Despite FBI warnings, Coinbase users continue to fall victim to massive scams, causing annual losses exceeding $330 million according to cryptocurrency researcher ZachXBT. Data published by the blockchain investigator reveals that an additional $45 million worth of cryptocurrency was stolen through social engineering techniques in just the past week, primarily using fake phone calls and deceptive emails. These latest thefts are merely a continuation of an issue that has persisted for months, causing at least $65 million in losses between December 2024 and January 2025, while damages exceeded $40 million in March 2025.
Attackers employ sophisticated methods, including impersonating Coinbase customer support, using spoofed phone numbers, and sending phishing emails that often contain accurate customer case IDs. The FBI issued warnings in August and September 2024 about scammers posing as crypto exchanges, highlighting that North Korean state-affiliated hacking groups target users with fake job offers and investment opportunities, compelling them to download malicious software. Researchers ZachXBT and Tanuki42 have observed that two main groups are behind the attacks: "The Com" and an India-based operation, which primarily target US customers and utilize cloned Coinbase websites and sophisticated phishing panels.
Experts criticise Coinbase's security practices, noting that the company often fails to report theft addresses in compliance tools, even weeks after the frauds occur. Measures proposed by ZachXBT include removing the phone number requirement for users with hardware keys or authentication apps, introducing optional "elder" user account types with withdrawal restrictions, and expanding customer support for international users. Notably, ZachXBT emphasises that no other major cryptocurrency exchange faces a similar scale of problem, raising serious questions about Coinbase's security protocols.
Sources:
1.
2.
Vince Quill
3.
4.
