Last July we reported the most demanding fraud. He stole the users of $ 1.7 million by what he considered Coinbase employees. Between the Phishing and Social Engineering Complex, the attacker had a well -established method to secure his victim. While we thought of this relatively isolated case, recent revelations of shared cryptocurrencies reveal a much more widespread phenomenon.
- False Coinbase Advisters has stole more than $ 65 million in two months.
- The internal shortcomings of Coinbase facilitated these sophisticated and massive fraud.
FALSE COINBASE ADVISERS FALSE: Flights $ 65 million
Zacxbt He is a well -known figure in our ecosystem. In fact, it took a mission: highlighting and tracing hackers and other fraudsters who grow in the crypt.
On Monday, February 3, he shared his account x Results of the Moon Survey on Fraud with False Coinbase Advisors. A well -established method that he thought caused Years of more than $ 65 million. And in just two months, since December 2024 and January 2025.
Supported by another Internet user, @tanuki42_, carefully examined hundreds of Coinbase downloads. Have gathered data from many testimonies of victims collected through his private reports on X.
“Me and @Tanuki42_ We spent time exploring Coinbase selection and collecting data from my DMS on these flights on different chains.” (Results) They show that from December 2024 to January 2025, $ 65 million was stolen from Coinbase users. ”
Unfortunately Their numbers are significantly under total damage. In fact, their data do not take into account tickets to Coinbase assistance or police reports.
According to Zacxbt, this situation stems from double observations: especially aggressive risks and inability of the coin base to stop massive losses associated with fraud of social engineering. Which, according to their estimates, would cost customers more than $ 300 million a year.
The underside of a well -mounted fraud
In his fiber, Zacxbt carefully exposes the operandi modus used by fraudsters. Once there is no habit, they use a combination of phishing and social engineering.
It all begins when the victim is Contacted by phone via usurpe number. Scammer relies on personal data obtained on the databases that escaped and seeks to gain the confidence of his partner.
For his fraud hacker justifies the call by claiming that A corner base victim account would pass several attempts to connect unauthorized. In order to add credibility, this call is associated with -mail by reporting the same connection attempts. E -mail is again none other than e -mail with phishing that seems to come from Coinbase. This is accompanied by a false file number and adds a new layer of credibility.
Important reminder at this stage: Coinbase never calls you for this kind of verification. Life -important information that protects against this type of attempt.
E -mail actually asks the victim to convert her funds to a wallet to secure them. In addition, he calls for the victim to beat the address, all under the pretext that the support will check the security of his account.
SCAMMER shares in parallel and A fraudulent clone of the official Coinbase websiteReproduction of its interface identically.
In its thread, the zacxbt uses the case of the victim that should Lost about $ 850,000 in this fraud. The analysis revealed that this transaction was associated with a common consolidation address with more than 25 victims. All connected to ENS “Coinbase-Hold.eth”.
So many elements that indicate that fraud is not an insulated maneuver but a structured and large operation.
More errors in Coinbase
In addition to classical social engineering methods emphasizes fiber Several internal incidents in Coinbase to allow these attacks.
“Coinbase discreetly experienced related security incidents that did not publicly deal with. »»
According to Zacxbt, some users have old API keys that were to be read separately, especially for tax software. These keys should Found exposed after hack.
In addition, Coinbase would also become a victim and Recent errorWhich made it possible to send the verification code to any e -mail address. Although this e -mail address has not been linked to any Coinbase account.
It also challenges the principles of financing they pass on the platform. According to his revelation Hacker attacked BTTurk Through Coinbase he could wash $ 38 million. And without realizing the platform.
Nothing will happen on the side of Coinbase and its customer support. According to Zacxbt, the victims regularly collide with unimportant customer support.
“Many victims who contacted me are blocked by unnecessary customer support agents who never match. The Coinbase team can be incredibly difficult to reach in the United States from office hours, which is unacceptable when you work on the 24/7 market as a large company. »»
Who is responsible?
If we can partly accuse victims for not always being vigilant in the face of more and more sophisticated phishing techniques, the responsibility to lead coinbase will also return.
At the end of his thread, Zacxbt recommends several improvements to overcome this situation:
- Optional use of the phone number For users with strong authentication (authentizer or security key) and fully verified via KYC;
- Create an account category “Beginner” or “Senior” to limitFor example, withdrawals to protect users less convenient with technical softness;
- Set up proactive communication procedures .
In the face of the extent of losses that would be tens of millions of dollars every month and the growing sophistication of social engineering techniques must act. Especially because it seems that other platforms like Kraken, OKX or Binance seem to be better equipped with these threats. Proof that this is not a problem specific to this industry, but rather for a platform.
“Coinbase is in a position to have the power of these changes and give a good example, but has decided to do nothing or almost. »»
The company remains the core of the judicial and regulatory clearing in the United States. However, a recent takeover Senator’s position pro-bitcoin cynthia lummis could help coinbase if he is dry.