"Coinbase Users Lose $300M in Social Engineering Scams"

Coinbase users are reportedly losing over $300 million annually due to social engineering scams, according to an investigation by on-chain investigator ZachXBT and researcher Tanuki42. The scams involve attackers contacting victims via spoofed phone numbers and using personal information obtained from private databases to gain their trust. Victims are then instructed to transfer funds to a Coinbase Wallet and allowlist an address, unknowingly giving scammers control over their assets.

The investigation analyzed Coinbase withdrawals and direct messages from victims to estimate the extent of thefts across multiple blockchain networks. The data suggested that bad actors stole at least $65 million from Coinbase users between December 2024 and January 2025. However, this figure is likely an underestimation, as it does not account for Coinbase support tickets or law enforcement reports.

One documented case involved a victim who lost approximately $850,000. The stolen funds were traced to a consolidation address tied to more than 25 other victims, which the report labeled "coinbase-hold.eth."

Two main groups are orchestrating the scams: individuals from 'The Com' and cybercriminals based in India, who primarily target US customers. The scams are further facilitated by fake cloned Coinbase websites and sophisticated phishing panels advertised in Telegram channels.

According to the report, Coinbase has experienced multiple security incidents and has not publicly addressed them. These include hacks involving old API keys used for tax software, a vulnerability allowing verification codes to be sent to any email, regardless of account status, and a $15.9 million theft from Coinbase Commerce in 2023.

The investigators added that the stolen funds are often not flagged in compliance tools, even after weeks of theft. Victims frequently report difficulty in reaching Coinbase customer support, particularly outside US business hours.

To mitigate these scams, ZachXBT outlined several measures Coinbase could implement, such as making phone numbers optional for advanced users who use authentication apps or security keys, introducing a beginner/elderly user account type that includes restrictions on withdrawals, with improved customer support and outreach. Additionally, the on-chain investigator suggested increasing community engagement through blog posts on fund recovery, full-time incident response, actively flagging theft addresses, and blocking phishing domains.

Despite security concerns, the