Coinbase users have once again fallen victim to social engineering scams, losing over $46 million in just this month alone, as reported by blockchain sleuth ZachXBT. The thefts, which targeted an unnamed Coinbase user, resulted in the loss of approximately 400 BTC, equivalent to around $34.9 million. This incident is part of a larger pattern of targeted attacks on US-based exchange users, with three similar incidents occurring in March.
The scammers behind these attacks have stolen a total of 126.339 BTC this month, converting the funds from Bitcoin to Ethereum using Thorchain or Chainflip, and then into the stablecoin DAI. Despite the magnitude of these thefts, Coinbase has yet to flag the associated wallet addresses using its compliance tools, raising concerns about the exchange’s lack of user protection measures.
ZachXBT has criticized Coinbase for its lethargy in addressing these incidents, highlighting the exchange’s failure to flag known theft addresses. This negligence has left users vulnerable to social engineering scams, resulting in significant financial losses. Earlier this year, ZachXBT revealed that Coinbase users had lost approximately $65 million to scams between December 2024 and January 2025, contributing to an estimated annual loss of over $300 million to social engineering scams.
These scams typically begin with spoofed phone calls using stolen personal data, followed by phishing emails that appear to be from Coinbase. The emails warn users of suspicious login activity and prompt them to transfer funds to a Coinbase Wallet. Victims are then instructed to whitelist a malicious wallet address, unknowingly transferring control of their funds to the attackers.
Despite the growing number of incidents, Coinbase has not publicly commented on the recent wave of thefts. This highlights the importance of remaining vigilant and implementing robust security measures to protect against social engineering scams in the cryptocurrency space.