"Coinbase's $300M Security Fiasco: Users Lose Millions to Scams"

Coinbase, a leading cryptocurrency exchange, has been accused of neglecting security measures, resulting in significant financial losses for its users. According to a recent investigation, Coinbase users are losing approximately $300 million annually through sophisticated social engineering scams.

The investigation, conducted by on-chain investigator ZachXBT and researcher Tanuki42, revealed that scammers stole at least $65 million from Coinbase users in just two months between December 2024 and January 2025. Two main criminal groups were identified as responsible for these thefts: members of an organization known as 'The Com' and India-based cybercriminals targeting US customers.

The scammers employ a detailed playbook to deceive their victims. They begin by contacting users through spoofed phone numbers, using personal information obtained from private databases to establish credibility. The criminals inform victims about supposed unauthorized login attempts on their Coinbase accounts. Following the initial contact, victims receive fraudulent emails that appear to come from Coinbase, including fake case ID numbers meant to verify the legitimacy of the communication. The scammers then guide victims through a series of steps that ultimately give them control over the users’ assets.

One particularly striking case documented in the report involved a single victim losing approximately $850,000. The stolen funds were tracked to a consolidation address labeled "coinbase-hold.eth," which investigators found was connected to more than 25 other victims. The criminals have developed sophisticated infrastructure to support their operations, including clone websites that mimic Coinbase’s official platform and phishing panels advertised through Telegram channels.

The investigation revealed several security incidents that Coinbase allegedly hasn’t addressed publicly. These include problems with old API keys used for tax software and a vulnerability that allowed verification codes to be sent to any email address regardless of account status. In 2023, Coinbase Commerce suffered a $15.9 million theft, adding to these concerns. Stolen funds often remain unflagged in compliance tools even weeks after theft occurs, making recovery more difficult for victims.

Victims have reported consistent difficulties in reaching Coinbase customer support, particularly outside of U.S. business hours. This lack of accessibility compounds the problems faced by users who have lost funds to scammers. The scale of these attacks becomes more notable when compared to other major cryptocurrency exchanges. According to the investigation, competing platforms including Kraken,