$65M reportedly stolen from Coinbase users in past two months 
Cryptocurrency Feb 3, 2025 Share
Pseudonymous on-chain cryptocurrency analyst ZachXBT is one of the most respected voices in the crypto space — but surprisingly enough, he doesn’t offer investment advice.
Instead, the ‘crypto sleuth’ has taken to unveiling and publicizing the many scams running rampant in the world of digital assets.
The blockchain detective has also exposed several high-profile hacks — most recently, a $112 million XRP breach on January 31 and a $35 million Atomic Wallet hack in June of 2023.
Picks for you
Here's why Gold could 'go even higher' amid the tariff war and Fed stance 4 hours ago XRP enters death spiral as $25 billion wiped in a day 6 hours ago Crypto liquidations are 'lot more' than reported; Bybit CEO estimates up to $10B wipeout 7 hours ago If you put $1,000 into an Anthony Scaramucci crypto portfolio at the start of 2025, here’s your return now 8 hours ago
Unfortunately, it appears that ZachXBT won’t be left without work any time soon — as the crypto investigator reported that users have had roughly $65 million stolen from Coinbase over the past couple of months, per a February 3 post made on social media platform X.
Safe wallet scam and social engineering lead to millions stolen from Coinbase
In the aforementioned X threat, the investigator revealed that they had collaborated with fellow reacher tanuki42 to review Coinbase withdrawals cross-referenced with data gathered via direct messaging.
With an admittedly limited dataset, and relying only on high-confidence instances when it comes to direct messages, the duo identified roughly $65 million in digital assets stolen from Coinbase from December 2024 to January 2025.
1/ Over the past few months I imagine you have seen many Coinbase users complain on X about their accounts suddenly being restricted.
This is the result of aggressive risk models and Coinbase’s failure to stop its users losing $300M+ per year to social engineering scams. pic.twitter.com/PjtX7vmjqc
— ZachXBT (@zachxbt) February 3, 2025
Readers should note that, as stated by ZachXBT, the actual amount stolen over this timeframe is likely to be much higher.
So, how did this happen? Apparently, a combination of social engineering attacks was used. Crypto scammers would call victims from spoofed phone numbers and use personal information gathered from private databases to gain their trust. Following this, the cybercriminals would tell Coinbase users that their accounts had multiple unauthorized login attempts.
Once that was done, victims would receive a spoofed email that appeared to be from Coinbase — one that included a fake case ID and instructed users to transfer funds to a specific wallet and whitelist a certain address while support verified the security of their account. In addition, the scammers possess the capability to clone Coinbase’s site to near-perfection — allowing them to send different prompts to their targets.
Per the researcher, the attacks originate from two main groups — skids from the Com and threat actors located in India. Reportedly, both primarily target US customers.
Featured image via Shutterstock