- Over $45 million was drained from Coinbase users in one week due to phishing scams exploiting verification and compliance gaps.
- ZachXBT’s investigation links the attacks to global scam rings using cloned websites, spoofed calls, and phishing scripts to deceive users.
- Despite its technological advancements, Coinbase faces mounting criticism for delayed responses and failing to flag known theft addresses.
Over $45 million was stolen from Coinbase users last week through advanced social engineering attacks, according to ZachXBT. The blockchain investigator revealed these findings via his Telegram channel. Working alongside researcher Tanuki42, he traced the funds across multiple blockchains. The report shows that scammers exploited user verification weaknesses in Coinbase’s platform.
Attackers targeted victims using spoofed phone numbers and personal data to appear credible. They posed as Coinbase representatives and contacted users claiming suspicious activity. Consequently, the victims received emails that mimicked official Coinbase communications. These emails included fake case IDs and step-by-step asset transfer instructions.
Victims were told to move funds into a Coinbase Wallet and whitelist an attacker-controlled address. That action unknowingly gave scammers access to user assets. Hence, the attackers drained millions from wallets without triggering immediate platform alarms.
Sophisticated Phishing Networks Emerge
Besides impersonation attempts, attackers used cloned Coinbase websites and phishing panels. These tools replicated the original platform’s interface with precision. Scammers even built malicious scripts to bypass browser security and VPN users. Consequently, compliance teams faced detection challenges.
Moreover, ZachXBT highlighted repeated misuse of a wallet labeled “coinbase-hold.eth.” In one case, a victim lost $850,000. The same wallet received funds from at least 25 other victims. These thefts link to two main groups: a collective called “The Com” and another based in India. Both focus on U.S.-based users.
Security Oversights and Historical Concerns
Additionally, Coinbase’s response raised major concerns. ZachXBT noted that the exchange failed to flag known theft addresses for weeks. Victims also reported slow support and sudden account restrictions. Hence, critics argue Coinbase lacks adequate internal safeguards.
Previous breaches also resurfaced. These include API vulnerabilities in tax software and a $15.9 million Coinbase Commerce theft in 2023. Significantly, Coinbase never publicly disclosed those issues.
Calls for Change and User Protections
To combat these threats, ZachXBT suggested several changes. He urged Coinbase to remove phone number requirements for users with authentication apps. He also proposed introducing “elder” accounts with withdrawal limits and boosting global support.Moreover, he emphasized the need for community education and quicker incident response. Despite Coinbase’s broader achievements, ZachXBT believes user safety has taken a back seat. Consequently, the platform remains a prime target for coordinated crypto heists.
