Coinbase Users Are Losing $300M Annually to Scam Artists, Analyst Says

America’s Largest Cryptocurrency Exchange Has Failed to Protect Its Users, According to an Onchain Analyst

Pseudonymous onchain analyst Zachxbt claimed on Monday that Coinbase users, many of them elderly, have lost more than $300 million annually to social engineering schemes perpetrated by sophisticated Indian scam artists and members of “The Community” or “The Com,” a network of cybercriminals from the U.S., Canada, and Europe.

Social engineering typically involves gaining access to private information such as log-in details by using manipulation and deceit. Zach described how in one instance, hackers built an entire clone of Coinbase’s website to trick hapless victims into believing they were dealing with actual employees of the exchange.

The criminals also used fake case identity numbers and spoofing – using phony email addresses and telephone numbers that appear as if they originated from an authentic source.

In the last two months alone, users lost over $65 million in social engineering scams, according to Zach, but perhaps his most serious allegation is that Coinbase appears to be doing little to curb the issue.

“Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month,” Zach said. “Most of the fault lies on leadership.”

It’s unclear why Coinbase hasn’t responded more forcefully to this criminal activity. According to Zach, many of the breaches are not even addressed by the firm, and if they are, a satisfactory resolution rarely occurs.

Coinbase Responds

Bitcoin.com inquired with Coinbase about Zach’s claims and they provided a blog post published on Monday that gives tips on how to mitigate the risks Zach highlighted. “Social engineering attacks are responsible for the vast majority of losses suffered by our customers and this problem isn’t unique to Coinbase,” the post says. “In the past year, financial institutions have been experiencing a 10x increase in social engineering attacks targeting their customers.”

One interesting fact in the post is the exchange’s claim that almost every individual has had their private information stolen and hawked on the dark web, which further exacerbates an already widespread social engineering problem. The company did not confirm nor deny the $300 million figure provided by Zach, but the blog post quotes a statistic from blockchain analytics firm Chainalysis that says social engineering scams in crypto were largely responsible for $4.6 billion in industry-wide losses in 2023.

But Zach noted that other exchanges like Kraken, OKX, and Binance “do not have the same issue.” Binance released a report in December 2024 revealing that it had prevented scams that could have cost its customers $129 million.

“For the vast majority of the time, these theft addresses are not being reported at all by Coinbase in popular compliance tools,” Zach explained, referring to wallet addresses hackers use to launder stolen funds. “Multiple victims who have contacted me get stuck with useless customer support agents…never hear back,” he added.

He outlined several steps Coinbase can take to address the proliferation of scams on its platform such as making phone numbers optional for users with an authenticator app to mitigate telephone spoofing risk. For beginners and the elderly, accounts should have the option to disable withdrawals. Support agents should be available 24/7 and Coinbase should build better communication channels with its customer base.

Interestingly, Zach insists Coinbase has the resources to not only take legal action against members of The Com network, but also to make an example of them.

“Coinbase is in a position where they have the power to make these changes and set a good example, but they have chosen to do little to nothing,” Zach said.