Social Engineering and Crypto Fraud: Unique Threats to Coinbase and the Need for a Unified Defense

In recent months, cryptocurrency exchange Coinbase has been hit by a massive wave of social engineering scams, causing users to lose a lot of money. Renowned on-chain detective and security analyst ZachXBT has revealed that in the last week alone, attackers have stolen around $45 million from Coinbase customers through complex social engineering schemes 5 7 .

The essence of the problem and the scale of losses

ZachXBT notes that over the past few months, Coinbase users have been losing more than $300 million annually to such scams , which is a unique problem for this exchange, while other major crypto exchanges do not face such large-scale attacks 1 7 . The scammers use sophisticated methods of deception, including:

Gaining access to users’ personal data from hacked databases.
Sending fake emails and creating exact copies of the Coinbase website for phishing purposes.
Manipulating victims by posing as Coinbase support staff.
Convincing users to transfer funds to external wallets or add addresses to a whitelist to bypass protections 1 2 5 .

How attacks happen

In December 2024, criminals bribed Coinbase customer service employees overseas, allowing them to access sensitive information about about 70,000 customers — including names, addresses, phone numbers, recent social security numbers, bank details, and images of ID cards 4 8 . This data was used to deceive users through calls and emails in which the scammers posed as Coinbase security employees and asked them to transfer funds to “secure” wallets 4 5 .

It is important to note that the attackers did not gain access to passwords and private keys, but the information they had was sufficient to carry out successful social engineering attacks 4 .

Coinbase and Law Enforcement React

Coinbase has officially acknowledged the incidents and announced its intention to compensate affected users for losses, estimating the costs of remediation and payments in the range of $180 million to $400 million 3 8 . The company has fired the customer service employees involved and has contacted law enforcement agencies in the United States and other countries to investigate and prosecute those responsible 3 8 .

In August and September 2024, the US Federal Bureau of Investigation (FBI) issued warnings about social engineering scams targeting cryptocurrency exchange users, including fake job offers and malware masquerading as tests and job applications[source request].

Call for improved protection

Coinbase’s head of security, Philip Martin, has proposed creating a single, unified structure or repository for tracking and combating fraud, which will allow for more effective threat analysis and user protection 7 . ZachXBT has also proposed a number of security enhancements, including simplifying verification and creating special accounts with restrictions for newcomers 1 .

What security measures can reduce the risk of social engineering on crypto exchanges

The Coinbase case demonstrates that the human factor remains the most vulnerable link in the cryptocurrency ecosystem , and social engineering scams are becoming increasingly sophisticated and widespread. Despite technical protection measures, attackers successfully exploit user trust and internal vulnerabilities of the exchange, which leads to multi-million dollar losses. To counter such threats, comprehensive security measures, transparency and active cooperation between exchanges, law enforcement agencies and the user community are needed.

To reduce the risk of social engineering fraud on crypto exchanges, a comprehensive approach is needed that includes technical, organizational, and educational security measures. Key recommendations include:

1. Education and awareness raising for users and employees

Regular training to recognize signs of social engineering, such as artificial urgency, suspicious requests, grammatical errors, and unsolicited contacts. Practical simulations of phishing attacks increase the effectiveness of recognition by up to 70% 1 9 .
Create a security culture where employees and users are comfortable asking questions and reporting suspicious messages and errors 3 .

2. Technical protection measures

Mandatory use of two-factor authentication (2FA) for all accounts, preferably via authenticator apps or hardware keys rather than SMS, to make it more difficult for attackers to gain access even if their password is compromised 2 4 6 8 .
Regularly update your software and antivirus protection to prevent malware from being installed through phishing links 4 .
Set up email filters to block emails without correct DKIM, SPF and DMARC records, and mark external emails to increase user attention 3 .
Using multi-signature wallets and diversifying storage of funds to reduce the risk of losing all assets if one key is compromised 2 .

3. Procedural and organizational measures

Implementing strict internal policies, such as a mandatory 24-hour delay for unusual withdrawal requests, to reduce the risk of hasty decisions under pressure from scammers 1 .
Verification and auditing of all official communications with users, including cryptographic signatures and posting of announcements on multiple channels to confirm authenticity 1 .
Conduct regular penetration testing using social engineering techniques to assess vulnerabilities of employees and processes 3 9 .
Creating a single database or repository for collecting and analyzing data on fraudulent attacks, which will allow for faster identification and blocking of new fraudulent schemes [from the context of the news].

