Users on the Coinbase platform have suffered losses exceeding $45 million due to a rise in phishing attacks employing social engineering tactics.
Fraud Schemes and Losses
In the past week, over $45 million was drained from Coinbase due to complex social engineering attacks. Research by ZachXBT revealed that scammers exploited weaknesses in user verification processes to carry out the theft. Perpetrators contacted victims posing as Coinbase representatives and directed them to counterfeit emails with instructions for transferring assets.
Sophisticated Phishing Networks
In addition to spoofing phone numbers, attackers used cloned Coinbase websites. These sites replicated the original platform’s interface precisely, and criminals developed malicious scripts to bypass browser security. According to ZachXBT, in one case, a victim lost $850,000, and the same wallet received funds from over 25 other victims.
Security Oversights and Calls for Improvement
Coinbase's response to these incidents raised significant concerns. ZachXBT pointed out that the exchange failed to flag known theft addresses for weeks. In response, he suggested several changes including removing phone number requirements for users with authentication apps and enhancing customer support.
The situation regarding fund thefts from the platform underscores the need to enhance Coinbase's security. Despite technological advancements, user safety must be prioritized.
