Coinbase security under fire after $46M phishing attacks

A disturbing surge in phishing scams has reportedly cost Coinbase users over $46 million in March 2025 alone, highlighting the growing threat of sophisticated cybercrime in the cryptocurrency space.

Blockchain investigator ZachXBT has been tracking a series of significant thefts, including one particularly alarming incident on March 27 involving the loss of 400.099 Bitcoin – an amount valued at approximately $34.9 million – from a single Coinbase wallet.

The stolen funds were swiftly moved across multiple blockchains, significantly complicating efforts to trace and recover them.

Other substantial losses documented by ZachXBT include 60.164 BTC on March 26, 46.147 BTC on March 25, and 20.028 BTC on March 16, painting a grim picture of the scale of the attacks.

These scams often employ cunning techniques like wallet spoofing and address poisoning.

Fraudsters deceive users into unwittingly sending funds to addresses that closely mimic legitimate ones, exploiting trust and inattention.

ZachXBT’s investigation indicates that these insidious tactics have contributed significantly to the dramatic increase in losses suffered by Coinbase users.

This recent wave of attacks echoes a similar surge in phishing scams that occurred in late 2024 and early 2025, resulting in the theft of more than $65 million in assets. However, the actual total is likely far higher.

ZachXBT emphasizes that the reported figures only encompass on-chain thefts and data obtained through direct messages.

Incidents not reported to Coinbase or law enforcement remain unaccounted for, raising serious concerns about the true extent of the problem.

Some experts estimate that, if these phishing scams persist, annual losses could soar past $300 million.

Coinbase responds, skepticism remains: is enough being done to protect users?

Coinbase has acknowledged the issue and confirmed that it is currently investigating the matter.

Jaclyn Sales, a Coinbase spokesperson, issued a statement emphasizing that Coinbase employees will never request sensitive information from users, such as login credentials, API keys, or two-factor authentication codes.

She urged users to exercise extreme caution when interacting with anyone claiming to represent the platform, particularly if they ask for personal information or request fund transfers.

Despite these warnings, skepticism persists regarding Coinbase’s ability to effectively prevent such scams.

ZachXBT points out that many of the affected addresses have not been flagged within Coinbase’s internal compliance systems, raising questions about the robustness of their fraud detection measures.

To enhance security, Coinbase advises users to enable two-factor authentication, use a dedicated email address for their Coinbase account, configure an address allowlist to restrict outgoing transactions, and store funds in the secure Coinbase Vault.

However, many users remain unconvinced that these measures are sufficient in the face of increasingly sophisticated attacks.

Phishing beyond Coinbase: a widespread threat in the crypto world

Phishing scams are not unique to Coinbase; they represent a pervasive threat across the entire cryptocurrency ecosystem. Scammers frequently impersonate well-known brands to establish a false sense of trust and manipulate victims.

Meta, for example, was targeted by over 25 times as many scammers as Coinbase in 2024.

In addition to address poisoning, fraudsters utilize tactics such as phone number spoofing and orchestrate fake customer support calls to deceive unsuspecting individuals.

One particularly devastating case involved a user who lost $850,000 after falling victim to a fraudulent Coinbase support call.

Adding to the complexity, “pig butchering” scams, where fraudsters cultivate long-term relationships with victims before coercing them into sending money, have become an escalating concern.

According to Cyvers, these scams resulted in over $5.5 billion in losses on the Ethereum network alone in 2024.

These ever-evolving tactics underscore the urgent need for continuous innovation and improvement in security measures throughout the cryptocurrency space.

The post Coinbase security under fire after $46M phishing attacks appeared first on Invezz