Social engineering scams are increasing, and these exploits are specifically targeting Coinbase users throughout the first quarter of 2025. According to a series of investigations by ZachXBT, users have lost over 100 million USD since December 2024, with annual losses reaching 300 million USD.
After reviewing complaints from various users, BeInCrypto spoke with Coinbase's Information Security Director, Jeff Lunglhofer, to better understand the reasons users are vulnerable to these attacks, how they occur, and the measures being implemented to prevent them.
Assessing the Severity of Scams Affecting Coinbase Users
Throughout the first quarter of 2025, many Coinbase users have become victims of social engineering scams. As the leading centralized exchange in a field where hacks are becoming increasingly sophisticated over time, this is not surprising.
In a recent investigation, Web3 researcher ZachXBT reported on multiple messages he received from different X users who had large amounts withdrawn from their Coinbase accounts.
On 03/28, ZachXBT revealed a significant social engineering exploit that caused an individual to lose nearly 35 million USD. Subsequent investigations by the cryptocurrency investigator during that time discovered additional victims of the same exploit, pushing the total amount stolen in March to over 46 million USD.
In a separate investigation ending a month earlier, ZachXBT disclosed that 65 million USD had been stolen from Coinbase users from December 2024 to January 2025. He also reported that Coinbase has silently faced social engineering fraud issues causing users to lose 300 million USD annually.
Although Coinbase users are particularly vulnerable to social engineering scams, centralized exchanges in general have also been significantly affected by these increasingly sophisticated attacks.
How Does the Broader Context Reflect This Situation?
Public data on the development of social engineering scams in recent years is limited and somewhat outdated. However, the numbers in available reports are staggering.
In 2023, the Internet Crime Complaint Center (IC3) of the US Federal Bureau of Investigation (FBI) released its first cryptocurrency report. Investment fraud was the largest category in cryptocurrency-related complaints, accounting for 46% of nearly 69,500 complaints, equivalent to about 33,000 cases.
IC3 of the FBI reports an increase in cryptocurrency-related scams in 2023. Source: IC3.Investment fraud, also known as pig butchering, involves false promises of high profits with low risk to attract investors, especially newcomers to cryptocurrency driven by fear of missing out.
According to the IC3 report, these schemes rely on social engineering and trust-building. Criminals use platforms like social media, dating apps, professional networks, or encrypted messaging to connect with their targets.
In 2023, these investment scams caused 3.96 billion USD in losses to users, a 53% increase from the previous year. Other social engineering scams, such as phishing and spoofing, caused an additional 9.6 million USD in losses.
These scams have widely affected Coinbase users over the past few years.
New Scam Tactics Targeting Crypto Users
Coinbase scammers typically create fake emails that appear legitimate by using copied website images and fake case numbers. They then contact users through spoofed calls, using personal information to build trust before sending these fraudulent emails.
Once scammers have convinced users of the interaction's legitimacy, they exploit the situation to persuade them to transfer funds.
The increasing sophistication of these scams demonstrates both emotional manipulation and the particular vulnerability of victims. They show that centralized exchanges are often the primary platform for these exploits.
ZackXBT's investigations and reports from users on X reveal a gap between the scale of social engineering scams and Coinbase's apparent management effectiveness.
Public discussions indicate that Coinbase has not marked theft addresses in standard compliance tools.
Scam victims and users with frozen accounts are calling for Coinbase to take stronger action against this increasingly expensive problem. Understanding how these scams occur is essential to addressing them effectively.
How Coinbase Users Become Victims
In January, a victim contacted the investigator after losing 850,000 USD. In that case, the scammer contacted the victim from a spoofed phone number, using personal information likely obtained from private databases to gain their trust.
The scammer convinced the victim that their account had been unauthorized logged in multiple times by sending a fake email with a fake Case Number. The scammer then instructed the victim to add an address to the safe list and transfer funds to another Coinbase wallet as part of a standard security process.
In October last year, another Coinbase user lost $6.5 million after receiving a call from a spoofed number posing as Coinbase support.
The victim was forced to use a scam website. Eight months earlier, another victim lost $4 million after scammers convinced them to reset their Coinbase login.
ZachXBT expressed concerns about Coinbase's failure to report theft addresses in common compliance resources and their inadequate handling of the increasingly prevalent social engineering issue.
In a conversation with BeInCrypto, Jeff Lunglhofer, Coinbase's Information Security Director, shared his version of events.
Coinbase's Information Security Director speaks about social engineering scams
Although Coinbase is well aware of the widespread damage caused by social engineering scams affecting their users, Lunglhofer emphasized that the broader cryptocurrency community should address this issue together rather than placing responsibility on a single entity.
