Blockchain researcher Zachxbt revealed that Coinbase users lost another $ 45 million in the past week due to coordinated scam in the field of social engineering.
The update, shared on its telegram channel, identifies several wallet addresses that are connected to the theft and links the latest activity to a broader pattern of crypto robbery that has been around for months.
The report contributes to the earlier investigations of Zachxbt, which have been attributed More than $ 300 million in annual losses Similar scams aimed at coinbase customers.
In collaboration with fellow researcher Tanuki42, Zachxbt followed the latest thefts in multiple block chains and discovered that attackers exploit weaknesses in the user verification and compliance processes of Coinbase.
Theft addresses that are announced are various Bitcoin and Ethereum portfolios that are reportedly connected to coordinated phishing and imitation activities.
According to the findings, victims are contacted via spoofed telephone numbers and convinced, using stolen personal information, to verify suspicious activities on their accounts.
Scammers then send fraudulent e -mails that seem to be from Coinbase, complete with fake -case -ids. Users receive instructions to move their assets to a Coinbase wallet and to be on the white list, without giving the attackers control over their money.
Persistent
Zachxbt has previously documented dozens of cases in which a consolidation wallet has led the funds with the label “Coinbase-hold.eth”. In one case, a user reportedly lost $ 850,000, with proof that the wallet had received funds from at least 25 other victims.
The blockchain researcher and victims of theft have repeatedly investigated Coinbase’s risk management. Many users report sudden account restrictions and delay in the response times of customer support.
Zachxbt repeated that Coinbase could not have been marked or freezes known theft addresses, even weeks after reports of fraudulent activities.
Two main groups are said to carry out the scams: a cohort that is known as “the com” and another that operates from India. Both mainly focus on American customers and implement cloned coinbase websites, advanced phishing panels and malignant scripts to perform their attacks.
To bypass security tools, scammers often design phishing domains to block VPN users, making detection by compliance teams more difficult.
The reports also expressed concern about earlier incidents with Coinbase systems. These include old API key barriers in tax software with which E -mails send to unauthorized recipients, and a theft of $ 15.9 million from Coinbase Commerce in 2023.
According to Zachxbt, Coinbase did not publicly announce these problems or tackled the security slacunes that made them possible.
Changes for security
To reduce the problem, Zachxbt has recommended various changes in the Coinbase platform. These include removing the requirements for telephone numbers for users with hardware tests or authentication apps, introducing optional “older” user account types with withdrawal restrictions and expanding customer support for international users.
He also argued for proactive community education, regular updates of incident response and the immediate flags of known theft addresses.
Although Zachxbt recognizes the broader contributions from Coinbase to the crypto-sector, including the base layer-2 blockchain, asset repair aids and active legal defense against the US Securities and Exchange Commission, he argues that this progress is at the expense of individual user safety.
The disclosure contributes to a growing number of evidence that suggests that Coinbase has become a recurring target for advanced social engineering campaigns. Zachxbt emphasizes that no other big exchange registers the same problem.