TLDR
- Social engineering scams targeting Coinbase have resulted in annual user losses exceeding $300 million
- Recent investigation tracked $65 million in stolen funds over December 2024-January 2025 period
- Two organized groups, including one based in India, systematically target US customers
- Victims report difficulty reaching support after funds are stolen
- Other major crypto exchanges appear unaffected by similar scale of scams
An extensive investigation has uncovered that Coinbase users are falling victim to social engineering attacks at an alarming rate, with annual losses surpassing $300 million. The findings, revealed by cryptocurrency investigator ZachXBT in collaboration with researcher Tanuki42, paint a picture of organized criminal groups systematically targeting the exchange’s customers.
The investigation tracked stolen funds across multiple blockchain networks, documenting at least $65 million in theft during December 2024 and January 2025 alone. Researchers note this figure likely understates the true scale of losses, as it excludes incidents reported through official support channels and law enforcement.
Two distinct criminal organizations have emerged as the primary perpetrators. One group operates from India and specifically targets American customers, while the other, known as ‘The Com,’ works across multiple regions. These groups have developed sophisticated methods to exploit Coinbase’s security systems and user trust.
The largest single theft documented in the investigation involved $850,000 stolen from one user. The funds were traced to a central collection point labeled “coinbase-hold.eth,” which investigators linked to more than 25 additional victims, suggesting a pattern of organized criminal activity.
The scammers’ tactics begin with phone calls from spoofed numbers that appear legitimate to victims. They leverage personal information purchased from private databases to establish credibility and convince users their accounts are at risk from unauthorized access attempts.
Victims then receive carefully crafted emails designed to look like official Coinbase communications. These messages include fake case identification numbers and urgent security warnings. The scammers guide users through a series of steps that ultimately compromise their accounts.
The criminal operations utilize sophisticated technical infrastructure, including clone websites that precisely mimic Coinbase’s official platform. These fake sites incorporate special features to avoid detection, such as blocking access from VPN services – a practice that actually conflicts with some of Coinbase’s own security recommendations.
The investigation revealed several previously undisclosed security incidents affecting the platform. These include problems with outdated API keys used in tax preparation software and a vulnerability that allowed verification codes to be sent to unauthorized email addresses.
Adding to user concerns, the report documented a $15.9 million theft from Coinbase Commerce in 2023. Investigators found that even weeks after thefts occur, many addresses associated with stolen funds remain unflagged in compliance systems, complicating recovery efforts.
Customer support accessibility emerged as a major issue in the investigation. Users who lose funds frequently report difficulty reaching Coinbase representatives, with support particularly limited outside of U.S. business hours. This delay in response time often allows criminals to move stolen funds before intervention is possible.
The scale of attacks targeting Coinbase users stands out when compared to other major cryptocurrency exchanges. The investigation found that competitors including Kraken, OKX, and Binance do not experience comparable levels of social engineering attacks against their customers.
Blockchain analysis firm Chainalysis provides broader context, reporting that social engineering attacks across all platforms resulted in $4.6 billion in stolen funds between 2023 and 2024. The Coinbase-specific losses represent a substantial portion of this total.
The investigation outlines several potential solutions to strengthen user protection. These include making phone number verification optional for users who prefer stronger authentication methods, and creating specialized account types for vulnerable users with additional withdrawal safeguards.
Other recommended improvements focus on prevention and response capabilities. These include publishing educational materials about fund recovery, maintaining dedicated incident response teams, proactively blocking known phishing domains, and improving systems for flagging addresses associated with theft.
Despite these challenges, the report acknowledges several areas where Coinbase maintains strong performance, including their stablecoin services, development work on the Base blockchain, and institutional custody solutions.
Stay Ahead of the Market with Benzinga Pro!
Want to trade like a pro? Benzinga Pro gives you the edge you need in today's fast-paced markets. Get real-time news, exclusive insights, and powerful tools trusted by professional traders:
- Breaking market-moving stories before they hit mainstream media
- Live audio squawk for hands-free market updates
- Advanced stock scanner to spot promising trades
- Expert trade ideas and on-demand support