According to on-chain investigator ZachXBT, Coinbase users suffered over $45M in losses linked to social engineering. The independent analyst shared a series of addresses linked to the alleged scammers.Â
ZachXBT noted $45M in outflows from Coinbase users in the past week alone. The destination addresses were identified as belonging to social engineering scammers.
On-chain researchers intercepted ten BTC and ETH addresses, which received relatively large lump sums and moved them to new anonymous wallets.Â
On the Ethereum addresses, the exploiters received ETH and DAI funds, immediately emptying the destination wallet. In similar scams, the attackers used anonymous DEX and DeFi services, as well as coin mixers.
Previous investigations link the scams to spoof verification messages. Targets were called personally by Coinbase Support impersonators. Then, they use a spoofed site and copied email templates to convince users to send all funds to a new address. This also explains the transaction pattern, which emptied entire accounts in one large transfer.Â
Coinbase users suffer significant losses from personal scams
ZachXBT reported a nine-figure loss from scams targeting Coinbase customers. Most of the outflows were not flagged, as they were signed and sent by users in bulk, even without a test transaction.Â
Data from previous months showed that scammers have been busy with Coinbase customers. In March, ZachXBT noted $46M in outflows, and as much as $65M in December 2024 and January 2025.Â
None of the destination addresses were flagged by Coinbase security tools.
In total, ZachXBT estimates the size of scams at $300M on a yearly basis. Other exchanges have not shown similar withdrawals. One of the reasons pointed out by the investigator is that Coinbase panels are sold through Telegram, allowing multiple scammers to impersonate the exchange. No such panels and toolsets are available for other markets.
ZachXBT received some of the addresses in calls for investigation. The on-chain investigator also noted that some Coinbase users report directly to authorities. Scammers can create new wallets almost constantly, but the old wallets are still not blacklisted by Coinbase.Â
The outflows follow a period where Coinbase was extremely strict with suspicious activity from user accounts, often leading to freezes based on minor suspicions. However, there are no mitigation tools for sending funds to possible scammers. ZachXBT has urged for more account protections and community outreach to warn against social engineering techniques.Â
Coinbase hosts a higher percentage of US-based traders, who are often targeted in ‘pig butchering’ scams. The discovery arrives after a recent event, where scammers convinced a BTC holder to transfer their entire wallet of 3,520 BTC.Â
Targeting US-based investors taps into a pool of wallets with an average value of just $300, but with the chance to scam large-scale retail owners. US-based wallets hold an estimated $8B of total retail crypto wealth.
The transactions from personal accounts were then sent to THORChain, swapped into Ethereum-based assets and mixed. Decentralized anonymous swaps serve to hide the origin of the funds. Some of the coins were swapped for DAI, a stablecoin that can also be easily mixed with Tornado Cash.
Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot
