According to Blockchain Investigator, ZachXBT, Coinbase Users may have lost over $46M worth of Bitcoin to Phishing scams in the last two weeks.

He shared this report on 28th March in a telegram post, saying, 

“It is suspected that a Coinbase user was scammed yesterday for $34.9M (400.099 BTC). After uncovering this theft I noticed multiple other suspected thefts from Coinbase users in the past two weeks bringing the total stolen this month to $46M+.”

He also added that the funds were bridged from Bitcoin to Ethereum via ThorChain/ Chainfillip and swapped for DAI.

Coinbase team is yet to make any public news disregarding this information, but Cointelegraph says Jaclyn Sales, director of communications at Coinbase confirms that they are aware of ZachXBT’s claims and are still investigating. 

Zach also added that in February he posted an investigation on X about how $65M was stolen from Coinbase users in December 2024 up until January 2025. 

“Coinbase has quietly been facing a $300M / yr social engineering scam problem affecting its users,” he also added. 

While we wait for public announcements and clarifications of this news, it is important to remember that scams such as Phishing and wallet spoofing continue to exist in the web 3 ecosystem. 

How To Protect Yourself from Scams?

1. Recognize Common Phishing Attack Forms

Phishing attacks come in various forms, including:

• Fake Emails and Messages: Fraudsters send emails or messages that mimic centralised exchanges (CEX) like OKX or Coinbase, urging users to click on malicious links.

• Fake Websites (Spoofing): Attackers create websites that look identical to legitimate platforms to steal login details.

• Social Engineering: Scammers pose as support agents, influencers, or project team members to manipulate users into revealing sensitive data.

2. Use Official Websites and Apps

• Always manually type the URL of the exchange instead of clicking on links from emails, messages, or social media.

3. Enable Two-Factor Authentication (2FA)

• 2FA adds an extra layer of security by requiring a second form of verification. Also, make sure to use a strong, unique password and update it regularly.

• Never share your 2FA backup codes or seed phrases with anyone. Exchanges do not need them for customer support purposes.

4. Verify Emails, Messages, and Calls Before Responding

• Centralized Exchanges never ask for your password, private keys, or 2FA codes via email or phone.

• Avoid clicking on links in emails unless you are 100% sure of their authenticity. If unsure, visit the official website manually.

5. Beware of Fake Customer Support

• Always contact support through the official website and never through unsolicited direct messages.

• Official customer support representatives will not request remote access to your device or ask you to transfer funds.

6. Regularly Monitor Account Activity

• Check your exchange login history and transaction records regularly for any suspicious activity.

• If you detect unauthorized access, immediately change your password and revoke any API keys or connected wallets.

7. Stay Updated on Security Threats

• Follow official Twitter accounts, Telegram groups, and blog updates to stay informed about ongoing phishing threats.

• Join crypto communities to learn about new scam tactics and how to protect yourself.