Coinbase not doing enough after users lose $65 million between Dec 2024 and Jan 2025 – ZachXBT

Coinbase has been under a lot of fire recently, and now, it has become a subject of interest from ZachXBT, a crypto sleuth famous for getting to the bottom of various scams. 

In separate updates shared on ZachXBT’s Telegram channel and X social media account, he revealed the results of his investigation into Coinbase and scams that the exchange’s customers have suffered. He also offered the company insights on how to protect its users. 

Coinbase customers are often targeted in fraud schemes 

According to ZachXBT’s thread, it’s difficult to determine the exact figure that Coinbase users lose per year to social engineering scams. However, he estimates it could be up to $300 million. 

ZachXBT and another sleuth identified as @tanuki42_ spent time reviewing Coinbase withdrawals and gathering data from his DMs for high-confidence thefts on various chains. They created a table that showed $65 million was stolen from Coinbase users between December 2024 and January 2025.

“Our number is likely much lower than the actual amount stolen as our data was limited to my DMs and thefts we discovered on-chain which does not account for Coinbase support tickets and police reports we do not have access to,” Zach added for clarity. 

How the Coinbase social engineering scams work

After a victim who lost $850,000 reached out to him last month, Zach graphed out thefts that affected 25+ other victims, which led him to the discovery of an address named ‘coinbase-hold.eth’.

The scammers reportedly call victims from a spoofed phone number and then use personal information obtained from private channels to gain their trust. 

Afterward, they would inform the victims that they noticed multiple unauthorized login attempts on their accounts. What followed was a spoofed email drafted to appear as if it came from Coinbase, with a fake Case ID to further look convincing. 

Next, they will instruct the victim to transfer funds to a Coinbase wallet and whitelist an address while “support” verifies their account’s security.

These scammers go as far as cloning the Coinbase site almost perfectly, according to ZachXBT, which allows them to send different prompts to the target via spoofed emails using panels. Scammers can buy these tools via Telegram channels, and they can repeat the process over and over with only minor tweaks. In essence, users continue to lose money to the same scheme every year. 

Last year, Zach also made a post about Coinbase scams and how they have cost users millions of dollars. He revealed back then that the two main groups behind these scams are “skids from the Com and threat actors located in India both primarily targeting US customers.”

ZachXBT believes Coinbase is a part of the problem 

ZachXBT raised different issues with Coinbase’s handling of customer protection, but one he always repeats is the company’s failure to diagnose the actual problem and fix it. 

He mentioned a December 2024 post when a Coinbase employee urged users to stop using VPNs to avoid being flagged as suspicious. This inadvertently works in favor of threat actors, who explicitly block VPNs from their phishing sites.

ZachXBT also highlighted how Coinbase has quietly experienced related security incidents they refused to publicly address. Some of them include how a number of Coinbase users with old API keys used for tax software were hacked. He also mentioned the discovery of bugs, like one that allowed users to send a verification code to any email even if the address is not linked to any account. 

There was also the $15.9M Coinbase Commerce theft last year when the threat actor laundered $38M from the BTCTurk hack via Coinbase over a few hours. 

ZachXBT wants Coinbase to do better 

ZachXBT says Coinbase does not usually report the addresses linked to thefts in popular compliance tools even after the thefts have gone on for weeks. 

Besides that, affected victims have complained of getting stuck with less than optimal customer support agents who never report back. And when they try to reach the Coinbase team, things get even more complicated because they can be hard to reach outside US office hours, even though the company operates in a 24/7 market. 

ZachXBT also believes some of the threat actors are US-based, and Coinbase could easily make an example out of them if they wanted. So, the inaction raises eyebrows. 

He recommended steps for the Coinbase leadership team to protect their users from bad actors in the space. 

The on-chain sleuth wants to make phone numbers optional for advanced users with authenticator apps or security keys added for fully KYC-verified users. He also wants to add a beginner/elderly user account type that doesn’t allow withdrawals.

He wants Coinbase to improve community outreach to educate its users about potential threats before they get out of hand. 

As far as ZachXBT is concerned, the first three recommendations are the bare minimum expected of an exchange of Coinbase’s caliber. He added two more if Coinbase is serious about going the extra milestone for its users. 

He recommended legal action against TLOxp/TransUnion for negligence on behalf of users because it’s the favorite tool of these cyber criminals. He also said they could Initiate legal action against the US-based threat actors running these scams to make them scapegoats.

Cryptopolitan Academy: Are You Making These Web3 Resume Mistakes? - Find Out Here