Scammers steal over $300 million annually from Coinbase users, with at least $65 million lost in two months (Dec 2024 – Jan 2025).
Fraudsters exploit phishing and fake support calls, tricking users into sharing sensitive data or transferring funds to scam wallets.
Coinbase fails to block known theft addresses, while critics argue its policies harm users more than stopping criminals.
Coinbase, one of the largest crypto exchanges, has been under fire over its failure to prevent large-scale scams while aggressively restricting user accounts. According to a recent by Independent blockchain investigator ZachXBT, scammers steal more than $300 million annually from users, yet the company has made little progress in stopping these attacks.
Many customers find themselves locked out of their accounts without warning, leaving them unable to recover lost funds. A Coinbase user Hudson Jameson, :
“With 0 warning Coinbase has restricted my account from sending any crypto… They also said they couldn’t tell me why. BUT said I am able to convert the crypto to USD and withdraw the USD??? Seems super scummy and unprofessional.”
“With 0 warning Coinbase has restricted my account from sending any crypto… They also said they couldn’t tell me why. BUT said I am able to convert the crypto to USD and withdraw the USD??? Seems super scummy and unprofessional.”
According to the report, at least $65 million vanished from Coinbase users between December 2024 and January 2025. The real number could be even higher as sophisticated scams continue to evolve. Impersonation, phishing, and fake communications remain the primary weapons in scammers’ arsenal, making it difficult for victims to realize they are being targeted until it is too late.
Many fraudsters rely on social engineering to gain access to user accounts. A common scheme involves scammers calling users from fake Coinbase support numbers, claiming that unauthorized login attempts were detected. By using stolen personal data, they build trust and convince users to share sensitive information. Coinbase has warned customers that the company will never call them.
Phishing Tactics Cost Users Millions
Another widespread scam involves fraudulent emails disguised as official Coinbase communications. These messages contain fake case IDs and links to phishing websites. Once victims enter their credentials, scammers take over their accounts and drain funds within minutes. Some fraudsters even direct users to “secure” wallets, which they control, tricking people into voluntarily transferring their assets.
“[Scammers] sent a spoofed email which appeared to be from Coinbase with a fake Case ID further gaining trust. They instructed the victim to transfer funds to a Coinbase Wallet and whitelist an address while “support” verified their accounts security,” the report noted.
“[Scammers] sent a spoofed email which appeared to be from Coinbase with a fake Case ID further gaining trust. They instructed the victim to transfer funds to a Coinbase Wallet and whitelist an address while “support” verified their accounts security,” the report .
ZachXBT’s investigation uncovered a darker side to these operations. Criminal groups now run Telegram channels where they sell access to phishing control panels, making it easier for new scammers to exploit users.
“Scammers clone the Coinbase site nearly 1:1 and allow the scammers to send different prompts to the target via spoofed emails using panels,” ZachXBT said.
“Scammers clone the Coinbase site nearly 1:1 and allow the scammers to send different prompts to the target via spoofed emails using panels,” ZachXBT .
Coinbase’s Failure to Block Known Theft Addresses
One of the biggest concerns is Coinbase’s failure to block known theft addresses using compliance tools. Many stolen funds are sent to addresses that could be flagged, yet these transactions continue unnoticed. Victims who contact Coinbase for assistance frequently report poor customer service and unresolved complaints.
Adding to user frustration, Coinbase discourages the use of VPNs, a tool that could enhance security. Meanwhile, attackers easily bypass existing restrictions, making the platform’s approach ineffective. Critics argue that the company’s policies punish legitimate users while doing little to stop criminals from operating freely.
Source: ZachXBT
ZachXBT has called on Coinbase to implement several urgent security changes. These include removing phone numbers as a default option for account recovery, creating safer account types for elderly users, and strengthening phishing detection tools. Without action, the losses will only grow, and user trust in the platform will continue to erode.
10/ So where does the blame lie?a) For the vast majority of the time these theft addresses are not being reported at all by Coinbase in popular compliance tools even after the thefts went on for weeks. b) Multiple victims who have contacted me get stuck with useless customer… pic.twitter.com/ssYL2wN5iO
10/ So where does the blame lie?a) For the vast majority of the time these theft addresses are not being reported at all by Coinbase in popular compliance tools even after the thefts went on for weeks. b) Multiple victims who have contacted me get stuck with useless customer…
Physical Crypto Attacks on the Rise
The surge in scams is just one piece of a growing security crisis in the crypto world. Physical attacks on crypto holders have become increasingly common. show that there were 18 such cases in 2023, rising to 24 in 2024, and already eight incidents in January 2025 alone. This shift highlights how criminals are moving from cyber theft to direct physical coercion.
One particularly alarming trend is the rise of “wrench attacks.” Instead of hacking into systems, criminals now use physical violence to force victims to transfer their crypto holdings. Because digital assets can be moved instantly and globally, these crimes are efficient and difficult to track.
In response to this growing threat, security firms are stepping up. AnchorWatch now offers insurance against violent Bitcoin robberies, with backing from Lloyd’s of London. The policy covers up to $100 million in losses but excludes hacking incidents and government seizures.