Recent investigations led by on-chain expert ZachXBT have uncovered a staggering reality: Coinbase users lose over $300 million annually due to rampant social engineering scams. As cryptocurrency adoption increases, so too do the tactics employed by cybercriminals. The increasing number of reports on social media, where users detail unexpected account restrictions, has drawn a direct line to the inadequacies of risk management at one of the leading cryptocurrency exchanges. The findings reveal a pressing need for a change in how exchanges like Coinbase handle user security and scam prevention.
The Scale of Financial Losses
ZachXBT, collaborating with fellow researcher Tanuki42, undertook a forensic analysis that examined Coinbase withdrawals along with direct messages from victims. Their research estimated that between December 2024 and January 2025 alone, around $65 million was siphoned off from unsuspecting users. However, this figure likely reflects only a fraction of the actual losses, excluding unreported incidents through Coinbase support channels or various law enforcement agencies. One particularly egregious case involved a victim losing approximately $850,000—a loss traced back to a wallet associated with over 25 other compromised accounts. This case exemplifies a concerning pattern where sophisticated scams are orchestrated across multiple targets, reinforcing the urgent requirement for an overhaul in security practices.
The Tactics of Deception
Social engineering scams are notorious because they exploit the vulnerabilities of human psychology. Typically, these scams involve perpetrators spoofing phone numbers to impersonate Coinbase support. Armed with personal information harvested from nefarious databases, scammers can earn the victims’ trust. Victims are misled into believing their accounts are under attack and are prompted to engage in cash transfers to a fraudulent Coinbase Wallet, thinking they’re taking protective measures. This manipulation is amplified through the use of sophisticated phishing sites that bear a striking resemblance to legitimate Coinbase platforms, often disseminated through channels like Telegram.
The investigation further revealed that organized efforts from two primary groups are conducting these scams: one dubbed ‘The Com’ and a network of criminals from India, targeting a predominantly American clientele. These patterns of exploitation raise questions regarding the overall efficacy of Coinbase’s current security protocols and their ability to safeguard users from such pervasive threats.
Despite being a major player in the cryptocurrency market, Coinbase’s internal security standards appear insufficient against these emerging threats. ZachXBT pointed out inconsistencies in Coinbase’s security guidelines; for instance, while Coinbase employees advise against using VPNs to avoid false positives, scammers are known to restrict VPN access to their phishing sites, thus sidestepping detection. This presents a paradox that only adds to the complexity of the issue.
Moreover, ZachXBT documented a series of unaddressed security incidents at Coinbase, pointing to failures such as vulnerabilities that allowed phishing emails to reach thousands and significant theft from Coinbase Commerce. The ongoing theft of funds often goes unnoticed by compliance mechanisms, compounding the frustration of victims trying to get assistance from an overwhelmed customer support team, particularly beyond US business hours.
ZachXBT proposes various measures to stem the tide of user losses. Among these is transforming Coinbase’s user account structure to create optional phone number settings for advanced users, thus reducing exposure to social engineering. Additionally, implementing an account type aimed at beginner users could provide necessary safeguards against immediate large withdrawals, thus allowing for more robust monitoring. Enhanced customer outreach and support are essential, as is the proactive engagement with the community through educational initiatives about scams and fund recovery avenues.
The financial toll on users is substantial: losses amounting to tens of millions each month. In light of these alarming statistics, Coinbase must not only address existing vulnerabilities but also adopt a more comprehensive strategy that prioritizes user safety. With competitive exchanges suffering fewer incidents of similar scams, the spotlight is increasingly on Coinbase to catch up. By taking these proactive and meaningful steps, the exchange can regain user trust and diminish its ongoing security crisis. Failure to act could lead to further declines in user confidence, ultimately putting its future at stake in an increasingly crowded market.