Coinbase (COIN) users lost more than $ 65 million due to social engineering attacks in the last two months with an estimated $ 300 million lost due to such attacks annually, said the Cryptographic Detective Zachxbt in an X Post on Monday.
The lost real figure could be higher, because the amount does not include not reported, said Zachxbt.
Coinbase has not publicly commented on the matter and did not respond to a request for comments from Coindesk before the publication.
The scammers use stolen personal data to deceive users by sending false emails that mimic the official Coinbase communications, including the identifications of false cases that allow users to transfer funds to wallets controlled by scams, Zachxbt said.
“The scammers clon the coinbase site almost 1: 1 and allow the scammers to send different indications to the target through counterfeit emails using panels,” he said. “The two main groups that make these scams are skates of the actors and threats located in India, both mainly aimed at US clients.”
“A Coinbase employee told people in X to stop using VPN to avoid being marked as suspects. Meanwhile, threat actors will explicitly block VPN of Phishing sites, ”Zachxbt wrote in the now viral publication. “This shows the failure of coinbase to diagnose the real problem.”
Zachxbt advised Coinbase to improve security by making telephone number inputs optional, creating a type of restricted account for new users and improving community education in the prevention of the scam.
