ZachXBT uncovers that Coinbase users suffered an additional $45M loss in a week due to persistent social engineering scams.

Blockchain investigator ZachXBT has disclosed that users of Coinbase experienced a loss of an additional $45 million recently due to organized social engineering scams.

In an update shared through his Telegram channel, he pinpointed several wallet addresses associated with these thefts, connecting the recent incidents to an ongoing trend of cryptocurrency heists that has been evident for several months.

This latest report builds upon ZachXBT’s previous research, which has linked similar scams to more than $300 million in annual losses suffered by Coinbase patrons.

Alongside fellow researcher Tanuki42, ZachXBT mapped the recent thefts across various blockchains, revealing that attackers exploit gaps in Coinbase’s user verification and compliance features.

The revealed addresses of the theft include several Bitcoin and Ethereum wallets that are reportedly tied to orchestrated phishing and impersonation schemes.

Findings indicate that victims are approached using spoofed phone numbers and coerced, employing stolen personal information, to verify dubious activities on their accounts.

Scammers subsequently dispatch fraudulent emails that mimic Coinbase correspondence, including fabricated case IDs. Instructions prompt users to transfer their assets into a Coinbase Wallet and whitelist a specific address, inadvertently granting control of their funds to the attackers.

ZachXBT has logged numerous instances where a wallet dubbed “coinbase-hold.eth” was used to aggregate the stolen funds. One notable case involved a victim losing $850,000, with indications that this wallet had received funds from at least 25 other individuals.

Both the blockchain investigator and victims of these thefts have frequently criticized Coinbase’s risk management protocols. Numerous users have reported abrupt account limitations and protracted delays in customer support responses.

ZachXBT emphasized that Coinbase has not managed to identify or freeze known theft addresses, even weeks following reports of fraudulent actions.

The scams appear to be carried out primarily by two groups: one referred to as “The Com” and another operating from India. Both groups particularly target US clients, using cloned Coinbase websites, advanced phishing tools, and harmful scripts to execute their schemes.

To evade security measures, these scammers typically create phishing sites that block access to VPN users, making detection by compliance teams more challenging.

Concerns are also raised about past incidents related to Coinbase systems, such as vulnerabilities with outdated API keys in tax software, which facilitated unauthorized verification emails, and a $15.9 million theft from Coinbase Commerce in 2023.

According to ZachXBT, Coinbase has yet to publicly address these concerns or acknowledge the security vulnerabilities that enabled such events.

To address the ongoing issues, ZachXBT proposed a series of modifications to Coinbase’s platform. These suggestions include eliminating the necessity for phone numbers for users employing hardware keys or authentication applications, introducing optional “elder” user account categories with withdrawal limitations, and enhancing customer support for international clients.

He also advocated for community education initiatives, consistent updates following incidents, and the prompt marking of known theft addresses.

While acknowledging Coinbase’s significant contributions to the cryptocurrency landscape, including its Base layer-2 blockchain, asset recovery initiatives, and vigorous legal defense against the SEC, he asserts that these developments have come at the expense of user safety.

This disclosure adds to mounting evidence indicating that Coinbase has increasingly become a prominent target for complex social engineering tactics, a challenge not similarly faced by other major exchanges.