Coinbase Users Bleed $45M in 7 Days—Social Engineering Scammers Strike Again (ZachXBT Exposé)

Another week, another crypto heist—except this time, the thieves didn’t need a single line of code. Blockchain sleuth ZachXBT reveals scammers siphoned $45M from Coinbase users through old-fashioned psychological manipulation.

How it works: Fraudsters pose as customer support, leveraging urgency and fake KYC requests to bypass 2FA. The kicker? Most victims willingly hand over credentials, proving the weakest link in crypto security isn’t the blockchain—it’s human nature.

Meanwhile, Coinbase’s Q2 earnings call touted ’record security investments.’ Nothing says ’secure’ like watching $45M vanish faster than a memecoin rug pull.

Persistent issue

ZachXBT has previously documented dozens of cases in which a consolidation wallet labeled “coinbase-hold.eth” funneled the funds. In one instance, a user reportedly lost $850,000, with evidence suggesting the wallet had received funds from at least 25 other victims.

The blockchain investigator and theft victims have repeatedly scrutinized Coinbase’s risk controls. Many users report sudden account restrictions and slow customer support response times. 

ZachXBT reiterated that Coinbase has failed to flag or freeze known theft addresses, even weeks after reports of fraudulent activity.

Two main groups are reportedly carrying out the scams: a cohort known as “The Com” and another operating out of India. Both focus primarily on US customers and deploy cloned Coinbase websites, sophisticated phishing panels, and malicious scripts to carry out their attacks. 

To bypass security tools, scammers often design phishing domains to block VPN users, making detection by compliance teams more difficult.

The reports also raise concerns about previous incidents involving Coinbase systems. These include old API key vulnerabilities in tax software that allowed sending verification emails to unauthorized recipients, and a $15.9 million theft from Coinbase Commerce in 2023. 

According to ZachXBT, Coinbase has not publicly disclosed these issues or addressed the security gaps that made them possible.

Changes for safeguarding

To mitigate the problem, ZachXBT recommended various changes to Coinbase’s platform. These include removing the requirement for phone numbers for users with hardware keys or authentication apps, introducing optional “elder” user account types with withdrawal restrictions, and expanding customer support for international users. 

He also advocated for proactive community education, regular incident response updates, and the immediate flagging of known theft addresses.

While ZachXBT acknowledges Coinbase’s broader contributions to the crypto sector, including its Base layer-2 blockchain, asset recovery tools, and active legal defense against the US Securities and Exchange Commission, he argues these advancements have come at the cost of individual user safety.

The disclosure adds to a growing body of evidence suggesting Coinbase has become a recurring target for sophisticated social engineering campaigns. ZachXBT highlights that no other major exchange registers the same problem.