Coinbase Users Lose $46M in Crypto Phishing Scams

At the moment, there has been an increased number of scams involving cryptos; Coinbase customers have also been victims of phishing scams, and they have lost about $46 million. Such cases happened in March 2021, as highlighted by the blockchain researcher ZachXBT, where individuals were lured to submit huge amounts of Bitcoin to these con addresses. 

Meanwhile, these cases are an indication that the risks associated with performing cryptocurrency transactions are on the rise, hence the need to balance security.

Phishing Scams Target Coinbase Users

The danger of phishing attacks remains high for crypto asset owners since scammers use deception to redirect cryptocurrency from legitimate wallets to imposter wallets. Cybercriminals prefer two attack methods, which include phishing and wallet spoofing. Mimicking wallet addresses constitutes a population tactic that forces users to transfer their funds to incorrect addresses.

ZachXBT identifies one of the biggest being that of a Coinbase user who lost 400.099 Bitcoin, which is roughly equal to $34.9 million, on the 27th of March. These funds were transferred from Bitcoin to Ethereum using Thorchain and Chainflip and cashed for DAI. Since the hackers transfer assets across other blockchains, it becomes harder to track the stolen funds.

https://twitter.com/WuBlockchain/status/1905611925356163335

Further occurrences were also witnessed in the month of March also. The first case is dated back to March 26, when the user lost 60.164 BTC, and in another case, 46.147 BTC were stolen the previous day, on March 25. Another incident occurred on March 16 where the company was able to lose 20.028 BTC.

Coinbase Responds to Security Concerns

The company confirmed through a statement that they have processed numerous reports about thefts while they continue to conduct their investigation. Jaclyn Sales of Coinbase wrote in a company email that Coinbase employees have never requested user login credentials, API keys, or two-factor authentication codes. People need to exercise caution and protect themselves according to her guidance by being alert to potential individuals pretending to work at Coinbase.

Coinbase representatives have stated explicitly that the company avoids contacting customers to request access details or authentication methods. According to him, Coinbase employees would never request these details nor request asset transfers, so claims should be rejected as fraudulent.

These security warnings exist, although observers remain doubtful regarding Coinbase’s capacity to thwart fraudulent transactions. According to ZachXBT, the platform has not identified or marked the addresses affected by these thefts in their compliance tracking tools. Several users have begun to doubt the adequacy of fraud monitoring and prevention systems as a result of the platform’s handling of reported incidents.

Users received security suggestions from Coinbase through a blog entry to activate two-factor authentication while using a separate email address specifically for their accounts and setting up address allowlists before placing their funds in Coinbase Vault. People are doubtfully assessing the effectiveness of security measures against phishing scams, which continue to deceive users.

The Growing Threat of Crypto Scams

These hacking incidents are part of the general pump-and-dump schemes regarding the crypto marketplace. He also claimed that between December 2024 and January 2025, he saw more than $65 million stolen from Coinbase users through similar phishing scams. His estimations showed that these attacks could lead to Coinbase users’ losses of over $300m per annum.

Some ways in which fraudsters target users are phone number spoofing, phishing emails, and fake customer support calls. The first and most publicized victim, who lost $850,000 in January, was scammed after receiving a call via a fake Coinbase phone number. 

The scammer took the victim’s identity to first deceive him into believing there have been attempts by unauthorized personnel trying to log into his account. A second email seemed to be from Coinbase and requested the recipient to send some funds for verification, which resulted in a fraud.

Pig butchering scams are another type of scam where individuals spend a long time interacting with the sociopath before being coerced into sending money. Cyvers’s report stated that such replacement scams amounted to over $5.5 billion and affected more than 200,000 instances through 2024. Besides, these scams often entail the scammers establishing contact with victims with the aim of having them perform fraudulent transactions.