Users of Coinbase are losing nearly $300 million every year due to social engineering attacks, according to cryptocurrency investigator ZachXBT. In just the past two months, $65 million has been stolen by fraudsters exploiting data protection vulnerabilities and user complacency. The actual amount could be even higher as many victims do not report these scams.
$300 million stolen each year from Coinbase users
Criminals are using stolen personal data to deceive victims with fraudulent emails that perfectly mimic official communications from Coinbase. These messages often include fake case numbers and persuade users to transfer their funds to wallets controlled by the scammers.
ZachXBT explains that these criminals clone the official Coinbase website nearly identically and employ spoofing techniques to send convincing messages to their targets. Two groups particularly active in this type of scam are young hackers (‘skids’) from the Com community and malicious actors in India, primarily targeting American clients.
Coinbase accused of mishandling the problem
Coinbase has not publicly addressed these attacks and did not respond to requests for comment prior to ZachXBT’s revelations going public. However, some decisions made by the platform have sparked controversy. A Coinbase employee recently discouraged users from employing a VPN, claiming it might make them appear as suspicious actors. Yet, ZachXBT highlights that scammers often block VPNs on their phishing sites to prevent victims from realizing the scam.
This statement was seen as proof of Coinbase’s lack of understanding regarding the actual threats faced by its clients.
Urgent measures recommended to strengthen security
To mitigate risks, ZachXBT proposes several improvements that Coinbase should swiftly implement:
- Make the use of phone numbers optional to limit the exploitation of stolen databases.
- Create a restricted account type for new users to reduce their exposure to attacks before they familiarize themselves with the platform.
- Enhance user education on the methods employed by scammers to improve their awareness of social engineering attacks.
As attacks become increasingly sophisticated, Coinbase is under pressure to enhance the security of its users. If the platform does not take swift action, losses could continue to rise, undermining the confidence of investors and regulators in the crypto ecosystem.
