Crypto Investigators Say Coinbase Is Neglecting Security Vulnerabilities
Investigations into cryptocurrency and scammers, ZachXBT and tanuki42, say that Coinbase ignores critical security vulnerabilities which have resulted in huge losses to users. The findings reveal Coinbase’s negligence lets scammers siphon more than $300 million yearly from users via social engineering and phishing attacks.
Users Lost More Than $65M in Two Months
The investigators reported on Feb. 3 that Coinbase users lost more than $65 million in December 2024 and January 2025 alone, though they mentioned the real number could be much higher since estimates do not account for police complaints and unreported cases.
Our number is likely to be much lower than the real amount stolen, since our data only consisted of my DMs and thefts found on-chain, and did not include Coinbase support tickets or police reports,” ZachXBT said.
India-Based Scammers Taking Advantage of Poor Security
Most of these, according to the report, were orchestrated by threat actors in India and mainly targeted U.S.-based customers. While Coinbase frowns upon the use of VPNs to avoid flags from security systems, scammers are very active in blocking VPN access on phishing sites.
“This shows Coinbase’s failure to diagnose the actual problem,” the investigators said.
They also added that security gaps with old API keys, exploitation of verification code vulnerabilities, and laundering of stolen funds remain unclosed.
Lousy Support, Failure to Report Theft
The reasons ZachXBT lashed at Coinbase’s security practice are as follows:
- Under-reporting of theft addresses in compliance tools.
- Useless customer support doesn’t help victims.
- No 24/7 support for people outside U.S. timezones.
“Coinbase needs urgent changes as more users lose tens of millions every month,” he warned.
Scammers Brag About High Profits
In November 2024, one Coinbase scammer bragged about how he made five figures a week targeting executives and software engineers.
Casa chief executive Nick Neuman shared his conversation with one such scammer who posed as Coinbase support and said:
“We hit $35K two days ago. There’s money to be made in it.”
The scammer further admitted that they avoid “poor people,” targeting those who have at least $50,000 in assets.
Calls for Urgent Action
With the increase in security concerns, crypto analysts are suggesting that Coinbase take more serious steps regarding fraud prevention, customer support, and anti-scam policies to avoid further losses by its users.