Uncovering the Cost of Social Engineering Scams on Coinbase Users
On-chain investigator ZachXBT recently shared shocking data revealing that Coinbase users are losing over $300 million annually due to social engineering scams. This alarming trend has caught the attention of many, as reports of sudden account restrictions have been flooding social media platforms.
The Investigation
ZachXBT, in collaboration with researcher Tanuki42, conducted an investigation into Coinbase withdrawals and direct messages from victims to estimate the extent of thefts across various blockchain networks. The data collected suggested that bad actors have stolen at least $65 million from Coinbase users between December 2024 and January 2025. However, this figure is believed to be an underestimation, as it does not include data from Coinbase support tickets or law enforcement reports.
- Victim Case Study: One documented case involved a victim losing approximately $850,000, with the stolen funds traced back to a consolidation address linked to more than 25 other victims under the label “coinbase-hold.eth.”
Social Engineering Scams Unveiled
Social engineering scams typically involve attackers contacting victims using spoofed phone numbers and leveraging personal information acquired from private databases to gain trust. Victims are informed of unauthorized login attempts on their Coinbase accounts and are sent a fake email appearing to be from Coinbase, containing a phony case ID for verification.
- Scam Process: Victims are instructed to transfer funds to a Coinbase Wallet and allowlist an address, unwittingly granting scammers control over their assets.
- Facilitation: Scams are further facilitated by fake cloned Coinbase websites and sophisticated phishing panels advertised in Telegram channels.
Main Culprits
According to the report, two main groups orchestrating these scams are individuals from ‘The Com’ and cybercriminals based in India, primarily targeting US customers.
Security Discrepancies
ZachXBT highlighted a discrepancy in Coinbase’s security recommendations, noting that while users are warned against using VPNs to avoid being flagged as suspicious, threat actors are known to block VPN access to phishing sites, enabling them to evade detection.
Alleged Security Incidents
The report alleged that Coinbase has experienced multiple security incidents that were not publicly addressed, including hacks involving old API keys, a vulnerability allowing verification codes to be sent to any email, and a $15.9 million theft from Coinbase Commerce in 2023.
- Compliance Issues: Stolen funds are often not flagged in compliance tools, even after weeks of theft.
- Customer Support: Victims report difficulties in reaching Coinbase customer support, especially outside US business hours.
Recommendations for Improvement
To combat these issues, ZachXBT proposed several measures for Coinbase to implement, such as making phone numbers optional for advanced users, introducing a beginner/elderly user account type with restrictions on withdrawals, and enhancing customer support and outreach.
- Community Engagement: Increasing community engagement through blog posts on fund recovery, full-time incident response, actively flagging theft addresses, and blocking phishing domains.
Despite its strengths, including stablecoin on/off-ramps and asset recovery tools, Coinbase must address security vulnerabilities to prevent further financial losses for its users. With reports of monthly losses reaching tens of millions, the pressure is mounting for Coinbase to enhance its security measures and protect its users effectively.