TLDR
- Coinbase users lose approximately $300 million annually through social engineering scams, with $65 million stolen between December 2024 and January 2025 alone
- Two main groups orchestrate the scams: ‘The Com’ members and India-based cybercriminals targeting US customers
- Scammers use spoofed phone numbers, personal data from private databases, and fake Coinbase emails with case IDs to trick victims
- One documented case showed $850,000 stolen from a single victim, with funds traced to an address linked to 25+ other victims
- Competing exchanges like Kraken, OKX, and Binance reportedly don’t face similar levels of security issues
A new investigation has revealed that Coinbase users are losing more than $300 million per year through sophisticated social engineering scams. On-chain investigator ZachXBT, working with researcher Tanuki42, uncovered data showing that scammers stole at least $65 million from Coinbase users in just two months between December 2024 and January 2025.
The investigation traced the activities of two main criminal groups responsible for these thefts. One group consists of members from an organization known as ‘The Com,’ while the other involves cybercriminals based in India who primarily target customers in the United States.
13/ Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month.
Other major exchanges do not have similar panels created by scammers for fraud.
While the victims are partially responsible it’s unreasonable to expect… pic.twitter.com/KJJf8kFdlB
— ZachXBT (@zachxbt) February 3, 2025
The scammers employ a detailed playbook to deceive their victims. They begin by contacting users through spoofed phone numbers, using personal information obtained from private databases to establish credibility. The criminals inform victims about supposed unauthorized login attempts on their Coinbase accounts.
Following the initial contact, victims receive fraudulent emails that appear to come from Coinbase. These emails include fake case ID numbers meant to verify the legitimacy of the communication. The scammers then guide victims through a series of steps that ultimately give them control over the users’ assets.
One particularly striking case documented in the report involved a single victim losing approximately $850,000. The stolen funds were tracked to a consolidation address labeled “coinbase-hold.eth,” which investigators found was connected to more than 25 other victims.
The criminals have developed sophisticated infrastructure to support their operations. They create clone websites that mimic Coinbase’s official platform and operate phishing panels advertised through Telegram channels. These fake sites are designed to block VPN access, which helps the scammers avoid detection while ironically conflicting with Coinbase’s security recommendations against VPN use.
The investigation revealed several security incidents that Coinbase allegedly hasn’t addressed publicly. These include problems with old API keys used for tax software and a vulnerability that allowed verification codes to be sent to any email address regardless of account status.
The report noted that in 2023, Coinbase Commerce suffered a $15.9 million theft. Adding to these concerns, stolen funds often remain unflagged in compliance tools even weeks after theft occurs, making recovery more difficult for victims.
Victims have reported consistent difficulties in reaching Coinbase customer support, particularly outside of U.S. business hours. This lack of accessibility compounds the problems faced by users who have lost funds to scammers.
The scale of these attacks becomes more notable when compared to other major cryptocurrency exchanges. According to the investigation, competing platforms including Kraken, OKX, and Binance do not experience similar levels of social engineering attacks against their users.
Between 2023 and 2024, blockchain analysis firm Chainalysis reported that scammers stole $4.6 billion through social engineering attacks across all platforms, highlighting how the Coinbase-specific losses represent a substantial portion of overall crypto scam activity.
ZachXBT’s report outlined several potential solutions Coinbase could implement to protect users. These include making phone numbers optional for advanced users who rely on authentication apps or security keys, and creating a special account type for beginners and elderly users with additional withdrawal restrictions and enhanced customer support.
Other suggested improvements include increasing community engagement through educational blog posts about fund recovery, maintaining a full-time incident response team, actively flagging addresses associated with theft, and blocking known phishing domains.
The report acknowledged several positive aspects of Coinbase’s operations, including their stablecoin services, development of the Base blockchain, asset recovery tools, legal advocacy against SEC regulations, and custody services for institutional clients.
The investigation indicated that these losses continue at a rate of tens of millions of dollars monthly, with the $65 million stolen in December 2024 and January 2025 likely representing an undercount since it doesn’t include data from Coinbase support tickets or law enforcement reports.
