Coinbase Users Lose Over $300M Per Year to Social Engineering Scams - ZachXBT
Coinbase users are estimated to lose at least $300 million worth of assets per year to various social engineering attacks.
- Coinbase users are estimated to lose over $300 million worth of assets per year to various social engineering scams due to the platform's continuous failure to address key security issues, reports on-chain investigator ZachXBT.
"Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month," he said.
- The analyst also shared a table documenting $65 million stolen from Coinbase users from December 2024 to January 2025 alone.
"Our number is likely much lower than the actual amount stolen as our data was limited to my DMs and thefts we discovered on-chain which does not account for Coinbase support tickets and police reports we do not have access to," said the researcher.
- According to the report, scammers target Coinbase users using a combination of spoofed phone numbers and emails, leaked personal information, Coinbase wallet, cloned Coinbase sites, SIM swap attacks, old API keys, platform bugs, and other evolving social engineering techniques.
"Competitors like Kraken, OKX, Binance do not have the same issue. I do not blame all Coinbase employees as most of the fault lies on leadership for these decisions," added ZachXBT.
- ZachXBT also pointed out that Coinbase does not report theft addresses in popular compliance tools, and victims are often left with "useless" unresponsive customer support agents that are nearly impossible to reach outside of US business hours.
- According to the analyst, Coinbase should at least make phone number verification optional and for advanced users only, while also improving its communication concerning security issues and enabling beginner/elderly-friendly accounts that 'do not allow withdrawals.'
"Coinbase is in a position where they have the power to make these changes and set a good example but they have chosen to do little to nothing," was stated in the report.
For better security against various social engineering scams and the loss of sensitive personal information, users should consider learning how to acquire bitcoin via no-KYC platforms and services. Non tech-savvy users seeking to use bitcoin as a savings vehicle can also explore regulated Bitcoin-focused products and platforms. Learn about the importance of learning privacy in Bitcoin here.
- Do you want more? Subscribe and get No Bullshit GM report straight to your mailbox and No Bullshit Bitcoin on Nostr.
- Feedback or news tips? Drop it here.
