Recent investigations conducted by on-chain analyst ZachXBT have brought to light troubling statistics surrounding social engineering scams targeting Coinbase users. With estimated losses exceeding $300 million annually, these findings highlight an alarming trend of increased vulnerability among cryptocurrency users. The investigation, in collaboration with researcher Tanuki42, revealed that the thefts could amount to at least $65 million over just a two-month period in late 2024 to early 2025. However, the figures may be conservative, as they do not encompass all incidents—particularly those reported to Coinbase support or law enforcement agencies. This discrepancy points to an overarching issue within the Coinbase security framework that requires immediate attention.
The modus operandi of these social engineering scams typically involves sophisticated narratives crafted by attackers. Victims often receive communication from individuals posing as Coinbase representatives. Utilizing spoofed phone numbers and personal information obtained illicitly, these scammers create a façade of authenticity. Users are frequently misled into believing that their accounts are at risk due to unauthorized access attempts. This tactic is followed by a fraudulent email designed to mimic legitimate correspondence from Coinbase, complete with a deceptive case number for verification purposes.
In some egregious instances, victims have parted with vast sums of money. One case highlights a loss of approximately $850,000, emphasizing the perilous nature of these scams. The investigation identified that the stolen funds could be traced to a common consolidation address identified as “coinbase-hold.eth,” revealing a network of over 25 affected individuals. Such high-stakes thefts are not isolated; they are part of a broader pattern wreaking havoc on users’ financial security.
Despite Coinbase’s stature as a leading cryptocurrency exchange, the findings indicate glaring inadequacies in its security protocols. ZachXBT pointed out inconsistencies within Coinbase’s own security recommendations, particularly concerning the use of Virtual Private Networks (VPNs). While the exchange warns users against utilizing VPNs—suspected of flagging accounts as suspicious—scammers are using VPN-blocking tactics to access phishing sites, easily outsmarting the very recommendations that were designed to shield users.
Moreover, the report underscores significant lapses in Coinbase’s ability to address reported security incidents publicly. The investigators labeled several escalations—from vulnerabilities related to verification codes to substantial thefts from their commerce sector—as unaddressed issues that compromise user safety. This failure to communicate proactive measures while dealing with internal security breaches only heightens users’ anxiety and uncertainty.
Interestingly, other cryptocurrency exchanges such as Kraken, OKX, and Binance appear to face fewer social engineering scam incidents in comparison to Coinbase. This disparity raises pressing questions about Coinbase’s security framework and user protection strategies. A critical analysis of these platforms may indicate that their security measures are more robust or their user engagement more effective in educating users on scam avoidance.
To align with best practices in the industry, enhanced customer support, particularly to address user concerns during non-business hours, may be crucial. As social engineering scams continue to evolve in sophistication, the necessity for exchanges to develop agile and effective countermeasures cannot be overstated.
In response to the ongoing crisis, ZachXBT proposed several strategies for Coinbase to mitigate losses and improve user protection. Suggestions include allowing advanced users to opt out of the use of phone numbers for account verification, a crucial step towards enhancing security. Additionally, creating account types designed specifically for beginners or elderly users, limiting their ability to make high-stakes withdrawals, could prevent significant financial losses.
The report also recommends improvements in community engagement through proactive outreach—such as informative blog posts regarding fund recovery strategies—and a more assertive stance against phishing domains. Segmenting customer support to address varying levels of risk awareness among users would further fortify the exchange’s defense against scams.
While Coinbase has shown resilience in many areas—including successful legal proceedings against regulatory bodies and the innovation of blockchain technologies—the report asserts that substantial changes are required to bolster user security. With monthly losses reportedly reaching millions, the urgency for Coinbase to solidify its defenses against the wave of social engineering scams has never been more crucial.