Coinbase users have suffered over $100 million in losses due to social engineering scams since December 2024. A report by ZachXBT revealed a $46 million loss in just March 2025 from different scams targeting users. Despite Coinbase’s attempts to improve security, the prevalence of these scams raises questions about the exchange’s protective measures and user education.
The alarming rise of social engineering scams is striking hard at Coinbase users, with $300 million lost annually. A recent investigation by Web3 researcher ZachXBT shows that since December 2024, users have lost over $100 million alone. In Q1 2025, the centralised exchange faced multiple reports, including one user who lost nearly $35 million from such an attack.
ZachXBT’s ongoing investigations revealed shocking figures, with the total losses calculated at more than $46 million just in March of this year. These exploits highlight an increasing trend wherein scams are becoming more sophisticated, causing significant losses for Coinbase users, who found themselves vulnerable amidst a growing tide of scams.
Public data on these scams is scarce, making it difficult to understand the full scope of the situation. However, an FBI report from 2023 noted that investment fraud formed the majority of cryptocurrency-related complaints. It accounted for nearly half of around 69,500 cases, indicating a 53% spike in losses from the prior year overall.
Scammers commonly employ false narratives to gain trust, often utilising social media or dating platforms to connect with potential victims. Emotional manipulation is key here, preying on the fears of newcomers hoping to cash in quickly on cryptocurrency investments.
Coinbase users facing scams specifically reported that scammers duplicated emails with cloned website images, creating a false sense of legitimacy. They would call users using spoofed numbers and trick them into transferring funds, exploiting emotional trust and a sense of urgency.
One startling case outlined by ZachXBT involved a January incident where a user lost $850,000 due to a scammer posing as a Coinbase representative. Following the same stem, another user reported losing $6.5 million after being lured by a similar trick, showing just how prevalent these scams have become.
BeInCrypto spoke with Jeff Lunglhofer, Coinbase’s CISO, who acknowledged the rising harm caused by these scams. He emphasised the need for a collective front within the cryptocurrency community to tackle this growing issue. Lunglhofer pointed to Coinbase’s ongoing improvements to enhance protection for users.
Coinbase collaborates with the ‘Tech Against Scams’ initiative, working alongside major players like Meta and Kraken to combat online fraud. However, when asked why theft addresses aren’t published across compliance tools, Lunglhofer explained Coinbase’s approach is to communicate directly with other exchanges instead.
The exchange’s struggle against spoofed calls and emails is compounded by the sheer volume they contend with daily. Lunglhofer admitted their capacity to respond is overwhelmed, though they do work with vendors to bring fraudulent websites and numbers down once detected.
Nevertheless, many victims remain unsatisfied with Coinbase’s response and demand stronger preventative measures. There’s still ambiguity surrounding the introduction of an insurance policy to protect against such losses, prompting questions about user responsibility versus the exchange’s proactive measures.
Coinbase’s recent initiatives, such as an inbuilt scam quiz to prepare users against fraud, have been a move in the right direction. Additionally, they encourage the use of ‘safelist’ features to restrict transactions to verified addresses. But the January loss highlights a critical flaw when users serve as bait for manipulation despite such barriers.
The growing threat of social engineering scams continues to plague Coinbase users, while significant losses underscore the urgent need for better protective measures. While establishing collaborations is paramount, Coinbase must enhance education and user awareness to build a more resilient user base.
Cryptocurrency remains a rapidly evolving landscape, and with it, the threats of scams. The community needs to remain vigilant, working together to adapt and fortify measures against the sophisticated tactics employed by criminals targeting unsuspecting users.
