Significant Losses from Social Engineering Attacks on Coinbase Users
Recent reports indicate that Coinbase (COIN) users have fallen victim to social engineering attacks, resulting in losses exceeding $65 million over the past two months alone. According to crypto investigator ZachXBT, the annual losses tied to such deceptive tactics may reach a staggering $300 million. It is essential to note that the actual figures could be even higher, as they do not account for unreported incidents.
As of now, Coinbase has not issued any public statements regarding this alarming trend and has yet to respond to inquiries from CoinDesk seeking clarification.
Scammers are employing sophisticated methods to exploit users, often utilizing stolen personal data to craft convincing fake emails that closely resemble official communications from Coinbase. These fraudulent messages frequently contain misleading case IDs, urging users to transfer their funds to wallets controlled by the scammers. ZachXBT elaborates, “Scammers replicate the Coinbase website almost identically, enabling them to send tailored prompts to targets through spoofed emails using specialized panels.”
He identified two primary groups behind these scams: individuals from the Com community and threat actors based in India, both of whom primarily target customers in the United States.
In a notable revelation, ZachXBT pointed out that a Coinbase employee advised users on social media to refrain from using VPNs to avoid raising red flags. However, he noted that many phishing sites actively block VPN access, highlighting a significant oversight in Coinbase’s approach to security. “This clearly demonstrates Coinbase’s inability to accurately diagnose the root of the problem,” he remarked.
To combat these pervasive threats, ZachXBT recommends that Coinbase enhance its security measures by making phone number verification optional, establishing a restricted account type for new users, and prioritizing community education on the importance of scam prevention.
