A recent report from on-chain security analyst ZachXBT has identified a pattern of scams, particularly affecting Coinbase users.
The blockchain sleuth shared that Coinbase users are bleeding funds through social engineering scams, a fraudulent scheme that has persisted for months. Last week, users on Coinbase, America’s largest crypto exchange, lost $45 million to bad actors through such attacks.
For the uninitiated, a social engineering scam involves manipulating users to share sensitive information with a scammer. Notably, they achieve this through impersonation, sharing phishing links, or baiting.
Coinbase Users Losing $330M Annually to Fraud
Meanwhile, ZachXBT stressed that these attacks have been ongoing for weeks despite earlier notifications to Coinbase. Yesterday’s $45 million scam disclosure on his Telegram account follows a similar report a week ago, in which users lost another $46 million to social engineering frauds.
The prominent analyst estimates that these fraudulent activities have pushed funds stolen from Coinbase users into nine figures in the past few months. Furthermore, ZachXBT highlighted that these scams cost customers $330 million annually.
Remarkably, these social engineering scams are peculiar to Coinbase. The analysis, conducted with the assistance of on-chain investigator “Tanuki42,” highlighted that only Coinbase users have fallen victim to these attacks while identifying the root causes of this persistent issue.
Interestingly, Ripple CTO David Schwartz earlier warned users of a similar scam, specifically in January. He shared a screenshot of a phishing email he received from a fake Coinbase representative claiming he needed to update his account for a smoother experience using the exchange.
ZachXBT Proffers Solutions to Recurring Theft
While he expressed dissatisfaction with Coinbase’s handling of the growing issue, ZachXBT acknowledged the exchange’s remarkable wins for the industry. Some of them included the exchange’s legal wars with the US SEC for clear crypto regulatory frameworks and building its layer 2 network, Base.
Meanwhile, ZachXBT highlighted some of the probable causes why attackers find operating with Coinbase easier. For one, he stressed that Coinbase has a poor response time to customer complaints, especially outside US working hours.
He also noted that the platform has had several unreported security issues. Further, ZachXBT highlighted a bug that allows Coinbase to send verification codes to emails not registered on its platform.
Nonetheless, ZachXBT recommended multiple solutions, including annulling compulsory phone number requirements for advanced users and adding authenticator and security key options. He further advised creating elderly or beginner accounts with withdrawal restrictions and a more proactive user engagement tool.
12/ I strongly urge the Coinbase leadership team to consider:
a) Making phone numbers optional for advanced users with Authenticator app or Security key added who are fully KYC verified.
b) Add a beginner / elderly user account type that doesn’t allow withdrawals.
c) Improve…
— ZachXBT (@zachxbt) February 3, 2025
Notably, social engineering scams are spreading quickly in the crypto industry. A recent FBI report shows that US crypto users lost $9 billion to fraudulent activities in 2024, of which this scheme made up a considerable portion.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
