Coinbase Under Fire Amid Rising Crypto Scams and Security Concerns

Coinbase is facing intense scrutiny over growing security concerns and regulatory challenges. The platform has come under fire from blockchain investigators who accuse it of failing to address vulnerabilities that have led to millions in user losses. At the same time, Coinbase has urged U.S. regulators to clarify banking policies for crypto firms, arguing that current regulations create unnecessary barriers. As security threats mount and regulatory uncertainty lingers, Coinbase’s role in shaping the future of crypto banking and investor protection remains in the spotlight.

Blockchain security researchers ZachXBT and tanuki42 have accused Coinbase of neglecting critical security flaws that have contributed to widespread scams and fraudulent activities. According to their findings, Coinbase users lost more than $65 million in December 2024 and January 2025 alone, with estimated annual losses exceeding $300 million due to social engineering schemes.

The investigators shared their analysis on X (formerly Twitter), stating that these figures are likely conservative estimates as they do not account for unreported cases, police complaints, or Coinbase support tickets.

“Our number is likely much lower than the actual amount stolen as our data was limited to my DMs and thefts we discovered on-chain, which does not account for Coinbase support tickets and police reports we do not have access to,” said ZachXBT.

Growing Threat from Sophisticated Scam Networks

Investigators highlighted that many of these scams are orchestrated by organized groups operating out of India, with a primary focus on U.S.-based users. These scams leverage sophisticated phishing tactics, often blocking VPN access on their fraudulent websites to further compromise victims.

Security researchers have identified several longstanding vulnerabilities in Coinbase’s system, including:

• Exploited API keys allowing unauthorized access to user accounts.
• Verification code flaws enabling attackers to bypass security protocols.
• Weak monitoring systems, allowing scammers to launder stolen funds through Coinbase.

Additionally, the investigators criticized Coinbase’s compliance practices, stating that the company fails to flag scam addresses in widely used compliance tools, making it easier for bad actors to operate undetected.

Coinbase’s customer support has also been widely criticized for its inability to effectively assist scam victims. Users have reported difficulties in getting timely responses, with many complaining about unhelpful support agents and a lack of assistance for those outside U.S. time zones.

One of the most alarming revelations came from a self-proclaimed Coinbase phishing scammer, who boasted in a November 2024 interview that they earn five figures weekly by specifically targeting high-value individuals.

“We make a minimum of five figures a week. We hit $35K two days ago; we do it for a reason; there is money to be made in it,” the scammer said.

Blockchain security experts warn that these scam networks have evolved significantly. Instead of targeting random individuals, scammers deliberately seek out high-net-worth users, pulling data from sources containing information on individuals with at least $50,000 in assets.

Coinbase has long positioned itself as a trusted and regulated exchange, frequently emphasizing its commitment to security and compliance. However, the surge in social engineering scams, coupled with persistent security gaps, has raised concerns about whether the company is doing enough to protect its users.

While Coinbase has yet to release an official statement addressing these latest allegations, industry experts argue that the company must take immediate action to enhance its security measures, improve compliance, and restore user confidence.

In the meantime, crypto users are urged to remain vigilant, verify all communications, and avoid sharing sensitive information with anyone claiming to be a Coinbase support agent—even if they appear legitimate.