4. Individual recommendations for users

Be skeptical of unwanted messages and calls, especially if they require confidential information or transfer funds. Always verify the authenticity of the request through official channels 6 .
Check URLs before clicking links to avoid phishing sites 6 .
Using hardware wallets to store crypto assets as they provide a higher level of security compared to exchange or software wallets 6 .
Keeping passwords secure, using unique passwords for different services and changing them regularly 4 7 .

Taken together, these measures significantly reduce the likelihood of a successful social engineering attack on crypto exchanges and help protect both users and the exchange itself from financial losses and reputational risks.

What New Methods Are Attackers Using to Trick Coinbase Users?

Attackers targeting Coinbase users have recently adopted a number of new and improved social engineering techniques that make their attacks particularly effective and widespread. The main ones are:

Method of attack	Description and details
Bribery of support staff	The scammers bribed overseas Coinbase support staff, who gained access to internal tools and customer databases. This allowed them to collect personal data on about 70,000 users – names, addresses, phone numbers, latest social security numbers, bank details, images of documents, and transaction history. Based on this data, the scammers disguise themselves as Coinbase representatives to deceive users 1 3 7 .
Disguised as support staff	Using the stolen data, the scammers call and text customers posing as Coinbase security staff. They convince victims to transfer cryptocurrency to “specially secured wallets” or add addresses to a whitelist, which allows them to withdraw funds from the account 3 5 .
Creation of exact copies of the site and phishing mailings	Fraudsters create nearly identical copies of the official Coinbase website and send phishing emails with fake ticket numbers to convince users that the request is legitimate. The emails ask victims to transfer funds or disclose confidential information 6 .
Phishing emails offering transfers to external wallets	In March 2025, a surge in phishing emails was recorded, imitating official Coinbase messages with offers to transfer assets to new external wallets using pre-generated seed phrases 5 .
Use of fake job offers and malware	According to the FBI, scammers are distributing malware under the guise of tests and job applications to gain access to users’ devices and their data. This is indirectly related to attacks on users of crypto exchanges, including Coinbase 8 .
SIM Swapping Scam	Attackers use SIM swapping techniques to gain control of a victim’s phone number and bypass two-factor authentication, allowing them to access user accounts 4 .

What New Phishing Schemes Are Attackers Using for Coinbase?

These methods demonstrate that attackers combine technical hacks with psychological manipulation, using stolen personal data and insider information to create trust in victims. This approach allows them to bypass traditional security measures and trick users into paying large sums of money – about $45 million was stolen in a week alone 5 .

Coinbase has already fired the employees involved and strengthened security measures, but experts and analysts like ZachXBT are calling for further security improvements and the creation of a single registry of scams to better combat these threats 6 7 .

Attackers targeting Coinbase users in 2024–2025 are using several new and improved phishing schemes that make their attacks particularly dangerous and successful. The main ones are:

1. Phishing with substitution of wallet addresses

Fraudsters create crypto wallet addresses that are visually very similar to real ones, using symbol substitution techniques (for example, replacing letters with similar-shaped ones from other alphabets). Users inattentively transfer funds to fake addresses, which leads to the irretrievable loss of cryptocurrency. In March 2025, such attacks led to the theft of over $46 million from Coinbase customers 1 6 .

2. Phishing emails with fake instructions for transferring to new wallets

In early 2025, there was a surge in emails from Coinbase asking users to “move assets” to new external wallets, ostensibly due to legal proceedings or security updates. The emails contained pre-generated seed phrases that, if entered by the user, gave the scammers full access to the funds. Coinbase has repeatedly warned that it never sends such phrases 5 .

3. Disguising as a support service and bribing employees

The attackers bribed Coinbase support staff overseas, gaining access to the personal data of tens of thousands of customers. Using this data, they called and wrote to victims, posing as exchange employees and convincing them to transfer funds to “safe” wallets 8 4 .

4. Phishing through hacking email marketing services

In 2024, the MailerLite service was hacked, through which phishing emails with links to fake Coinbase sites were sent. This allowed the scammers to reach a wider audience and increase user trust in the emails 2 .

