ZachXBT shared recent data that revealed Coinbase customers lose over $300 million per year due to scams.
Over the past few months, numerous users have taken to social media to report sudden account restrictions, which ZachXBT attributed to the exchange’s aggressive risk models and a failure to mitigate ongoing scams.
This investigation was conducted with the help of a researcher named Tanuki42. They analyzed Coinbase withdrawals, as well direct messages received from victims, to assess how many thefts were occurring across different blockchain networks.
Data from their study suggested that criminals stole $65,000,000 between December 20,24 and January 20,25. They acknowledge, however, that the figure may be an underestimate, since it doesn’t include Coinbase support tickets and law enforcement reports.
In one case, a victim had lost around $850,000. The report labelled the address as a “consolidated” one, because it was tied to over 25 victims. “coinbase-hold.eth.”
Scams of social engineering
In most social engineering scams, the attacker contacts victims using spoof phone numbers. They also use personal data obtained from databases in order to gain trust.
The scammers inform the victims that unauthorized attempts to log in have occurred on their Coinbase account. They then send out a fake email, which looks like it is from Coinbase. It contains a case ID that can be used for verification.
The victims give up control when instructed to move funds into a Coinbase Wallet, and to allowlist a specific address. Scammers use fake Coinbase clone websites to facilitate the scams. Telegram channels have been promoting sophisticated phishing panels.
According to the report, two main groups orchestrate the scams: individuals from ‘The Com’ and cybercriminals based in India, who primarily target US customers.
ZachXBT also highlighted a discrepancy in Coinbase’s security recommendations. Coinbase’s employees warned against the use of VPNs in order to avoid being marked as suspicious. However, threats actors block VPN access for phishing websites, which allows them to remain undetected.
Chainalysis reports that scammers have stolen $4.6 billion in social engineering frauds between 2023-2024.
Alleged incidents
According to the report, Coinbase has experienced numerous security incidents. However, they have not addressed them in public. The report alleged that Coinbase had experienced multiple security incidents and did not publicly address them.
Investigators also noted that stolen funds were not always flagged as fraudulent in compliance software, even weeks after the theft. Coinbase customers are often difficult to reach, especially outside US business hours.
This report highlights that other exchanges such as Kraken, OKX and Binance do not have similar problems.
ZachXBT suggested several ways Coinbase might mitigate this problem. For example, making users’ phone numbers optional if they use security keys or authentication apps. Introducing a type of account for beginner/elderly users that has restrictions on withdrawals.
On-chain investigators also recommended increasing community involvement through blog posts about fund recovery, full time incident response, flagging and blocking theft addresses.
In spite of security concerns the report recognized that Coinbase maintained several strong points, such as stablecoins on/off ramps, Base’s development, recovery tools for assets, and legal opposition against the US Securities and Exchange Commission.
However, it was argued in the report that users could be protected from financial harm by doing more.
Coinbase is under increasing pressure as a result of losses that are reportedly in the tens or hundreds of millions per month. They must address these security flaws and enhance user protection. Competing exchanges have not experienced similar levels of targeted scams, raising questions about the adequacy of Coinbase’s current security measures.
Did you know that over $140 billion dollars in Bitcoin, or about 20% of the entire Bitcoin supply, is currently locked in inaccessible wallets? Or maybe you have lost access to your Bitcoin wallet? Don’t let those funds remain out of reach! AI Seed Phrase Finder is here to help you regain access effortlessly. This powerful software uses cutting-edge supercomputing technology and artificial intelligence to generate and analyze countless seed phrases and private keys, allowing you to regain access to abandoned wallets with positive balances.
