Coinbase, the largest exchange of encrypted currencies in the United States, faces an increase in the fading operations of millions of losses.
Between December 2024 and January 2025, at least $ 65 million of Coinbase users through advanced social engineering plans was reported.
The attacks, which were detailed by the Blockchain Zachxbt investigator, are increasingly weak in the stock market safety.
1/ During the past few months, I imagine that you have seen many Coinbase users complain of X about their suddenly restricted accounts. This is the result of aggressive risk models and Coinbase’s failure to stop its users from losing $ 300 million a year to fraud in social engineering.
These fraud processes depend on deceptive emails, fake customer service calls, and fake Coinbase sites to deceive users to transfer money.
Once the theft is washed quickly through Blockchain bridges and mixers, which makes healing almost impossible.
Despite the repeated warnings of security experts, Coinbase struggled to implement effective counter measures, leaving its users vulnerable to rising threats.
How infiltrators exceed Coinbase
An analysis by Zachbt and another researcher revealed a wide range of fraud that takes advantage of the Coinbase security infrastructure. One of the users lost 110 CBTC, a bitcoin wrapped on the basic network for Coinbase, at a value of $ 11.5 million.
Another victim was deceived to transfer $ 850,000 to the fraudsters, as investigators track money to one address linked to more than 25 other victims.
These fraud are performed by a mixture of advanced deception tactics. Usually attackers call users via phone calls, and benefit from stolen data to show legitimacy.
They impersonate the character of Coinbase, warn users of security violations and urge immediate action.
The victims are then re -directed to the fraudulent web sites that mimic the Coinbase interface, where they unrelated the transactions that send money to the fraud portfolios.
5/ Then they sent an e -mail that seems to seem from Coinbase with a fake status identifier that acquires more confidence. They issued the victim’s instructions to transfer money to Coinbase and the White List a title while “support” achieves the safety of their accounts.
Beyond hunting, infiltrators address Coinbase’s internal security mechanisms.
Many victims have been deceived in malicious addresses in the white list or transferred to the consumer fraud portfolios as “safe” possession.
Once the transactions are completed, the money is quickly transferred across multiple groups using mixers and bridges of the crossed chain to erase any traced links.
Coinbase’s response was widely criticized. Users affected by the difficulties in reaching customer support, while not having been resolved for weeks.
Some claim that they only received general responses or were completely ignored.
Meanwhile, competing exchanges such as KAKEN, Binance and OKX have not reached similar widely, raising concerns about Coinbase security protocols.
In addition to the problem, Coinbase’s automatic risk models often restrict the accounts of Sharia users with non -disclosure of fraudsters.
The stock exchange was also criticized because of its lack of pre -emptive fraud, with fraud titles often remained unavailable within its compliance systems.
Calling urgent security reforms
As the number of hunting attacks continues, experts and Coinbase users are calling for immediate security reforms. Zachbt has identified many important steps that Coinbase should take to protect its users from future fraud.
One of the proposed measures is to enhance account safety by allowing users applying to disable the phone -based authentication in favor of safety keys or authentication applications.
For beginners and elderly users, Coinbase can provide risk reduction features, such as withdrawals restricted to new accounts.
12/ I strongly urge Coinbase to think: A) Make the phone numbers optional for users applying with the authenticator app or the safety key that has been completely verified. B) Add the user account type to beginners / the elderly does not allow withdrawal. C) Improving …
Another recommendation is to improve security monitoring in actual time and detect fraud, while enhancing customer support for fraud cases.
Many victims are slow or non -coinbase responses after losing money, which increases their losses.
In addition to internal security measures, legal measures against Internet criminals are also necessary.
Many fraud in consumer data are used from services such as TLOXP and Transunion. Experts argue that targeting these data sources can reduce the risk of social engineering attacks.
Until the Stock Exchange performs stronger security measures and protection of customers, its users remain vulnerable to the risk of increasingly developed Internet criminals.
Taking deception after Coinbase stolen $ 65 million in two months: What is the mistake that happened? First appeared on Invezz
