Coinbase Users Lose Over $300 Million Per Year to Social Engineering Scams: ZachXBT

Coinbase users are reportedly losing more than $300 million per year to social engineering scams.

Social engineering scams are fraudulent schemes that use manipulation and deception to trick individuals into revealing personal information or taking actions that compromise their security.

According to ZachXBT, a blockchain investigator, he and another investigator, tanuki42 (his X user name), have uncovered different thefts in which Coinbase customers are the victims.

ZachXBT stated that Coinbase users incurred a $65M loss from December 2024 to January 2025.

He added that the figure mentioned might not represent the total amount of the stolen assets, as the report only reflects data he received directly from victims and thefts they discovered on-chain.

“Myself and @tanuki42_ spent time reviewing Coinbase withdrawals and gathering data from my DMs for high-confidence thefts on various chains,” ZachXBT stated.

ZachXBT backed up the claims with a table consisting of the bad actor’s wallet addresses, transaction number (TXN), and the amount and value of the stolen assets.

On March 28th, 2025, ZachXBT also reported that a week before that date, more than $45M was stolen from Coinbase users via social engineering scams. The scams are linked to organized groups mainly based in India and online communities.

Scammers Impersonate Coinbase and Also Deploy Phishing to Scam Victims

Furthermore, ZachXBT explained that the scammers Impersonate Coinbase and call their unsuspecting victims, informing them of the need to address some issues in their accounts.

Subsequently, they gain the victims’ trust by sending emails that appear to be from Coinbase with a fake Case ID.

In addition, the scammers had created a website that looks precisely like Coinbase’s website.

For example, one of the victims who contacted ZachXBT reported losing $850K to the scammers.

The victim said that he received a call from someone claiming to be from Coinbase, who told him that his account had been the target of multiple unauthorized login attempts.

Then, the scammers emailed him asking him to transfer his funds to a Coinbase Wallet while “Coinbase support” verified his account.

ZachXBT said that, though, most of the incidents have not been officially announced by Coinbase.

“Coinbase has not flagged any of the theft addresses from these victims in compliance tools,”

ZachXBT stated.

Jaclyn Sales, Director of Communications at Coinbase, responded that the company has received ZachXTB’s claims and is currently investigating the incidents.

Also, Jaclyn Sales cautioned the company’s customers, stating that Coinbase will neither call nor ask for users’ login credentials, API keys, or two-factor authentication codes.

Malicious NPM Campaign Targets Atomic and Exodus Wallet

In a similar report, the ReversingLabs (RL) research team detected a malicious NPM campaign targeting Atomic and Exodus users. The perpetrators use malicious payloads to swap wallet addresses and steal assets.

Cybercriminals intercept cryptocurrency transfers by swapping users’ copied wallet addresses for theirs. The scammers’ addresses look like the victims’ own, making them not suspect until after the transaction has been made.