EddieJayonCrypto

 7 May 25

tl;dr

Blockchain investigator ZachXBT revealed that Coinbase users lost $45 million in one week due to coordinated social engineering scams involving phishing, impersonation, and spoofed communications. The scams exploit Coinbase’s user verification weaknesses, with attackers convincing victims to transfe...

Blockchain investigator ZachXBT revealed that Coinbase users lost $45 million in one week due to ongoing coordinated social engineering scams exploiting the platform’s vulnerabilities.

These scams involve phishing, impersonation, and spoofed communications that target Coinbase’s user verification weaknesses. Attackers deceive victims into transferring assets to attacker-controlled wallets by posing as Coinbase support and using stolen personal information. The thefts are part of a broader pattern of crypto heists totaling over $300 million annually.

Two primary groups behind these scams have been identified: “The Com” and a group based in India. Both focus mainly on US customers and employ cloned Coinbase websites, sophisticated phishing panels, and malicious scripts to bypass security measures. They also design phishing sites to block VPN users, making detection by compliance teams more difficult.

ZachXBT’s investigations uncovered multiple Bitcoin and Ethereum wallets linked to these thefts and documented cases where a single consolidation wallet amassed funds from dozens of victims, including one loss reaching $850,000.

Coinbase faces criticism for slow response times, failure to flag or freeze known theft addresses, and unaddressed security gaps such as past API vulnerabilities and a $15.9 million breach in 2023 related to Coinbase Commerce.

To improve user safety, ZachXBT recommends removing phone number requirements for users with hardware keys or authentication apps, introducing account types with withdrawal restrictions for vulnerable populations, expanding international customer support, and implementing proactive community education and real-time theft address flagging.

While acknowledging Coinbase’s contributions to the crypto industry, including its base layer-2 blockchain and asset recovery tools, ZachXBT emphasizes that individual user security remains a critical concern amid these persistent scams. No other major exchange reportedly faces similar coordinated social engineering issues on this scale.

Disclaimer

The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.
 12 May 25
 12 May 25
 12 May 25