Recent claims by on-chain investigator ZachXBT reveal that Coinbase users have lost over $65 million due to social engineering scams over just the two months spanning December 2024.
Recent claims by on-chain investigator ZachXBT reveal that Coinbase users have lost over $65 million due to social engineering scams over just the two months spanning December 2024 to January 2025. According to ZachXBT, the figure likely underestimates the total losses, as it does not account for cases reported to Coinbase support or law enforcement.
Scammers have reportedly utilized personal data obtained from private databases to deceive victims. One tactic involved impersonating Coinbase to notify victims of supposed unauthorized login attempts.
Victims received fraudulent emails that appeared to come from Coinbase, complete with fake case identification numbers. These emails instructed victims to transfer funds to a Coinbase Wallet and whitelist a specified address.
ZachXBT highlighted that scammers often replicate the Coinbase website almost identically, enabling them to send tailored prompts to potential victims through spoofed emails. He also pointed to several Telegram channels where these scams are actively promoted.
The estimated yearly losses from social engineering scams, according to ZachXBT, exceed $300 million.
Moreover, ZachXBT alleged that Coinbase frequently fails to report the addresses used by scammers, despite ongoing thefts. He mentioned a Coinbase employee's suggestion for users to avoid VPNs to prevent being marked as suspicious, highlighting a disconnect in the platform’s understanding of the threat landscape.
To combat these issues, ZachXBT urged Coinbase leadership to strengthen protections against social engineering attacks, including making phone number input optional for KYC-verified users and creating a restricted account type for beginners.