Renowned blockchain researcher ZachXBT reported that users of cryptocurrency exchange Coinbase lost $300 million due to deficiencies in its security systems leading to scams.
At this point, ZachXBT revealed that Coinbase users lost more than $65 million due to scams between December 2024 and January 2025.
ZachXBT stated that the applications made to the Coinbase support team and the police were not taken into account, so the stated $65 million is much lower than the actual amount of damage.
How Do Scammers Work?
As a result of its investigation, ZachXBT revealed that scammers are deceiving users by making fake calls and impersonating the Coinbase support team.
To appear convincing to ZachXBT, the scammers imitated Coinbase’s website and emails, which are difficult for the casual observer to distinguish.
After establishing trust, the scammers made potential victims verify their accounts via their private keys.
ZachXBT added that the scammers are operating from India and are primarily targeting users in the US.
“The scammers used personal information from a private database to gain the victim’s trust by calling them from a fake phone number. After telling them that there had been multiple unauthorized attempts to log into their account.
(Coinbase will NEVER call you).
It then sends a fake email purporting to be from Coinbase, asking the victim to transfer funds to a Coinbase Wallet and whitelist an address while the “support” team verifies the security of their account.
“The scammers are copying the Coinbase site almost 1:1, allowing the scammers to use panels to send different prompts to the target via fake emails.”
ZachXBT stated that the addresses of the scammers are often not reported by Coinbase, the Coinbase support team is inadequate, and it is incredibly difficult to reach the Coinbase team outside of US hours, indicating that the exchange has shortcomings.
ZachXBT recently called on Coinbase to strengthen measures against scams, including making phone numbers optional on the platform for advanced users who have been verified with KYC, have an Authenticator app or Security key added, adding a starter user account that restricts withdrawals, and improving community outreach.
1/ Over the past few months I imagine you have seen many Coinbase users complain on X about their accounts suddenly being restricted.
This is the result of aggressive risk models and Coinbase’s failure to stop its users losing $300M+ per year to social engineering scams. pic.twitter.com/PjtX7vmjqc
— ZachXBT (@zachxbt) February 3, 2025
*This is not investment advice.
