A fraud-prone area? ZachXBT exposes Coinbase's slow response, allowing users to be defrauded of more than $60 million

avatar
ABMedia
02-04
This article is machine translated
Show original
Here is the English translation of the text, with the specified terms translated as requested:

Blockchain detective ZachXBT revealed that Coinbase users have lost up to $65 million to fraud within just two months, criticizing Coinbase for failing to take adequate measures to protect users and even potentially exacerbating the fraud risk. He suggested that Coinbase should take stronger security measures and take legal action against the fraudsters.

(ZachXBT uncovers North Korean hacker criminal network, posing as developers to infiltrate teams and siphon funds: $500,000 monthly income)

Coinbase users may lose up to $300 million per year

According to ZachXBT and another investigator Tanuki42, their joint review of Coinbase's withdrawal records and tracking of community-reported fraud cases through private messages and blockchain data showed that Coinbase users have lost $65 million within just two months.

1/ Over the past few months I imagine you have seen many Coinbase users complain on X about their accounts suddenly being restricted.

This is the result of aggressive risk models and Coinbase's failure to stop its users losing $300M+ per year to social engineering scams. pic.twitter.com/PjtX7vmjqc

— ZachXBT (@zachxbt) February 3, 2025

He admitted that the exact amount is difficult to estimate, and the total annual loss could be as high as $300 million:

This figure may only be the tip of the iceberg, as we cannot access the relevant data from Coinbase's official customer service records or police reports.

(Coinbase operations overhaul? CEO Armstrong restructures listing process, Justin Sun: Unfair)

Analysis of fraud tactics: Impersonating official Coinbase

ZachXBT found that most cases involve impersonating Coinbase customer service, with the following tactics:

  • Forging official calls and stealing personal information: Fraudsters use technology to spoof Coinbase's official phone numbers to call victims, and obtain the victims' personal information through the Dark Web or other illegal channels to make the conversation more credible.

  • Claiming account abnormalities to create panic: Fraudsters claim to have detected multiple unauthorized login attempts and that the victim's account needs to be immediately verified for security.

  • Forging Coinbase official emails: Victims will then receive fake emails in the format of official Coinbase communications, containing a fake "case number".

  • Inducing victims to transfer assets: Fraudsters ask victims to transfer funds to a "Coinbase secure wallet" and authorize a malicious address as a whitelist to ensure account security.

He pointed out that the fraud groups can even perfectly replicate the Coinbase website interface, sending fake messages and instructions to victims through the backend system, making it difficult for victims to detect any abnormalities:

These fraud website building tools are even sold on the Telegram black market at low prices, further fueling fraudulent activities.

(UN: Southeast Asian crime groups embrace AI, Telegram becomes a major platform for money laundering and fraud)

Is Coinbase slow to respond and even hiding security vulnerabilities?

Additionally, ZachXBT also criticized Coinbase for failing to effectively address the fraud problem, and even increasing the risk in multiple security incidents:

  • VPN policy actually helps fraud groups: Coinbase previously urged users to "avoid using VPNs" to prevent their accounts from being flagged as suspicious, but fraudsters have used this to block VPN connections to phishing sites, making it harder for victims to detect abnormalities.

  • Internal security vulnerabilities, Coinbase did not disclose: Coinbase has experienced incidents of hackers stealing old API keys, but the company has never publicly acknowledged it; some accounts even have vulnerabilities that allow verification codes to be sent to unbound email addresses, increasing the risk of fraud.

ZachXBT exposes Coinbase's past internal security incidents
  • Coinbase did not timely blacklist fraud addresses: Coinbase failed to promptly add fraudulent wallet addresses to the blacklist, allowing the same group of fraudsters to continue operating for weeks.

  • Lack of customer service personnel and users unable to seek help: Victims report that Coinbase has insufficient customer service personnel and capabilities, and that there is no follow-up or notification after reporting cases. The 24-hour online claim has also become a slogan, and users can hardly contact them outside of US business hours.

  • Zach proposes 5 improvement suggestions

    Regarding the current security issues of Coinbase, ZachXBT proposes the following suggestions:

    1. Allow users to authenticate via authenticator instead of phone numbers: Since phone numbers have always been the target of hackers, users should be allowed to use "Authenticator" or "Security Key" as a means of identity authentication, with phone numbers as a secondary option.

    2. Establish protection mechanisms for high-risk users such as beginners: Establish a beginner or elderly account mode, and restrict their withdrawal function if necessary, in order to reduce the risk of fraud.

    3. Strengthen community education and risk warnings: Regularly publish fraud reports and cases, and strengthen risk control mechanisms, so that users can identify potential risks.

    4. Prosecute domestic fraud groups in the US: Take legal action against domestic fraudsters to deter criminal elements.

    5. File lawsuits against providers of fraud tools: File legal proceedings against TLOxp and TransUnion, as these data are used by fraudsters to collect personal information for social engineering attacks.

    (Joint statement by the US, Japan and South Korea warns: The threat from North Korean crypto hackers is escalating, and joint prevention is needed)

    ZachXBT: Coinbase needs to take action and set an example

    Finally, ZachXBT also called on Coinbase, saying that the platform's users are suffering millions of dollars in fraud losses every month, but the exchange has not taken any substantive action so far:

    Although victims need to be responsible for their own assets, it is unreasonable to expect elderly users to fully understand the details of email and telephone fraud. As a large exchange with millions of users, Coinbase has a responsibility to take stricter security measures, rather than continuing to ignore the problem.

    He emphasized that with Coinbase's market position and resources, it is fully capable of changing the status quo and becoming a benchmark for the industry. However, in the face of multiple allegations and suggestions, Coinbase has not yet made any specific response.

    Risk Warning

    Cryptocurrency investment is highly risky, and its price may fluctuate dramatically, and you may lose your entire principal. Please carefully evaluate the risks.

    Source
    Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
    Like
    Add to Favorites
    Comments