Social engineering scams have seen a notable uptick in the first quarter of 2025, with Coinbase users emerging as a particularly targeted demographic. Investigations conducted by Web3 researcher ZachXBT revealed that users had lost over $100 million in funds since December 2024, with annual losses reaching as high as $300 million. These figures underscore the severity of the situation, as the rise in such scams coincides with the increasing sophistication of cybercriminal tactics.

BeInCrypto engaged with Coinbase's Chief Information Security Officer (CISO), Jeff Lunglhofer, to delve deeper into the vulnerabilities that make users susceptible to these attacks, the mechanisms behind these scams, and the steps being taken to mitigate them. During the first three months of 2025, numerous Coinbase users became victims of social engineering scams. As the leading centralized exchange in an industry where hacking techniques continue to evolve, this trend was anticipated.

ZachXBT's research highlighted several instances where users received messages from different X users detailing significant withdrawals from their Coinbase accounts. On March 28, ZachXBT exposed a substantial social engineering exploit that cost one individual nearly $35 million. Further investigations during that timeframe identified additional victims of the same scam, pushing the total stolen funds for March alone to over $46 million.

An earlier investigation by ZachXBT, completed a month prior, disclosed that $65 million was stolen from Coinbase users between December 2024 and January 2025. Additionally, it was reported that Coinbase has been dealing quietly with a social engineering scam issue resulting in annual losses of $300 million for its users. While Coinbase users have been disproportionately affected, centralized exchanges in general have also been significantly impacted by these advanced scams.

Publicly available data on the progression of social engineering scams over recent years is limited and somewhat dated. However, the statistics presented in the existing reports are striking. In 2023, the Internet Crime Complaint Center (IC3), under the U.S. Federal Bureau of Investigation (FBI), issued its inaugural cryptocurrency report. Investment fraud accounted for the largest portion of cryptocurrency-related complaints, constituting 46% of the nearly 69,500 complaints received, or around 33,000 cases.

Investment fraud, commonly referred to as \"pig butchering,\" involves fraudulent promises of high returns with minimal risk to entice investors, particularly novice crypto enthusiasts driven by the fear of missing out on lucrative opportunities. According to the IC3 report, these schemes depend heavily on social engineering and trust-building strategies. Criminals utilize platforms such as social media, dating apps, professional networks, or encrypted messaging services to establish contact with their targets.

In 2023, these investment scams led to losses amounting to $3.96 billion for users, marking a 53% increase from the previous year. Other forms of social engineering scams, including phishing and spoofing, contributed an additional $9.6 million in losses. These scams have profoundly affected Coinbase users over the past few years.

Coinbase scammers typically generate fake emails that appear authentic using cloned website images and fabricated Case IDs. They then reach out to users via spoofed calls, exploiting personal information to build trust before sending deceptive emails. Once scammers convince users of the interaction's legitimacy, they exploit the situation to persuade them to transfer funds.

The growing sophistication of these scams highlights both the psychological manipulation involved and the specific vulnerabilities of the victims. They demonstrate that centralized exchanges are often prime targets for such exploitations. ZackXBT’s investigations and user reports on X reveal a discrepancy between the prevalence of social engineering scams and Coinbase’s apparent management effectiveness.

Public discourse suggests that Coinbase has not flagged theft addresses in common compliance tools. Victims of scams and users whose funds were frozen are urging Coinbase to take stronger actions against this rising and costly issue. Understanding how these scams occur is vital to addressing them effectively.

In January, a victim contacted the investigator after losing $850,000. In that case, the scammer contacted the victim from a spoofed phone number, likely using personal information obtained from private databases to gain their trust. The scammer convinced the victim that their account had experienced multiple unauthorized login attempts by sending a spoofed email with a fake Case ID. The scammer then instructed the victim to safelist an address and transfer funds to another Coinbase wallet as part of a routine security procedure.

