Coinbase Users Fall Victim to $65M Social Engineering Scams in Two Months

Coinbase Users Lose $65M to Social Engineering Scams in Two Months, Annual Losses Could Hit $300M

  • Over $65 million lost to social engineering attacks on Coinbase users in just two months.
  • Annual losses estimated at $300 million, with potential for higher unreported figures.
  • Scammers use sophisticated website cloning and email spoofing techniques targeting US customers.
  • Security concerns raised over Coinbase’s VPN policy and user protection measures.
  • Recommendations include optional phone requirements and restricted accounts for new users.

Cryptocurrency exchange Coinbase faces mounting security challenges as users lost more than $65 million to sophisticated social engineering attacks in the past two months, according to crypto investigator ZachXBT‘s analysis shared Monday.

- Advertisement -

The scale of these losses represents a significant threat to cryptocurrency investors, with annual losses potentially reaching $300 million. Security experts suggest the actual figures could be substantially higher due to unreported incidents.

Scammers employ advanced technological tactics, creating nearly identical replicas of the Coinbase platform. These fraudulent operations primarily originate from two main groups: actors based in India and individuals from the Com community, both focusing their efforts on US-based customers.

“Scammers clone the Coinbase site nearly 1:1 and allow the scammers to send different prompts to the target via spoofed emails using panels,” explained ZachXBT in his detailed analysis.

The controversy intensified when ZachXBT criticized Coinbase’s security approach, particularly regarding Virtual Private Network (VPN) usage. While a Coinbase representative discouraged VPN use to avoid suspicious activity flags, threat actors actively block VPN access to their phishing sites, highlighting a potential misalignment in security strategies.

In response to the growing concern, Coinbase directed users to their comprehensive guide on preventing social engineering scams, though they have not directly addressed the reported losses.

Security experts recommend implementing stronger verification processes for new accounts and making phone number requirements optional to enhance platform security. These measures could potentially reduce the effectiveness of social engineering attacks, which rely heavily on manipulating user trust and personal information.

- Advertisement -

The surge in social engineering attacks against cryptocurrency users follows a broader trend in digital asset security breaches, where fraudsters increasingly target centralized exchange users through sophisticated impersonation techniques.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

BPX Gains FCA Nod to Trade Tokenized Securities in the UK

BPX, a startup focused on trading tokenized securities, received several authorizations from the UK’s...

Shopify, Coinbase Launch USDC Payments; Mastercard Expands Crypto Access

Shopify and Coinbase allow merchants to accept USDC stablecoin payments, making crypto transactions easier...

Coinbase Launches Wrapped ADA and LTC on Base, COIN Hits New High

Coinbase has introduced wrapped versions of Cardano (ADA) and Litecoin (LTC) on its Ethereum...

ClickFix Attacks Surge 517% in 2025, Fake CAPTCHAs Spread Malware

ClickFix attacks using fake CAPTCHA verifications have risen by 517% in early 2025, according...

FHFA Orders Fannie, Freddie to Consider Crypto as Mortgage Collateral

The U.S. Federal Housing Finance Agency ordered Fannie Mae and Freddie Mac to consider...

Must Read

How To Buy a Handshake Domain: A Step-by-Step Guide

Handshake Domains | Benefits | Drawbacks | How To Buy | Supported BrowsersIn this step-by-step guide, I am going to show you how to...