In the past two weeks, Coinbase users have reportedly fallen victim to phishing scams totaling up to $46 million, as the surge in cryptocurrency prices has attracted malicious actors to the ecosystem. Scams involving address poisoning and wallet spoofing have become prevalent, tricking unsuspecting victims into sending their assets to fraudulent wallet addresses that closely resemble legitimate ones.
Blockchain investigator ZachXBT has indicated that multiple wallets linked to Coinbase have been targeted recently. A notable case involved the suspected theft of approximately 400 Bitcoin (around $34.9 million) from a single wallet address, as highlighted in a Telegram post on March 28.
Suspected 400 BTC phishing theft victim. Source: Blockchair
In light of these alarming incidents, Coinbase has responded to the allegations. Jaclyn Sales, the director of communications at Coinbase, emphasized the importance of vigilance among users, stating: “Coinbase will never call you or ask for your login credentials, API key or two-factor authentication codes. We will also never ask you to transfer funds.” She further warned that any unsolicited communication requesting sensitive information or fund transfers is likely a scam.
Scammers and Brand Impersonation
Scammers often impersonate well-known brands to foster a false sense of trust among their potential victims. According to reports from Cointelegraph, Coinbase ranks as the most impersonated brand by scammers within the crypto sector. However, it is notable that Meta has faced over 25 times the amount of impersonation from scammers compared to the cryptocurrency exchange.
As one of the leading centralized cryptocurrency exchanges globally, Coinbase processes over $1.6 billion in daily trading volume, making it a significant target for cybercriminals. To mitigate the risk, users are encouraged to implement security measures such as utilizing dedicated email accounts, enabling two-factor authentication, creating an address allowlist, and taking advantage of Coinbase Vault for enhanced protection.
A History of Phishing Incidents
The surge in phishing attempts against Coinbase users is not a new phenomenon. ZachXBT highlighted that between December 2024 and January 2025, an estimated $65 million may have been lost in similar thefts, with the actual figure likely exceeding this as it does not account for unreported incidents.
Moreover, “pig butchering” scams have emerged as a significant threat in the cryptocurrency space, utilizing sophisticated manipulation tactics to deceive investors into willingly transferring their assets to fraudulent addresses. In fact, according to Cyvers, such schemes cost the industry over $5.5 billion in identified cases in 2024 alone.
As the crypto landscape continues to evolve, awareness and proactive security measures become crucial for users to protect their assets and navigate the growing risks posed by phishing scams.
