$65M Stolen, Actual Losses Likely Higher

Over the past two months, Coinbase users have reported a surge in account restrictions, which appear linked to the company’s aggressive risk models and an ongoing wave of social engineering scams.

ZachXBT believes that the blame for the losses lies with Coinbase’s leadership, failing to report theft addresses, offer responsive support, and react swiftly to threats – issues rivals like Kraken and Binance manage far more effectively.

Coinbase’s Security Crisis

Popular pseudonymous on-chain investigator ZachXBT, alongside zeroShadow researcher ‘tanuki42,’ has uncovered that at least $65 million was stolen from Coinbase users through social engineering scams between December 2024 and January 2025.

Their findings, based on on-chain data analysis and victim reports received via direct messages, suggest the actual figure is likely much higher, as it does not account for cases reported directly to Coinbase or law enforcement.

The scams typically involve attackers posing as Coinbase support, using spoofed phone numbers and emails to gain victims’ trust, often leveraging personal data from private databases. Victims are tricked into transferring funds to compromised Coinbase Wallets and whitelisting fraudulent addresses.

One case involved a loss of $850,000, with the stolen funds consolidated alongside assets from over 25 other victims linked to the address ‘coinbase-hold.eth.’ ZachXBT attributed these scams to groups based in India and low-level cybercriminals from online communities like Com. He criticized Coinbase’s risk models and customer security measures, which he claims have failed to prevent over $300 million in annual losses to such fraud.

Leadership Inaction and Weak Support

In addition to rampant social engineering scams, ZachXBT claimed that Coinbase has quietly experienced several security incidents that were not publicly disclosed. These include breaches involving old API keys used for tax software, which were supposed to have read-only permissions but were compromised, and a recent bug that allowed verification codes to be sent to any email address, regardless of whether it was linked to an account.

In 2023, $15.9 million was stolen from Coinbase Commerce, and a threat actor laundered $38 million from the BTCTurk hack through Coinbase in just a few hours. The blame, according to the detective, largely falls on Coinbase’s leadership for systemic failures in security and customer response.

Theft-related addresses often go unreported in compliance tools for weeks, leaving gaps in fraud detection. Victims frequently encounter ineffective customer support, with little follow-up, and the company’s unavailability outside US hours is problematic for a global 24/7 market.

He further added that competitors such as Kraken, OKX, and Binance manage similar risks more effectively, Coinbase has failed to take decisive action against even low-level US-based threat actors with poor operational security. ZachXBT stated that the core issues stem from leadership decisions, not individual employees.

“Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month. Other major exchanges do not have similar panels created by scammers for fraud. While the victims are partially responsible it’s unreasonable to expect elderly victims to understand the nuances of email/phone spoofing.”