Over the past two weeks, Coinbase users have lost around $46 million to phishing scams. These fraudulent schemes have become more common as cryptocurrency prices continue to rise, attracting scammers who use increasingly sophisticated tactics to steal funds.
One of the most common methods criminals use is address poisoning and wallet spoofing. These scams involve creating fake wallet addresses that look nearly identical to legitimate ones.
The goal is to trick users into mistakenly sending their funds to a fraudulent wallet. Many victims are unaware that they have been scammed until it is too late.
Blockchain investigator, ZachXBT, recently exposed several cases of Coinbase users losing large amounts of cryptocurrency.
A screenshot from Blockchair, a blockchain explorer, showed that one individual lost a massive 400 Bitcoin ($BTC) in a single transaction. At the time of the theft, this was valued at nearly $35 million.
“It is suspected a Coinbase user was scammed yesterday for $34.9M (400.099 BTC)”, ZachXBT wrote in a 28 March Telegram post. He added that other Coinbase users had also been targeted in recent weeks, increasing the total stolen amount to over $46 million.
Following these reports, Coinbase’s director of communications, Jaclyn Sales, confirmed that the company was aware of the issue and had launched an investigation. She emphasised that Coinbase never requests sensitive information from its users.
“Coinbase will never call you or ask for your login credentials, API key, or two-factor authentication codes. We will also never ask you to transfer funds”, she said.
Sales also warned users to be cautious when receiving messages from people claiming to be Coinbase representatives.
“If someone contacts you claiming to be from Coinbase and requests this information or asks you to transfer assets, do not do it. It is a scam”, she stated.
Coinbase among most targeted brands
Scammers frequently impersonate well-known companies to build trust with their victims and convince them to hand over personal information or funds. In the cryptocurrency world, Coinbase is one of the most commonly impersonated brands.
A June 2024 report revealed that, among crypto exchanges, Coinbase was the most frequently targeted by scammers. However, when compared to the wider tech industry, Meta (formerly Facebook) was impersonated more than 25 times as often as Coinbase.
This highlights how cybercriminals tend to focus on platforms with a large user base, where they can maximise their potential profits.
Coinbase is currently one of the largest cryptocurrency exchanges in the world, handling over $1.6 billion in daily trading volume, according to CoinMarketCap.
Its massive presence in the crypto space makes it an attractive target for fraudsters looking to exploit unsuspecting users.
To help users stay safe, Coinbase has shared several security recommendations. The exchange advises users to create a dedicated email account for crypto-related activities.
This can help separate important financial information from everyday communications and reduce the risk of phishing attacks.
Another key security measure is enabling two-factor authentication (2FA). This adds an extra layer of protection by requiring users to verify their identity through a second device before accessing their accounts. While 2FA is not foolproof, it can significantly reduce the risk of unauthorised access.
Coinbase also encourages users to set up an address allowlist. This security feature ensures that funds can only be sent to pre-approved wallet addresses, preventing accidental transactions to fraudulent accounts.
For those holding large amounts of cryptocurrency, using Coinbase Vault can provide additional security. The vault introduces time-delayed withdrawals and multiple approval processes, making it harder for hackers to steal funds.
Previous thefts raise security concerns
The recent loss of $46 million is just one example of the ongoing security threats faced by Coinbase users.
Between December 2024 and January 2025, over $65 million was stolen from users in what blockchain investigator ZachXBT described as “high confidence thefts”.
However, the actual amount stolen may be much higher. “Our number is likely much lower than the actual amount stolen as our data was limited to my DMs and thefts we discovered on-chain, which does not account for Coinbase support tickets and police reports we do not have access to”, ZachXBT wrote in a 3 February post on X.
One particularly dangerous type of scam targeting crypto users is known as “pig butchering”. In these schemes, fraudsters engage in long-term psychological manipulation to build trust with victims before eventually convincing them to transfer their funds to fraudulent addresses.
According to a 2024 report from Cyvers, a blockchain security firm, pig butchering scams on the Ethereum network alone led to losses exceeding $5.5 billion across 200,000 cases. This highlights the enormous scale of these operations and the sophistication of the criminals behind them.
Binance and Gemini data leaks increase risks
In a separate cybersecurity incident, more than 230,000 Binance and Gemini user records were found for sale on the dark web. The leaked data included full names, email addresses, phone numbers, and location details of affected users.
Most of the compromised records belong to individuals in the United States, with smaller portions coming from the UK and Singapore.
On 27 March, a dark web user known as AKM69 allegedly posted a database containing 100,000 Gemini user records.
According to Dark Web Informer, the attacker claimed that the stolen data could be used for scams, fraud, and targeted advertising.
Meanwhile, another dark web user, kiki88888, reportedly listed over 132,000 Binance user records. This batch allegedly includes login credentials from Binance, one of the world’s largest cryptocurrency exchanges.
Although these leaks are alarming, cybersecurity experts believe they were not caused by direct hacking of Binance or Gemini’s systems. Instead, they suspect that the data was obtained through phishing attacks, where users were tricked into providing their credentials.
Fraudsters often impersonate legitimate platforms or create fake advertisements to lure users into entering their details on fraudulent websites. Once they gain access to login credentials, they can steal funds or sell the information on the dark web.
Dark Web Informer issued a warning to crypto users, highlighting the risks of poor online habits. “Some of you really need to stop clicking random stuff”, they said, emphasising the importance of digital caution.
Protecting against crypto scams
Despite these major security breaches, neither Binance nor Gemini has made an official statement confirming the extent of the leaks.
This lack of transparency has left many users uncertain about how much of their personal data has been compromised.
Meanwhile, Coinbase continues to deal with its own security challenges. According to reports, over $46 million was stolen from Coinbase users through phishing scams in March alone.
Security experts are urging cryptocurrency investors to take extra precautions to protect their assets.
A February 2025 report from Scam Sniffer, a blockchain security firm, revealed that more than $15 million was lost to phishing scams in just the first two months of the year.
To stay safe, users should always enable two-factor authentication (2FA), which makes it harder for hackers to access accounts.
Additionally, they should avoid clicking on unknown links or responding to unsolicited messages from supposed customer support representatives.
Using a hardware wallet is another effective way to safeguard digital assets. Unlike online wallets, hardware wallets store cryptocurrencies offline, making them less vulnerable to hacks.
Finally, it is crucial to double-check wallet addresses before making any transactions. Many phishing scams rely on victims sending funds to fraudulent addresses that closely resemble real ones.
With phishing scams and data leaks on the rise, cryptocurrency users must remain vigilant and prioritise security to protect their investments.
