12/ I strongly urge the Coinbase leadership team to consider:

a) Making phone numbers optional for advanced users with Authenticator app or Security key added who are fully KYC verified.

b) Add a beginner / elderly user account type that doesn’t allow withdrawals.

c) Improve…

— ZachXBT (@zachxbt) February 3, 2025

One measure is to enhance account security by making phone numbers optional for advanced users who prefer authenticator apps or security keys.

Protections for elderly and beginner users should be introduced, with account types that restrict high-risk withdrawals for less-experienced traders.

Coinbase was also urged to improve community outreach by increasing security awareness through blog posts, real-time incident response, and proactive scam detection.

Beyond internal security measures, experts emphasize the importance of legal action against cybercriminals.

Efforts should be made to hold US-based threat actors accountable while targeting services like TLOxp and TransUnion, which provide data exploited in these scams.

While Coinbase has taken steps to improve its platform—such as offering stablecoin on/off ramps and engaging in legal battles against the SEC—these initiatives do little to address the rising tide of social engineering attacks.