5. Phishing through search engines

Scammers use “search engine phishing” where they create sites with similar domains and use advertising or SEO to trick users into landing on fake Coinbase pages when searching, rather than the official site 3 .

6. Pig Butchering Technique

This is a long-term scheme where scammers build trust with the victim, gradually convincing them to invest more and more funds, and then withdraw everything without leaving anything behind. Such schemes lead to billions of dollars in losses in the crypto industry and affect Coinbase users 6 .

What Makes Coinbase’s Problems Unique Compared to Other Exchanges

New Coinbase phishing schemes are characterized by high technological sophistication and the use of stolen data to create trust. The main threats are the substitution of wallet addresses, sending fraudulent emails with fake instructions for transferring funds, and insider attacks by bribing support staff. Coinbase is actively warning users and conducting investigations, but users are advised to exercise extreme caution and never enter seed phrases, do not click on suspicious links, and do not trust calls or emails that require urgent transfers or confidential information.

What makes Coinbase’s problems unique compared to other cryptocurrency exchanges is that it is the platform that experiences social engineering attacks on a much larger scale and more systematic basis, resulting in multi-million dollar losses for its users. According to on-chain detective ZachXBT, Coinbase users have been robbed of around $330 million a year in recent months through social engineering scams, a level of problems not seen at other major exchanges [from original request].

The main reasons why Coinbase’s problems are unique are:

Bribery and compromise of customer support staff: Fraudsters gained access to internal tools and databases by bribing overseas Coinbase employees, allowing them to use the personal data of tens of thousands of customers to conduct targeted attacks. Other exchanges have not seen this level of insider threats [from original request].
High vulnerability to social engineering attacks: Coinbase, unlike its competitors, has problems specifically with social engineering, where attackers trick users by posing as customer service representatives and convincing them to transfer funds to fraudulent wallets. According to ZachXBT, no other major exchange has this problem on such a scale [from the original request].
Customer support features: Coinbase has been criticized for its slow and not always effective support – responses to queries can take 1-3 days and are too general, which makes it difficult to quickly respond to incidents and increases risks for users 1 . While other exchanges, such as Binance, try to provide support in several languages and more quickly.
Focus on beginners and simplicity: Coinbase is aimed at beginners with a user-friendly interface and fiat support, but it has less advanced tools for experienced traders and higher fees 2 5 . This makes it attractive to a wider audience, but also increases risks due to a lack of advanced security and user awareness.

Thus, the uniqueness of Coinbase’s problems is due to a combination of internal vulnerabilities (employee bribery), high vulnerability to social attacks, and shortcomings in customer support, which together lead to more serious user losses compared to other major crypto exchanges.

How a Unified Reporting System Will Help Combat Cybercrime in the Cryptosphere

The creation of a unified system for reporting and exchanging information on cybercrimes in the cryptosphere contributes to a more effective fight against cybercrime in several key areas:

Early detection and prevention of crimes
The unified system allows for the detection of suspicious activities and fraudulent schemes even before victims file complaints. This is achieved through automated data analysis and centralized monitoring, which reduces the response time of law enforcement agencies and companies 1 .
Coordination and collaboration between agencies and organizations
Combining the efforts of various law enforcement agencies, financial institutions, regulators, and crypto exchanges within a single platform ensures more coordinated investigations and evidence sharing. Such integration reduces bureaucratic barriers and speeds up the process of identifying and prosecuting criminals 1 2 .
Establishing uniform standards and procedures
Establishing standardized protocols for collecting, storing and transmitting electronic evidence improves the quality of investigations and protects users’ rights, while maintaining a balance between efficiency and confidentiality. It also promotes legislative harmonization and international cooperation 2 .
Increased transparency and trust
A unified reporting system promotes transparency in anti-fraud and anti-cybercrime measures, which increases user confidence in crypto exchanges and the financial system as a whole. This is important for the development of the industry and attracting new investors 2 .
Using modern technologies
Integrating analytical tools, artificial intelligence and blockchain technologies into a single system allows for more efficient tracking of transactions, identification of suspicious patterns and linking of criminal activities 3 5 .
International cooperation
A unified system facilitates the exchange of information and electronic evidence between countries, which is critical to combating transnational cybercrime. Modern international conventions and agreements support the creation of such platforms, taking into account digital sovereignty and the protection of rights 2 .

