Coinbase's $65M Phishing Scams: What Went Wrong?

In a span of just two months, Coinbase, a leading cryptocurrency exchange, has fallen victim to a series of phishing scams that have resulted in a staggering loss of $65 million. The question on everyone's mind is: what went wrong?

Beyond the typical phishing tactics, hackers have manipulated Coinbase's internal security mechanisms, deceiving many victims into whitelisting malicious addresses or transferring assets to scam wallets disguised as "secure" Coinbase holdings. Once transactions are completed, the funds are swiftly moved across multiple blockchains using mixers and cross-chain bridges to erase any traceable links.

Coinbase's response to these incidents has been widely criticized. Affected users report difficulties reaching customer support, with cases remaining unresolved for weeks. Some users claim they received only generic responses or were ignored entirely. Meanwhile, rival exchanges such as Kraken, Binance, and OKX have not reported similar large-scale phishing operations, raising concerns about Coinbase's security protocols.

Adding to the issue, Coinbase's automated risk models often restrict legitimate users' accounts while failing to detect scammers. The exchange has also been criticized for its lack of proactive fraud prevention, with scam-related addresses often remaining unflagged within its compliance systems.

As the number of phishing attacks continues to rise, experts and Coinbase users are demanding immediate security reforms. ZachXBT has outlined several critical steps Coinbase should take to protect its users from future scams. One proposed measure is enhancing account security by allowing advanced users to disable phone-based authentication in favor of security keys or authenticator apps. For beginners and elderly users, Coinbase could introduce risk-reduction features, such as restricted withdrawals for new accounts.