Coinbase users lose $45M in a week to scams

On May 7, blockchain investigator ZachXBT reported that more than $45 million was stolen from Coinbase users in the past week, the latest in a string of high-value thefts linked to sophisticated social engineering scams.

The post follows earlier disclosures of a suspected $46 million in related scams in March, pushing recent totals well over nine figures.

ZachXBT, who makes it his mission to track these incidents, published a list of wallets receiving stolen funds, which included transfers across Bitcoin and Ethereum addresses.

The funds, he said, were typically bridged from Bitcoin to Ethereum via Thorchain or Chainflip, and then swapped for DAI, a stablecoin.

“Interestingly, no other major exchange has the same problem,” he wrote.

How the scams work

Scammers use fake Coinbase emails about unlinked banks to steal login credentials and personal information. Photo: PromoAmbitions / YouTube

The scams usually begin with a spoofed phone call or email appearing to come from Coinbase. Armed with personal information sourced from compromised databases, scammers convince victims there has been suspicious activity on their account. They’re then urged to transfer funds to a “safe” Coinbase Wallet or whitelist an address under the pretense of account verification.

In reality, the wallet or address belongs to the scammers.

Some phishing campaigns even use cloned websites and interactive admin panels – sold via Telegram – to send victims fake Coinbase emails in real time.

One victim lost $850,000 through this method. When ZachXBT traced the theft, it led to a consolidation address linked to 25+ other victims and a known ENS name, coinbase-hold.eth.

$300M per year and counting

According to data compiled by ZachXBT and fellow investigator @tanuki42_, Coinbase users lost at least $65 million in December 2024 and January 2025 alone. They believe the actual number is far higher, as their data was limited to private messages and visible on-chain transactions.

ZachXBT estimates that total losses from similar scams now exceed $300 million per year.

Despite this, he says Coinbase has failed to flag most of the theft addresses in compliance tools or improve user protections. Victims often face slow or ineffective customer support, and thefts continue for weeks without visible intervention.

Security lapses and missed warnings

The investigator also highlighted several Coinbase-related vulnerabilities, including:

• A bug that allowed verification codes to be sent to unrelated emails

• Read-only API keys used for tax software that were compromised

• A $15.9 million theft from Coinbase Commerce

• $38 million laundered from the BTCTurk hack through Coinbase in a matter of hours

Threat actors behind these scams reportedly include groups based in India and members of the online group known as “the Com,” who primarily target U.S. users.

“Coinbase could easily choose to make an example out of them if they wanted,” ZachXBT wrote, noting that many of these actors have poor operational security.

Recommendations and response

Elderly users are often targeted by scammers impersonating Coinbase support through fake calls and emails. Photo: Unsplash / Joshua Hoehne

While the investigator acknowledged Coinbase’s strengths – such as their stablecoin services, Base ecosystem, and legal pushback against the SEC – he stressed that urgent reforms are needed.

Among his recommendations:

• Optional phone numbers for KYC-verified users with stronger authentication

• Elderly or beginner account types with withdrawal restrictions

• A dedicated incident response team operating 24/7

• Greater effort to flag theft addresses and take down phishing domains

• Legal action against data providers and U.S.-based scammers

“It’s unreasonable to expect elderly victims to understand the nuances of email or phone spoofing,” he said. “Coinbase is in a position where they have the power to make these changes... but they have chosen to do little to nothing.”

A Coinbase-specific issue?

According to ZachXBT, the scale and persistence of these scams is unique to Coinbase. Competing exchanges such as Kraken, Binance, and OKX do not appear to be facing the same kind of mass-targeted social engineering panels.

As user losses mount into the tens of millions monthly, the pressure is growing for Coinbase leadership to act.

“The threats in this space are always evolving and you may only have minutes to react,” ZachXBT warned.