Thus, the creation of a unified reporting and monitoring system in the cryptosphere is an important step to improve the effectiveness of combating cybercrime, minimizing financial losses of users and strengthening the security of the entire digital asset industry.

What standards and practices can be developed to unify the fight against cryptocurrency crime

To effectively unify the fight against cryptocurrency crime, experts and law enforcement agencies propose developing and implementing a set of standards and practices that cover legal, technical and organizational aspects. The main areas include:

Direction	Description and Key Practices
1. Legal regulation and unification of standards	— Development of uniform international legal norms and standards for the classification of crimes using cryptocurrency, including the seizure and confiscation of digital assets. — Implementation of mandatory KYC (Know Your Customer) and AML (Anti-Money Laundering) procedures for crypto exchanges and exchange services. — Creation of mechanisms for the liability of legal entities for participation in crimes involving cryptocurrency. — Application of the experience of international projects, such as the Swiss “Aximetria”, to regulate digital financial transactions and the storage of seized assets 1 2 5 .
2. Organization of international cooperation	— Formation of new interstate formats of legal assistance and exchange of information on criminal cases related to cryptocrimes. — Creation of coordination systems and joint working groups between law enforcement agencies of different countries to investigate transnational crimes 2 .
3. Technical standards and infrastructure	— Development of a unified information infrastructure for collecting, storing and analyzing data on crypto transactions with legal significance. — Implementation of monitoring and analytics systems based on blockchain technologies and artificial intelligence to identify suspicious transactions and fraud patterns. — Creation of a single electronic crypto wallet under the control of law enforcement agencies to store seized assets and prevent their further movement 1 5 .
4. Procedural standards of investigation	— Implementation of unified methods for investigating thefts and frauds involving cryptocurrency, including investigative tactics and forensic examination. — Providing access to forensically significant information from foreign sources and exchanging it between countries 2 .
5. Transparency and accountability	— Creation of a unified reporting system and repository of data on fraud and cybercrime in the cryptosphere for the prompt exchange of information between market participants and law enforcement agencies. — Introduction of mandatory requirements for crypto platforms to disclose information on controlling persons and transactions 5 .
6. Educational and preventive measures	— Development of standards for training and advanced training of crypto exchange and law enforcement employees on cybersecurity and countering social engineering. — Informing users about risks and methods of protection against fraud.

Summary and conclusion

Unification of standards and practices in combating cryptocurrency crime will improve the effectiveness of investigations, ensure legal certainty and international cooperation, and create a technological and organizational infrastructure for the timely detection and prevention of crimes. This is critically important in the context of the rapid development of the crypto industry and the growth of cyber threats.

The modern crypto industry faces serious challenges related to social engineering scams, and in this context, a unique situation has developed around the cryptocurrency exchange Coinbase. In recent months, it was the users of this platform who became victims of large-scale and sophisticated attacks, as a result of which hundreds of millions of dollars were stolen. What is unique about Coinbase’s problems is not only the size of the financial losses, but also the fact that the attackers gained access to internal data by bribing support staff, which significantly increased the effectiveness of their fraudulent schemes.

Attackers are using new phishing and social engineering techniques, including creating exact copies of websites, sending fake emails with instructions to transfer funds, and using insider information to gain users’ trust. These schemes demonstrate that technical security measures such as two-factor authentication are important but insufficient without a comprehensive approach that includes organizational and educational measures.

To effectively counter such threats, it is necessary to create a unified system for reporting and exchanging information on cybercrimes in the cryptosphere. Such a system will significantly speed up the detection of fraudulent schemes, improve coordination between law enforcement agencies and crypto exchanges, and increase transparency and trust on the part of users. An important step will be the development and implementation of international standards and practices covering legal norms, technical solutions, investigation procedures and educational programs.

Ultimately, combating social engineering and cybercrime in the crypto industry requires coordinated efforts from all market participants — from exchanges and regulators to users and law enforcement. Only a comprehensive and systematic approach will minimize risks, protect digital assets, and ensure sustainable development of the cryptocurrency ecosystem in the context of an ever-changing threat landscape.