In October, another Coinbase user lost $6.5 million after receiving a call from a spoofed number impersonating Coinbase support. The victim was coerced into using a phishing site. Eight months earlier, another victim lost $4 million after a scammer persuaded them to reset their Coinbase login. ZachXBT expressed concerns about Coinbase’s lack of reporting theft addresses in common compliance resources and its perceived insufficient handling of the escalating social engineering issue.

In a conversation with BeInCrypto, Jeff Lunglhofer, Coinbase’s CISO, shared his perspective on the matter. Despite recognizing the widespread harm caused by social engineering scams affecting its users, Lunglhofer emphasized that the broader crypto community should address this problem collectively rather than assigning sole responsibility to any single entity. Coinbase’s CISO referenced the exchange’s collaborative efforts with other platforms to combat this issue in his response.

Specifically, Lunglhofer pointed to the “Tech Against Scams” initiative, a partnership with industry players like Match Group, Meta, Kraken, Ripple, and Gemini to fight online fraud and financial schemes. Lunglhofer also mentioned that Coinbase adopts a similar approach when flagging theft addresses.

When asked why Coinbase does not publish theft addresses across popular compliance tools, Lunglhofer explained that the exchange follows a distinct procedure for such situations. He also mentioned Crypto ISAC, an intelligence and information-sharing group established by Coinbase in collaboration with various other crypto exchanges and organizations to distribute information related to scams.

Regarding spoofed emails, phone numbers, or phishing sites, Coinbase delegates the responsibility to external service providers. Lunglhofer acknowledged that the number of spoofed emails Coinbase identifies or receives in the form of reports far exceeds the exchange’s capacity to remove them. Coinbase uses vendors to eliminate circulating spoofs or phishing campaigns in these instances.

Although these preventive measures are crucial for the future, they offer minimal assistance for users who have already lost millions of dollars to scams. Coinbase did not respond to BeInCrypto’s inquiry about developing an insurance policy for users who lost savings to social engineering scams, leaving their approach in this area unclear.

Social engineering scams are complex, relying on significant emotional manipulation to build trust. This complexity raises questions about the degree of responsibility that lies with user vulnerability versus potential shortcomings in the centralized exchange’s user protection measures. The broader cryptocurrency community generally agrees that more educational materials are necessary to help users differentiate between legitimate communications and scam attempts.

Regarding this issue, Lunglhofer clarified that Coinbase will never initiate contact with users out of the blue. He also noted that Coinbase has recently implemented features that serve as warnings for users potentially engaging with a scam. Furthermore, the CISO cited a 'scam quiz,' an educational tool that appears as a real-time banner when a user is about to execute a transaction flagged as suspicious by the exchange.

While this feature is advantageous, its effectiveness in protecting users is difficult to quantify, especially concerning how efficiently it flags suspicious activity. Coinbase did not respond when BeInCrypto asked if the exchange internally tracks data related to social engineering scams.

A similar issue arises with Coinbase’s ‘allow lists.’ Coinbase offers a feature enabling users to create a safelist of approved recipient addresses to help prevent transactions to unfamiliar or unverified addresses. Lunglhofer strongly encourages Coinbase users to adopt this measure. However, the $850,000 scam loss suffered by a Coinbase user in January, as revealed by ZachXBT, demonstrates a critical limitation of safelists. Even after a victim adds a theft address, manipulation leading to this addition can still occur, thus nullifying the intended protection.

Sophisticated social engineering scams represent a growing threat, posing significant challenges for crypto users. Coinbase users and centralized exchanges in general are particularly affected. Despite Coinbase’s outlined efforts, the significant financial losses highlight the limitations of current industry-standard measures against determined scammers.

While cooperation is essential across the board, Coinbase, as a leading platform, must also invest more proactively in educating its users. Social engineering is primarily a user-driven issue, not a security failure for any exchange. However, platforms like Coinbase bear the critical responsibility to lead industry-wide initiatives to address these threats. The millions lost serve as a stark reminder that vigilance and collective action are crucial in safeguarding users against these increasingly refined and frequent attacks.

以上内容由悟空财富根据公开信息整理，与本站立场无关，如存在问题请联系我们，本文为数据整理，不对您构成任何投资建议，投资有风险，请谨慎决策。