A cybersecurity investigator, known online as ZachXBT, revealed that Coinbase users are losing over $300 million annually to social engineering scams. This alarming figure highlights the vulnerability of users to increasingly sophisticated phishing attacks.
How the Scams Work
ZachXBT, who boasts a large following on X (formerly Twitter), shared details of these scams. Between December 2024 and January 2025 alone, approximately $65 million was stolen. One particularly damaging scam involved a victim losing nearly $850,000. The criminals used spoofed phone numbers and emails to impersonate Coinbase support, leveraging personal information obtained from private databases to build trust. Victims were then tricked into transferring funds to fraudulent Coinbase wallets. The scammers even used a near-perfect replica of the Coinbase website to further deceive their targets.
ZachXBT’s Recommendations to Coinbase
To combat these scams, ZachXBT urges Coinbase to take several steps:
- Make phone numbers optional: For advanced users with strong security measures (authenticator apps or security keys), phone number verification could be optional.
- Create a beginner-friendly account type:
This account type would restrict withdrawals, protecting vulnerable users.
- Improve community outreach: This includes better resources for recovering stolen funds, 24/7 incident response, flagging suspicious addresses, and blocking phishing domains.
- Legal action against data providers: ZachXBT suggests Coinbase should consider legal action against TransUnion (and its TLOxp tool) for negligence, as this data is often used by scammers.
- Legal action against scammers: Proactive legal action against the perpetrators of these scams could serve as a deterrent.
The Bottom Line
The sheer scale of these scams underscores the need for increased security awareness among cryptocurrency users and more proactive measures from exchanges like Coinbase to protect their customers. Users should remain vigilant and report any suspicious activity immediately.
