Coinbase, the largest cryptocurrency exchange in the United States, is facing scrutiny after a surge in phishing scams led to millions in losses.
Between December 2024 and January 2025, hackers are reported to have stolen at least $65 million from Coinbase users through sophisticated social engineering schemes.
The attacks, detailed by blockchain investigator ZachXBT, highlight a growing vulnerability in the exchange’s security framework.
1/ Over the past few months I imagine you have seen many Coinbase users complain on X about their accounts suddenly being restricted.
This is the result of aggressive risk models and Coinbase’s failure to stop its users losing $300M+ per year to social engineering scams.
These scams rely on phishing emails, fake customer service calls, and counterfeit Coinbase websites to deceive users into transferring funds.
Once stolen, the assets are quickly laundered through blockchain bridges and mixers, making recovery almost impossible.
Despite repeated warnings from security experts, Coinbase has struggled to implement effective countermeasures, leaving its users exposed to escalating threats.
How hackers bypass Coinbase security measures
An analysis by ZachXBT and another researcher uncovered a pattern of large-scale scams exploiting Coinbase’s security infrastructure. One user lost 110 cbBTC, a wrapped Bitcoin on Coinbase’s Base network, valued at $11.5 million.
Another victim was tricked into transferring $850,000 to scammers, with investigators tracing the funds to a single address linked to over 25 other victims.
These scams are executed through a mix of advanced deception tactics. Attackers typically contact users via phone calls, leveraging stolen data to appear legitimate.
They impersonate Coinbase representatives, warning users of security breaches and urging immediate action.
Victims are then redirected to fraudulent websites that mimic Coinbase’s interface, where they unknowingly approve transactions that send funds to scam wallets.
5/ They then sent a spoofed email which appeared to be from Coinbase with a fake Case ID further gaining trust.
They instructed the victim to transfer funds to a Coinbase Wallet and whitelist an address while “support” verified their accounts security.
Beyond phishing, hackers manipulate Coinbase’s internal security mechanisms.
Many victims were deceived into whitelisting malicious addresses or transferring assets to scam wallets disguised as “secure” Coinbase holdings.
Once transactions are completed, the funds are swiftly moved across multiple blockchains using mixers and cross-chain bridges to erase any traceable links.
Coinbase’s response has been widely criticized. Affected users report difficulties reaching customer support, with cases remaining unresolved for weeks.
Some claim they received only generic responses or were ignored entirely.
Meanwhile, rival exchanges such as Kraken, Binance, and OKX have not reported similar large-scale phishing operations, raising concerns about Coinbase’s security protocols.
Adding to the issue, Coinbase’s automated risk models often restrict legitimate users’ accounts while failing to detect scammers.
The exchange has also been criticized for its lack of proactive fraud prevention, with scam-related addresses often remaining unflagged within its compliance systems.
Calls for urgent security reforms
As the number of phishing attacks continues to rise, experts and Coinbase users are demanding immediate security reforms. ZachXBT has outlined several critical steps Coinbase should take to protect its users from future scams.
One proposed measure is enhancing account security by allowing advanced users to disable phone-based authentication in favour of security keys or authenticator apps.
For beginners and elderly users, Coinbase could introduce risk-reduction features, such as restricted withdrawals for new accounts.
12/ I strongly urge the Coinbase leadership team to consider:
a) Making phone numbers optional for advanced users with Authenticator app or Security key added who are fully KYC verified.
b) Add a beginner / elderly user account type that doesn’t allow withdrawals.
c) Improve…
Another recommendation is improved real-time security monitoring and scam detection, with enhanced customer support for fraud cases.
Many victims report slow or non-existent responses from Coinbase after losing funds, further compounding their losses.
Beyond internal security measures, legal action against cybercriminals is also necessary.
Many phishing scams exploit leaked consumer data from services like TLOxp and TransUnion. Experts argue that targeting these data sources could reduce the risk of social engineering attacks.
Until the exchange implements stronger security measures and customer protections, its users remain at risk of falling victim to increasingly sophisticated cybercriminals.
The post Coinbase phishing scams steal $65M in two months: what went wrong? appeared first on Invezz
