Recent revelations from on-chain investigator ZachXBT shed light on the troubling world of social engineering scams targeting Coinbase users, with losses exceeding $300 million annually. This staggering figure reflects the vulnerabilities existing within one of the leading cryptocurrency exchange platforms. As victims share their harrowing experiences on social media, it becomes evident that not only are individual users suffering significant financial losses, but also trust in the platform is eroding.
The Nature of the Scams
ZachXBT, in collaboration with researcher Tanuki42, conducted an in-depth analysis of Coinbase’s withdrawal patterns and victim reports. Their findings indicated that from December 2024 to January 2025, bad actors misappropriated at least $65 million—though they caution that this figure likely represents just the tip of the iceberg. Many victims find their pleas for help go unanswered, resulting in fraudulent activities involving sophisticated tactics such as spoofed communications.
Scammers often masquerade as trustworthy Coinbase representatives, reaching victims through faked phone numbers and employing personal information scoured from global databases. Potential victims receive polished but fraudulent emails purporting to be from Coinbase, often containing fake case IDs, leading them down a path to inadvertently surrender their funds. In many reported cases, victims have lost life-altering sums, including one instance where an individual lost around $850,000.
At the heart of these schemes lies a web of phishing tactics and cloned websites. Telegram has become a hub for promoting these malicious platforms, making it easier than ever for criminals to exploit novices in the cryptocurrency space. The report highlights that two notable entities—the group known as ‘The Com’ and various cybercriminals based primarily in India—have proliferated these scams, showing a targeted approach aimed predominantly at U.S. customers.
Tracing the financial flow of stolen assets reveals a grim existence for these funds, often pooled into consolidation addresses linked to multiple victims, making recovery daunting at best. The findings also point to a disturbing lack of urgency in addressing reported scams, as failed attempts to flag these thefts in compliance systems go unnoticed for extended periods.
The findings raise critical questions about Coinbase’s current security policies. A stark contradiction surfaces in their recommendations: while Coinbase employees discourage users from employing VPNs—believing it flags them as suspicious—criminals utilize that very tactic to bypass detection when executing their nefarious plans. At the same time, numerous breaches have not been publicly addressed, including a notable incident involving the exploitation of old API keys and vulnerabilities that allowed verification codes to be sent to any email address.
These shortcomings contrast sharply with the user experiences reported by competitors like Kraken, OKX, and Binance that have largely averted major scams. Not only are user accounts at risk, but access to responsive customer support remains an uphill battle, particularly for individuals attempting to reach out during off-hours.
In light of this, ZachXBT has proposed strategic measures Coinbase could adopt to bolster security and user trust. These recommendations include the optional use of phone numbers for advanced users and the formation of a beginner-friendly account classification designed for elderly users, thereby restricting withdrawals until certain security checks are met. Enhanced customer outreach addressing fund recovery and active investigation into theft cases could forge a powerful sense of community resilience.
Additionally, prioritizing incident response teams and leveraging blog posts focused on fraud awareness could act as deterrents against these scams. Coinbase’s capacity to maintain its strengths—like stablecoin integrations, asset recovery protocols, and innovations like the Base blockchain—could be amplified through rigorous educational campaigns.
As losses mount and confidence in Coinbase wanes, urgent action is imperative. With rivals facing fewer scams, it becomes increasingly clear that the strategies currently in place may not be sufficient to protect Coinbase’s users. As the industry grapples with these threats, fostering a robust security environment demands transparency, user education, and proactive defense measures—elements that must become central to Coinbase’s operational ethos to reaffirm user trust and safety in the volatile cryptocurrency landscape.