Key Takeaways:
- Security Concerns: Investigators accuse Coinbase of failing to address security vulnerabilities, leading to over $300 million in annual user losses.
- Unresolved Issues: Criticisms include old API exploits, verification code vulnerabilities, and stolen funds laundering through Coinbase.
- Scammer Insights: A phishing scammer claimed to earn at least five figures weekly, targeting high-value individuals while avoiding lower-income users.
Cryptocurrency investigators ZachXBT and tanuki42 have accused Coinbase of security failures that have led to user losses exceeding $300 million annually.
Their report, released on Feb. 3, revealed that over $65 million was stolen from users in December 2024 and January 2025 alone.
1/4 >$65M stolen in less than two months is unacceptable and will continue to increase until effective changes are made.
— tanuki42 (@tanuki42_) February 3, 2025
To victims: If you recognise yourself as a victim of a social engineering scam, reach out to @zeroshadow_io or SEAL911 and we will help you respond. https://t.co/rSeRK2uhMY
However, they believe the actual figure is much higher due to limited access to police reports and Coinbase’s internal support records.
The investigation suggests that many scams are orchestrated by actors based in India, primarily targeting U.S. users. Coinbase’s security measures, including discouraging VPN use, have come under scrutiny.
Investigators argue that scammers exploit these weaknesses by blocking VPN access to phishing sites, exposing Coinbase’s failure to address security threats effectively.
8/ The other month a Coinbase employee told people on X to stop using VPNs to avoid being flagged as suspicious meanwhile threat actors will explicitly block VPNs from phishing sites and not use them.
— ZachXBT (@zachxbt) February 3, 2025
This shows Coinbase’s failure to diagnose the actual problem. pic.twitter.com/2Vrhn2Q24f
Key security issues include vulnerabilities in old API keys, verification code exploits, and the laundering of stolen funds through the platform.
Critics also highlight Coinbase’s inadequate fraud prevention, lack of support for non-U.S. users, and ineffective customer service.
Scammers reportedly earn tens of thousands per week from phishing schemes, specifically targeting high-net-worth individuals.
With scams continuing to rise, investigators and users are calling for Coinbase to improve its security measures and protect its customers from further financial losses.