Cryptocurrency investigators ZachXBT and tanuki42 accused Coinbase of failing to address security vulnerabilities and scam incidents that have cost investors millions of dollars each month.
On Feb. 3, independent crypto investigator ZachXBT and tanuki42 from zeroShadow reported that Coinbase users lost more than $65 million in December 2024 and January 2025 alone. Still, the duo claimed the losses were even higher, as their calculations do not consider inaccessible police complaints.
“Our number is likely much lower than the actual amount stolen as our data was limited to my DMs and thefts we discovered onchain, which does not account for Coinbase support tickets and police reports we do not have access to,” ZachXBT said in an X post.
According to their findings, Coinbase users collectively lost more than $300 million in a year to social engineering scams.
Source: tanuki42
ZachXBT noted that some scams were orchestrated by threat actors from India, primarily targeting US-based customers.
While Coinbase advises users against using a virtual private network (VPN) to avoid getting wrongly flagged by its internal security system, the investigators said that scammers explicitly block VPNs from phishing sites, adding, “This shows Coinbase’s failure to diagnose the actual problem.”
Source: ZachXBT
The duo added that Coinbase has not addressed some prevalent and ongoing security incidents. As a result, security exploits related to old API keys, a verification code-related bug and the laundering of stolen funds were made possible on Coinbase.
Related: Coinbase wins UK FCA approval as registered crypto service provider
ZachXBT blamed the rise in Coinbase scams on the exchange’s under-reporting of theft addresses in popular compliance tools, “useless customer support agents,” and lack of support for outside US timezone. He said:
“Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month.”
In November 2024, a crypto phishing Coinbase scammer said they make “a minimum of five figures a week” by targeting company executives and software engineers.
Nick Neuman, co-founder and CEO of Bitcoin self-custody solutions provider Casa, disclosed his recent interaction with a “Coinbase support” scammer. The scammer said:
“We make a minimum of five figures a week. We hit $35K two days ago; we do it for a reason; there is money to be made in it.”
The scammer also revealed they never target “poor people” and contact potential victims from a database containing information about people with at least $50,000.
Magazine: Pectra hard fork explained — Will it get Ethereum back on track?