- Coinbase users lost $45M in a week as phishing scams exploited user trust with impersonation tactics and unpatched account flaws.
- Blockchain data traced the stolen funds to 12 wallets, revealing a coordinated cross-chain laundering pattern within hours of the breach.
- ZachXBT warns losses now exceed $330M annually, urging Coinbase to drop SMS-based 2FA and improve threat detection for all users.
A coordinated phishing campaign has siphoned over $45 million from Coinbase user wallets in just seven days. The attack, which relied on impersonation and advanced social engineering, exploited user-side vulnerabilities rather than any direct breach of Coinbase’s infrastructure.
Blockchain Investigator Traces $45M Theft to 12 Wallets
Eight Bitcoin and two Ethereum addresses received funds directly from victims during the breach, as per reports by Cointelegraph. The BTC wallets, all beginning with “bc1,” show multiple inputs and rapid fund movement patterns during the heist. The ETH addresses, both starting with “0x,” were actively linked to scam proceeds and token transfers.
Coinbase users were lured via email and direct messages imitating support teams, targeting login credentials and 2FA codes. These credentials enabled direct access to custodial and self-custody wallets, draining assets without a backend exchange compromise. According to the post, ZachXBT identified these scams as coordinated and recurring since late 2023.
ZachXBT Exposes Patterns in Telegram Report
ZachXBT confirmed in their Telegram channel that over nine figures have been stolen since late 2023 using similar phishing tactics. The disclosure detailed phishing vectors, impersonation ploys, and a breakdown of custody lapses that exposed user wallets. The Telegram report also explained that Coinbase’s risk models failed to flag these transaction patterns in time.
That said, the situation may develop differently, as the breaches appear exclusive to Coinbase users, with no confirmed cases across Binance, Kraken, or OKX. In the same update, ZachXBT noted a Coinbase bug that sends verification codes to emails not tied to platform accounts. These codes enabled bypasses in account recovery protocols without triggering internal red flags.
User Reactions Point to Broader Security Gaps
The report logged over 200 social media reactions, with 89 users reacting with laughing emojis and 33 applauding the findings. Among other reactions, 23 showed shock, 21 sadness, and 13 added heart reactions. Community members also reported delays in Coinbase customer service responses during off-peak hours.
One notable development worth mentioning is a recent claim by Ripple CTO David Schwartz, who shared a similar phishing email in January. His screenshot revealed a fake Coinbase notice urging an urgent account update to prevent disruptions. At the same time, another key trend is emerging, ZachXBT estimates annualized losses near $330 million tied to Coinbase-targeted phishing.
ZachXBT recommended that Coinbase immediately disable SMS-based authentication, which remains vulnerable to SIM swaps and phishing redirection. He also urged the platform to integrate security keys and app-based 2FA across all advanced accounts by default. Additional steps include building tiered withdrawal permissions and proactive alerts for high-risk login behaviors.
