ZachXBT Urges Coinbase to Strengthen Security as Users Lose $65M to Social Engineering Attacks
Coinbase users have lost more than $65 million in the past two months due to social engineering attacks, with estimates indicating that $300 million is lost annually to such scams, according to crypto investigator ZachXBT in a post shared on X (formerly Twitter) on Monday.
ZachXBT cautioned that the actual loss may be higher, as unreported cases are not included in the figure. Coinbase has not publicly addressed the matter, though when approached for comment, the exchange referred to a blog post it published on Monday offering guidance on identifying and avoiding social engineering scams.
Scammers are using stolen personal data to impersonate Coinbase in emails that appear official, including fraudulent case IDs that prompt users to transfer funds to scammer-controlled wallets, ZachXBT explained.
“The scammers clone the Coinbase site almost identically, using spoofed emails and panels to send fake prompts to the targets,” he said. “The two main groups behind these scams are low-level hackers, or ‘skids,’ from the Com region and threat actors based in India, both of which mainly target U.S. customers.”
In his post, ZachXBT shared a shocking claim that a Coinbase employee advised users to stop using VPNs to avoid being flagged as suspicious. However, he noted that scammers block VPNs on phishing sites to avoid detection.
ZachXBT recommended that Coinbase take immediate action to address these threats by making phone number inputs optional, creating a restricted account type for new users, and increasing community education efforts to help users recognize and avoid scams.