"In the context of the broader social engineering challenges that exist, of course, Coinbase customers are affected. We are very aware of that. We have implemented several control improvements to help protect our users, and, I think more importantly, we are working with the broader industry to bring these ideas and control improvements to the entire industry, across all cryptocurrency exchanges, across everything," Lunglhofer told BeInCrypto.
Coinbase's Information Security Director mentioned the exchange's collaborative efforts with other platforms to combat this issue in his response.
Specifically, Lunglhofer pointed out the "Tech Against Scams" initiative, a collaboration with industry partners like Match Group, Meta, Kraken, Ripple, and Gemini to fight online fraud and financial schemes.
Lunglhofer also noted that Coinbase applies a similar approach when marking theft addresses.
Why Coinbase handles theft addresses differently
When BeInCrypto asked Coinbase why they do not publish theft addresses on common compliance tools, Lunglhofer explained that the exchange has a different process for such situations.
"We will directly contact other exchanges [and] tell them the addresses where we have seen assets withdrawn," he said, adding that "when we see fraudulent activity, we will freeze all wallets related to fraud and we will push those wallets out to other exchanges that we have contact with," he said.
Lunglhofer also mentioned Crypto ISAC, an information and intelligence sharing group established by Coinbase along with many other exchanges and cryptocurrency organizations to distribute information related to scams.
When it comes to spoofed emails, phone numbers, or scam websites, Coinbase delegates responsibility to external service providers.
Coinbase's battle against fake content waves
Lunglhofer acknowledged that the number of spoofed emails Coinbase identifies or receives as reports far exceeds the exchange's ability to remove them.
"Unfortunately, they are very common. I could open ten in five minutes. It's very easy to do. So, there's not much we can do about that. But, when we identify them [or when] a customer reports them, we will remove them," he said.
Coinbase uses providers to eliminate circulating spoofed or scam campaigns in those cases.
"We have several providers that we use to perform removals. So, whenever we see a fraudulent phone number appearing, whenever we see a fraudulent URL [or] a fraudulent website being set up, we will request their removal. We will use our providers to work with DNS providers and others to remove them as quickly as possible," Lunglhofer told BeInCrypto.
Although these preventive measures are necessary for the future, they provide little recourse for users who have lost millions in scams.
Who is responsible? Users vs. exchanges
Coinbase did not respond to BeInCrypto's question about developing an insurance policy for users who lost their savings to social engineering scams, leaving their approach in this area unclear.
However, social engineering scams are very complex, relying significantly on emotional manipulation to build trust. This complexity raises questions about the level of responsibility between user vulnerability and potential shortcomings in centralized exchange user protection measures.
The broader cryptocurrency community generally agrees that more educational materials are needed to help users distinguish between legitimate communications and scam attempts.
On this matter, Lunglhofer clarified that Coinbase will never call users unexpectedly. He also noted that Coinbase has recently implemented various features that act as warnings for users potentially interacting with a scam.
Furthermore, the Information Security Director cited a 'scam test', an educational tool that appears as a real-time banner when users are about to make a transaction flagged as suspicious by the exchange.
Although this feature is an advantage, its user protection capability is difficult to quantify, especially regarding its effectiveness in marking suspicious activity. Coinbase did not respond when BeInCrypto asked whether the exchange tracks data related to social engineering scams.
A similar issue arises with Coinbase's 'allowlist'.
Coinbase's 850,000 USD Damage
Coinbase provides a feature that allows users to create a safe list of approved recipient addresses to help prevent transactions to unfamiliar or unverified addresses. Lunglhofer strongly encourages Coinbase users to adopt this measure.
"We provide every small retail investor the ability to create an 'allow list' for wallets they are permitted to transfer assets to. On my personal Coinbase account, I have enabled the 'allow list' and only three wallets are permitted," Lunglhofer detailed.
However, the 850,000 USD scam that a Coinbase user suffered in January, as revealed by ZachXBT, shows an important limitation of the safe list.
Even after the victim adds a theft address, manipulation leading to this addition can still occur, thus nullifying the intended protection.
Could Coinbase Do More to Protect Users?
Sophisticated social engineering scams are an increasingly growing threat, creating significant challenges for cryptocurrency users. Coinbase users and centralized exchanges in general are particularly affected.
Although Coinbase has highlighted its efforts, substantial financial losses reveal the limitations of current industry-standard measures against determined scammers.
While collaboration is crucial overall, Coinbase, as a leading platform, must also proactively strive and invest resources in educating its users.
Social engineering is primarily a user-caused issue, not a security failure of any exchange. However, platforms like Coinbase have a critical responsibility in leading industry-wide initiatives to address these threats.
Millions of dollars lost are a clear reminder that vigilance and collective action are crucial in protecting users against increasingly sophisticated and frequent attacks.
