A Sophisticated Scam Shaking the Crypto Ecosystem
The cryptocurrency industry is traversing dark waters. According to revelations by renowned crypto investigator ZachXBT, a wave of unprecedented scams is massively targeting Coinbase users. Between December 2024 and January 2025, over $65 million was allegedly diverted in just two months. An alarming figure that represents only the tip of the iceberg.
Working alongside investigator @tanuki42_, ZachXBT methodically analyzed hundreds of Coinbase transactions and compiled direct testimonies from victims. The conclusion is unforgiving: we are not dealing with isolated incidents, but a structured and large-scale criminal operation.
How Does This Dangerous Scam Work?
The modus operandi employed by these scammers combines classic phishing with high-level social engineering. Here’s how this machination unfolds:
Phase 1: Initial Contact
It all starts with a phone call using a spoofed number. The scammer leverages personal data extracted from leaked databases to establish false credibility. They claim the victim’s Coinbase account has experienced multiple suspicious login attempts.
Phase 2: Creating the Illusion of Legitimacy
Alongside this call, the victim receives an email appearing to originate from Coinbase, reporting the same login attempts. Obviously, this email is counterfeit. It includes a fake case number and all visual elements of the legitimate site to deceive the target.
Phase 3: Fund Extraction
The fraudulent email asks the victim to transfer funds to a Coinbase Wallet to « secure » them. It also invites whitelisting an address under the pretense that support is verifying account security. In reality, a fraudulent clone of the Coinbase site reproduces its interface exactly.
Critical Point: Coinbase will never call you for verification like this. This information is vital for self-protection.
Analysis of a Victim Reveals a Criminal Network
ZachXBT documented the case of a victim who lost approximately $850,000. Forensic analysis of this transaction revealed a crucial detail: it was linked to a consolidation address common to over 25 different victims, all connected to the ENS address « coinbase-hold.eth ».
This convergence is far from coincidental. It demonstrates we are facing a well-organized criminal network using shared infrastructure to centralize and launder stolen funds.
Coinbase’s Internal Vulnerabilities: A Dangerous Catalyst
Beyond social engineering techniques, the investigation highlights several critical failings within Coinbase that facilitated these massive attacks:
- Compromised API Keys: Some users had old API keys supposed to be read-only, notably for tax software. These keys were allegedly exposed through hacks, allowing attackers to access accounts.
- A Critical Bug: Coinbase experienced a malfunction allowing verification codes to be sent to any email address, even those not associated with an official Coinbase account.
- Failing Customer Support: Victims encounter unresponsive agents, often unreachable outside US business hours. Unacceptable for a platform operating in a 24/7 market.
ZachXBT emphasizes that these incidents were quietly handled by Coinbase without appropriate public communication.
Who Bears the Responsibility?
While users must exercise vigilance against increasingly sophisticated phishing techniques, primary responsibility falls on Coinbase’s leadership. The scale of the phenomenon—estimated at $300 million annually according to ZachXBT—reveals unacceptable inaction.
Contrary to what one might think, this problem is not endemic to the industry. Other platforms like Kraken, OKX, and Binance demonstrate far superior defenses, proving that solutions exist.
Recommendations to Stem the Crisis
ZachXBT proposes a concrete roadmap for Coinbase:
- Enhanced Multi-Level Authentication: Make phone numbers optional for users already possessing strong authentication (Authenticator apps or security keys) and complete KYC verification.
- Protected Beginner Accounts: Establish account categories limiting withdrawals to protect less experienced users unfamiliar with technical nuances.
- Proactive Communication and Response Teams: Deploy 24/7 procedures, publish detailed guides, rapidly report fraudulent addresses, and block malicious domains.
In Conclusion: An Urgent Call to Action
Coinbase stands at a crossroads. Possessing the power and resources to transform its security practices and set an example for the industry, it has thus far chosen inaction. As ZachXBT states: « Coinbase is in a position where it has the power to make these changes and set the right example, but it has chosen to do little or nothing. »
With tens of millions of dollars volatilizing monthly and constantly evolving criminal techniques, the urgency of a robust response cannot be overstated. Coinbase users deserve a platform that prioritizes their security. The time for action has come.
