Coinbase Clients Lose Over $65 Million to Scammers in Two Months

Between December 2024 and January 2025, Coinbase users lost over $65 million due to social engineering scams, according to on-chain detective ZachXBT.

1/ Over the past few months I imagine you have seen many Coinbase users complain on X about their accounts suddenly being restricted.

This is the result of aggressive risk models and Coinbase’s failure to stop its users losing $300M+ per year to social engineering scams. pic.twitter.com/PjtX7vmjqc

— ZachXBT (@zachxbt) February 3, 2025

One victim approached the investigator with a claim of approximately $850,000 stolen. An analysis of the fund movements identified an address where funds from over 25 thefts on the Coinbase platform were consolidated.

“The scammer used personal information stolen from closed databases to convince the victim of unauthorized login attempts to their account,” said ZachXBT.

In the next phase, the perpetrator sends a fake email on behalf of the exchange, asking the victim to whitelist a certain address and transfer funds to it. The message contained a link to a counterfeit site that almost entirely mimicked the original Coinbase platform.

According to ZachXBT, the mentioned losses of $65 million over two months and $300 million annually are “much lower” than the actual figures, as they do not account for claims filed with support and the police.

The expert criticized Coinbase’s management for failing to adequately combat such attacks. He noted that the exchange often does not report the scammers’ addresses, even if thefts have been ongoing for several weeks.

“Last month, clients were advised not to use VPNs to avoid suspicion from the platform. Meanwhile, perpetrators deliberately block VPN access on phishing sites and do not use it. This shows Coinbase’s inability to diagnose the real problem,” ZachXBT pointed out.

The detective recommended that the exchange strengthen its anti-fraud measures, particularly by making phone number entry optional for users who have passed KYC checks, limiting fund withdrawals, and improving community engagement.

Earlier, ZachXBT reported that in December 2024, one Coinbase client lost $11.5 million through social engineering fraud.