Coinbase Faces Serious Security Issues Amidst Rising Scams ?
Recent findings bring to light the alarming reality that users of Coinbase, a prominent cryptocurrency exchange, are reportedly losing significant sums each year due to elaborate social engineering scams. Research conducted by on-chain investigator ZachXBT, in partnership with Tanuki42, has revealed that these scams cost users upwards of $300 million annually. Particularly alarming is the loss of at least $65 million over a short span from December 2024 to January 2025.
Investigating the Criminal Underworld ?️️
The investigation traced the activities of two primary groups behind these thefts. One group comprises members of an organization known as ‘The Com,’ while the other includes cybercriminals predominantly operating from India with a focus on U.S. victims. Evidence suggests that Coinbase must urgently address these scams, as users continue to fall victim at an alarming rate, losing tens of millions monthly.
Subscribe to our Social Media for Exclusive Crypto News and Insights 24/7!
Deceptive Tactics: How Scammers Operate ?
The scammers have developed a comprehensive script to exploit unsuspecting users. Their method typically begins with a phone call made from a faked number, during which they use personal data obtained from questionable sources to gain the user’s trust. They present themselves as customer service representatives and inform victims of alleged unauthorized attempts to access their Coinbase accounts.
After the initial contact, scammers send out counterfeit emails designed to look as if they originate from Coinbase. These emails include fabricated case identification numbers purportedly meant to authenticate the communication process. The scammers then instruct users through a series of steps that ultimately allow them to gain control of the victims’ assets.
- In one notable incident, a victim lost approximately $850,000.
- The stolen assets were traced back to a consolidation address labeled “coinbase-hold.eth,” which has links to over 25 other victims.
Infrastructure and Awareness of Phishing Attacks ?
These criminals have built an intricate operational structure that supports their illicit activities. They have devised clone websites imitating Coinbase’s legitimate platform and run phishing operations promoted via Telegram channels. Notably, these fake sites are engineered to block access from VPNs, a tactic that prevents detection and ironically contradicts Coinbase’s own security guidelines, which advise against VPN use.
The investigation disclosed multiple security-related incidents that Coinbase has allegedly not disclosed publicly. Issues such as outdated API keys used for tax reporting tools or vulnerabilities permitting verification codes to be dispatched to any email, irrespective of account status, were highlighted. In 2023 alone, Coinbase Commerce fell victim to a theft totaling $15.9 million. Alarmingly, stolen funds frequently remain unrecognized for weeks by compliance tools, complicating recovery efforts for users.
Customer Support Challenges ?
Victims trying to reclaim their lost funds consistently report difficulties in contacting Coinbase’s customer service, particularly outside of regular U.S. working hours. This communication barrier intensifies the troubles faced by users, many of whom are already overwhelmed by having fallen victim to fraud.
The Broader Landscape of Cryptos ?
The report draws comparisons between Coinbase and other major cryptocurrency exchanges. Notably, rival platforms such as Kraken, OKX, and Binance do not appear to experience equivalent levels of social engineering fraud, highlighting a glaring vulnerability within Coinbase’s operations. A 2023-2024 report from chain analysis firm Chainalysis revealed that scammers stole an astonishing $4.6 billion through social engineering methods across all crypto platforms, establishing Coinbase’s losses as a significant fraction of this concerning total.
Recommendations for Enhanced Security ?️
ZachXBT’s research outlines several actionable recommendations Coinbase could consider to bolster user protection, including:
- Making phone number requirements non-mandatory for seasoned users who utilize authentication applications or security keys.
- Creating distinct account types for novice and elderly customers featuring additional withdrawal limits and improved customer service.
- Encouraging community involvement through educational content related to fund recovery.
- Maintaining a dedicated incident response unit and actively flagging wallet addresses linked to theft.
- Blocking known phishing sites to curtail fraudulent activities.
While the investigation surfaced critical issues, it also noted positive elements within Coinbase’s operations, such as their stablecoin services and ongoing development projects surrounding the Base blockchain.
Hot Take: A Call for Immediate Action ️
As the investigation reveals continuous losses amounting to tens of millions each month, it is imperative for Coinbase to enact meaningful changes swiftly. The reported $65 million lost in December 2024 and January 2025 likely falls short of the true numbers, as the data does not encompass user support tickets or law enforcement records. Comprehensive action is crucial to reverse this trend and protect users effectively.
Coinbase scams, social engineering attacks, cryptocurrency security.
