Blockchain investigator ZachXBT has revealed that Coinbase users lost another $45 million over the past week due to coordinated social engineering scams. The update, shared on his Telegram channel, highlights multiple wallet addresses linked to the thefts and ties the latest incidents to a broader pattern of crypto heists targeting Coinbase customers over the past year.
A Persistent and Growing Threat
The latest findings add to ZachXBT’s previous investigations, which have attributed over $300 million in annual losses to similar scams targeting Coinbase users. Working alongside researcher Tanuki42, ZachXBT traced the stolen funds across multiple blockchains, uncovering weaknesses in Coinbase’s user verification and compliance processes.
“Victims are contacted via spoofed phone numbers and persuaded, using stolen personal data, to verify suspicious activity on their accounts.”
Scammers send fraudulent emails that appear to come from Coinbase, complete with fake case IDs. These emails instruct users to move their assets into a Coinbase Wallet and whitelist an address, unknowingly granting attackers control over their funds.
One recurring wallet, labeled “coinbase-hold.eth,” has been identified as a consolidation point for stolen assets. One victim reportedly lost $850,000, with evidence linking the wallet to at least 25 other victims. Despite reports, Coinbase has not flagged or frozen known theft addresses. ZachXBT highlighted this ongoing issue weeks after the fraud was reported.
Key Players Behind the Scams
Two main groups are reportedly responsible for these attacks: a cohort known as “The Com” and another operating out of India. Both primarily target U.S. customers, deploying cloned Coinbase websites, sophisticated phishing panels, and malicious scripts. To evade detection, scammers often design phishing domains to block VPN users, complicating efforts by compliance teams to identify threats.
The report also raises concerns about previous security lapses involving Coinbase systems. These include vulnerabilities in tax software APIs that allowed unauthorized verification emails and a $15.9 million theft from Coinbase Commerce in 2023. According to ZachXBT, Coinbase has yet to publicly disclose or address these issues.
Recommendations for Improved Security
To mitigate these risks, ZachXBT proposed several changes to Coinbase’s platform. These include:
- Removing the requirement for phone numbers for users with hardware keys or authentication apps.
- Introducing optional “elder” account types with withdrawal restrictions.
- Expanding customer support for international users.
He also emphasized the need for proactive community education, regular incident response updates, and the immediate flagging of known theft addresses. ZachXBT recognizes Coinbase’s contributions, including its Base layer-2 blockchain and SEC defense. However, he believes these advancements have compromised user safety.
Final Thoughts
The disclosure underscores a growing issue: Coinbase has become a recurring target for sophisticated social engineering campaigns. With no other major exchange experiencing the same scale of problems, this trend raises serious questions about Coinbase’s ability to protect its users.
As these scams persist, it is crucial for Coinbase to address these vulnerabilities urgently. Without meaningful action, the exchange risks undermining user trust and jeopardizing its reputation in the crypto space.
