- Over $65 million lost to social engineering attacks on Coinbase users in just two months.
- Annual losses estimated at $300 million, with potential for higher unreported figures.
- Scammers use sophisticated website cloning and email spoofing techniques targeting US customers.
- Security concerns raised over Coinbase’s VPN policy and user protection measures.
- Recommendations include optional phone requirements and restricted accounts for new users.
Cryptocurrency exchange Coinbase faces mounting security challenges as users lost more than $65 million to sophisticated social engineering attacks in the past two months, according to crypto investigator ZachXBT‘s analysis shared Monday.
The scale of these losses represents a significant threat to cryptocurrency investors, with annual losses potentially reaching $300 million. Security experts suggest the actual figures could be substantially higher due to unreported incidents.
Scammers employ advanced technological tactics, creating nearly identical replicas of the Coinbase platform. These fraudulent operations primarily originate from two main groups: actors based in India and individuals from the Com community, both focusing their efforts on US-based customers.
“Scammers clone the Coinbase site nearly 1:1 and allow the scammers to send different prompts to the target via spoofed emails using panels,” explained ZachXBT in his detailed analysis.
The controversy intensified when ZachXBT criticized Coinbase’s security approach, particularly regarding Virtual Private Network (VPN) usage. While a Coinbase representative discouraged VPN use to avoid suspicious activity flags, threat actors actively block VPN access to their phishing sites, highlighting a potential misalignment in security strategies.
In response to the growing concern, Coinbase directed users to their comprehensive guide on preventing social engineering scams, though they have not directly addressed the reported losses.
Security experts recommend implementing stronger verification processes for new accounts and making phone number requirements optional to enhance platform security. These measures could potentially reduce the effectiveness of social engineering attacks, which rely heavily on manipulating user trust and personal information.
The surge in social engineering attacks against cryptocurrency users follows a broader trend in digital asset security breaches, where fraudsters increasingly target centralized exchange users through sophisticated impersonation techniques.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Tezos Co-Founder: Commodity Markets Could Be Revolutionized Through Tokenization
- DTCC Unveils ComposerX Platform for Multi-Chain Digital Asset Management
- Eric Trump’s ETH Price Pump Tweet Sparks Market Manipulation Concerns
- Helium Mobile Launches First-Ever Free 5G Phone Plan in US
- Scaramucci Predicts Pro-Crypto Legislation Coming to US by November
