While Coinbase touts its security features, users lost a staggering $46 million to scammers in March 2025 alone. The largest single theft? A whopping 400 BTC ($34.9 million) on March 28. Not exactly pocket change. Additional significant losses included 20.028 BTC on March 16, 46.147 BTC on March 25, and 60.164 BTC the following day.
These weren’t sophisticated hacks. Just old-fashioned social engineering. Scammers used spoofed phone calls with stolen personal data and phishing emails that looked legitimate enough to fool victims. One victim tragically lost approximately $850,000 in a single incident. Users were tricked into moving funds to what they thought was “Coinbase Wallet” or whitelisting malicious addresses. The thieves then bridged funds from Bitcoin to Ethereum and converted them to DAI. Easy money.
No high-tech wizardry here—just classic con artistry exploiting human trust with fake calls and deceptive emails.
Crypto investigator ZachXBT revealed this is just the tip of the iceberg. His investigation uncovered $65 million stolen between December 2024 and January 2025. The lack of market liquidity for certain cryptocurrencies made it easier for thieves to move stolen funds without triggering significant price shifts. Attackers frequently used sophisticated platforms like Thorchain or Chainflip to bridge the stolen Bitcoin to Ethereum blockchain. He estimates Coinbase users are losing around $300 million annually. That’s a lot of digital cash vanishing into thin air.
The most damning part? Coinbase’s response. Or lack thereof. No public comment on recent incidents. No flagging of known theft addresses. Just silence. ZachXBT criticized the exchange for its passive approach and failure to protect users. Guess they’re too busy with other priorities.
This trend isn’t isolated. Financial institutions have seen a tenfold increase in scams over the past year. Industry-wide, crypto scams siphoned $4.6 billion in 2023. Social engineering attacks typically surge during bull markets—when there’s more money to steal.
Coinbase has implemented some measures: a security awareness campaign, a scam quiz before large transfers, and updated machine learning models. Too little, too late? Seems like it.
Two major scammer groups are behind most attacks: “Com” and India-based actors. They primarily target US customers who might have more crypto to steal. And they’re getting better at it every day. Meanwhile, exchanges play catch-up with security that’s always one step behind.
