Coinbase users have lost more than $46 million to phishing scams in just two weeks, as rising crypto prices continue to attract cybercriminals.
Fraud tactics like address poisoning and wallet spoofing deceive victims into transferring funds to addresses that closely mimic legitimate ones.
Blockchain investigator ZachXBT reports that multiple Coinbase wallets were targeted, with a single theft involving 400 BTC—valued at $81,464 per coin—marking one of the largest known incidents.
A screenshot from blockchain explorer Blockchair suggests the staggering loss originated from a single compromised wallet.
In a Telegram post, ZachXBT noted:
“It is suspected a Coinbase user was scammed yesterday for $34.9M (400.099 BTC). After uncovering this theft I noticed multiple other suspected thefts from Coinbase users in the past two weeks bringing the total stolen this month to $46M+.”
Jaclyn Sales, Coinbase’s director of communications, confirmed the company is investigating the claims.
She reiterated that Coinbase will never request login credentials, API keys, or two-factor authentication codes, warning users to stay vigilant against impersonation attempts.
She said:
“We are aware of ZachXTB’s claims and are investigating. Coinbase will never call you or ask for your login credentials, API key or two-factor authentication codes. We will also never ask you to transfer funds. If someone contacts you claiming to be from Coinbase and requests this information or asks you to transfer assets, do not do it. It is a scam.”
Scammers frequently impersonate major global brands to exploit consumer trust, using tactics like address poisoning and wallet spoofing to trick victims into transferring funds to fraudulent addresses.
While Coinbase remains the most impersonated brand in the crypto space, Meta saw over 25 times as many impersonation attempts as the exchange, according to a June 2024 report.
As the world’s third-largest centralised cryptocurrency exchange (CEX), Coinbase handles over $1.6 billion in daily trading volume, making it a prime target.
ZachXBT reported that between December 2024 and January 2025 alone, Coinbase users lost more than $65 million to phishing scams.
It noted:
“Our number is likely much lower than the actual amount stolen as our data was limited to my DMs and thefts we discovered on-chain which does not account for Coinbase support tickets and police reports we do not have access to.”
To mitigate risks, Coinbase advises users in February blog post, to enhance security by enabling two-factor authentication, using a dedicated email account, setting up an address allowlist, and leveraging Coinbase Vault for additional protection.
With scams becoming more sophisticated, will these measures be enough to curb mounting losses?
South Korean police warn of crypto scammers in chat app "reading rooms," deceiving investors with false promises, leading to an investigation and calls for vigilance against such fraudulent schemes.
AlexArthur Hayes criticized Cardano's dApps for lack of utility, engaging in a heated exchange with co-founder Charles Hoskinson, while questioning ADA's value and suggesting Ethereum as a better option.
AlexStartale Labs secures $7M in seed funding from Samsung, UOB, and Sony for Web3 expansion, aiming to lead Web3 adoption in Asia with innovative products and strategic partnerships.
WeiliangShanghai Anxun Information Company's internal leak on GitHub exposed illegal cybersecurity services, infiltrating government departments globally, and selling sensitive information, sparking calls for industry regulation.
KikyoDigital Currency Group disputes Genesis' settlement with NYAG over fraud charges, arguing it unfairly prioritizes certain creditors, challenging legal and regulatory norms in the crypto industry.
BrianPhilippine regulators threaten to block Binance for operating without a license, raising concerns among the crypto community and testing the exchange's compliance under new leadership amidst global regulatory challenges.
AlexParis Saint-Germain becomes a blockchain validator for Chiliz Chain, using revenue to buy back PSG fan tokens, pioneering sports clubs' deeper integration into digital economies and cryptocurrency technologies.
MiyukiLejilex and CFAT sue the SEC for overstepping in crypto regulation, seeking clear rules and challenging the classification of digital assets as securities, invoking the major questions doctrine.
WeiliangUnlock essential tips to spot and avoid blockchain scams with our guide, tailored for cryptocurrency enthusiasts seeking to safeguard their digital assets and personal information.
AlexKraken contests an SEC lawsuit alleging it operated as an unregistered exchange, arguing cryptocurrencies are commodities, not securities, in a pivotal case for crypto regulation.
Miyuki