Cryptocurrency investigators ZachXBT and tanuki42 have accused Coinbase of failing to fix security weaknesses that have led to massive financial losses for its users. They estimate that scams linked to the platform cost users over $300 million annually.
Coinbase Users Lost $65 Million in Two Months
According to their findings, Coinbase users lost more than $65 million in December 2024 and January 2025 alone. However, they believe the actual losses are much higher since their calculations do not include police reports and complaints that remain inaccessible.
“Our number is likely much lower than the actual amount stolen, as our data was limited to my DMs and thefts we discovered on-chain,” ZachXBT posted on X.
Social Engineering Scams on the Rise
Many of these scams involve social engineering, where attackers trick users into revealing personal information. The investigators claim that scammers from India primarily target U.S. users.
One major issue they highlighted was Coinbase’s security policy regarding VPNs. While Coinbase advises users not to use VPNs to prevent account restrictions, scammers actively block VPNs on phishing sites. This, the investigators say, proves that Coinbase has failed to identify and address the real security problem.
Coinbase Accused of Ignoring Security Flaws
The investigators claim that company has ignored several persistent security threats. One of the major issues is the exploitation of old API keys, which allow hackers to gain unauthorized access to user accounts. Another vulnerability involves a bug in Coinbase’s verification system, making it easier for scammers to bypass security checks. Additionally, stolen funds are reportedly being laundered through Coinbase due to the platform’s failure to track fraudulent transactions effectively.
They also blame the exchange for under-reporting theft-related addresses in compliance tools and poor customer support. This lack of transparency, they argue, makes it easier for scammers to continue defrauding users. The investigators further highlighted that platform’s customer support is ineffective, leaving victims with little assistance. They also noted that Coinbase provides limited support for users in different time zones, making it difficult for international customers to receive timely help.
You May Also Like: Coinbase Appeals for Ruling on Crypto Trades as Non-Securities
Scammers Making Five-Figure Profits Weekly
The scale of these scams is significant. In November 2024, a Coinbase phishing scammer told investigators that they make “a minimum of five figures a week.” They said they specifically target company executives and software engineers because of their high income.
One scammer even revealed that they use a database containing details of people with at least $50,000 in assets.
