In the past two months, Coinbase users have reported an increase in account restrictions, who seem to be linked to the aggressive risk models of the company and a continuous wave of social engineering scams.
Zachxbt believes that the blame for losses lies in Coinbase leadership, does not signal the flight addresses, offer reactive support and quickly reacts to threats – rival problems like Kraken and Binance manage much more effectively.
Coinbase security crisis
Popular pseudonym investigator on the Zachxbt channel, alongside the zeroshadow researcher “Tanuki42”, discovered that at least $ 65 million was stolen from Coinbase users through social engineering scams between December 2024 and January 2025.
Their results, on the basis of chain data analysis and victim reports received via direct messages, suggest that the actual figure is probably much higher, because it does not take into account the cases reported directly to Coinbase or to police.
Scams generally involve attackers who pretend to be Coinbase support, using usurped phone numbers and emails to gain the confidence of victims, often taking advantage of personal data from private databases. The victims are led to transfer funds to compromised Coinbase portfolios and to fraudulent white list addresses.
A case involved a loss of $ 850,000, the stolen funds consolidated alongside assets of more than 25 other victims linked to the address “Coinbase-hold.eth”. Zachxbt assigned these scams to groups based in India and cybercriminals of low level of online communities like com. He criticized the risk models of Coinbase and the safety measures of customers, which, according to him, did not prevent more than $ 300 million in annual losses for such fraud.
Inaction of leadership and weak support
In addition to the scams in creeping social engineering, Zachxbt said that Coinbase had discreetly experienced several security incidents which were not publicly disclosed. These include violations involving old API keys used for tax software, which were supposed to have reading authorizations alone but were compromised, and a recent bug which made it possible to send verification codes to n ‘ No matter what an e-mail address, whether it is linked to an account.
In 2023, $ 15.9 million was stolen in Coinbase Commerce, and a threat player laundered $ 38 million in BTCTURK piracy via Coinbase in just a few hours. The blame, according to the detective, largely falls to Coinbase leaders for systemic security and customer response failures.
Flight -related addresses are often not reported in compliance tools for weeks, leaving gaps in fraud detection. The victims frequently encounter ineffective customer support, with little follow -up, and the unavailability of the company outside American hours is problematic for a 24/7 global market.
He also added that competitors such as Kraken, OKX and Binance manage similar risks more effectively, Coinbase has not taken decisive measures against threatening American actors even at low level with poor operational security. Zachxbt said basic issues result from leadership decisions, not individual employees.
“Coinbase must urgently make changes because more and more users are scammed for tens of millions per month. Other major exchanges do not have similar panels created by fraud crooks. Although the victims are partially responsible, it is unreasonable to expect the elderly victims to include the nuances of the usurpation by email / telephone. »»
Free binance $ 600 (EXCLUSIVE Cryptopotato): Use this link to record a new account and receive an exclusive welcome offer of $ 600 on Binance (all details).
Limited offer for cryptopotate players at Bybit: Use this link to record and open a free $ 500 position on any part!