Coinbase Users Lose $65 Million to Social Engineering Attacks
Estimated Annual Losses Reach $300 Million
Coinbase users have lost over $65 million to social engineering attacks in the past two months, with an estimated annual loss of $300 million, according to crypto sleuth ZachXBT.
Unreported Cases May Increase Actual Losses
The actual figure lost may be higher, as the amount does not include unreported cases, ZachXBT said.
Coinbase Remains Silent on the Matter
Coinbase has not publicly commented on the matter and did not respond to a CoinDesk request for comment before publication.
Scammers Utilize Stolen Personal Data
Scammers utilize stolen personal data to deceive users by sending fake emails that mimic Coinbase’s official communications, including false case IDs prompting users to transfer funds to scammer-controlled wallets, ZachXBT said.
Scam Techniques and Tactics
“Scammers clone the Coinbase site nearly 1:1 and allow the scammers to send different prompts to the target via spoofed emails using panels,” he noted. “The two main groups conducting these scams are skids from the Com and threat actors located in India, both primarily targeting US customers.”
Coinbase’s Failure to Diagnose the Problem
“A Coinbase employee told people on X to stop using VPNs to avoid being flagged as suspicious. Meanwhile, threat actors will explicitly block VPNs from phishing sites,” ZachXBT wrote in the now-viral post. “This shows Coinbase’s failure to diagnose the actual problem.”
ZachXBT’s Recommendations for Improvement
ZachXBT advised Coinbase to enhance security by making phone number inputs optional, creating a restricted account type for new users, and improving community education on scam prevention.
Conclusion
The recent social engineering attacks on Coinbase users have resulted in significant financial losses, with an estimated annual loss of $300 million. It is essential for Coinbase to take immediate action to improve security and prevent such attacks in the future. By making phone number inputs optional, creating a restricted account type for new users, and improving community education on scam prevention, Coinbase can reduce the risk of future attacks and protect its users’ assets.
FAQs
Q: How much money have Coinbase users lost to social engineering attacks?
A: Coinbase users have lost over $65 million to social engineering attacks in the past two months, with an estimated annual loss of $300 million.
Q: What are the tactics used by scammers?
A: Scammers utilize stolen personal data to deceive users by sending fake emails that mimic Coinbase’s official communications, including false case IDs prompting users to transfer funds to scammer-controlled wallets.
Q: Who are the main groups conducting these scams?
A: The two main groups conducting these scams are skids from the Com and threat actors located in India, both primarily targeting US customers.
Q: What is Coinbase’s response to the attacks?
A: Coinbase has not publicly commented on the matter and did not respond to a CoinDesk request for comment before publication.
Q: What recommendations has ZachXBT made to improve security?
A: ZachXBT has advised Coinbase to make phone number inputs optional, create a restricted account type for new users, and improve community education on scam prevention.
