Impersonation Scheme Drains $2 Million from Coinbase Users
An elaborate social engineering scheme has resulted in approximately $2 million in cryptocurrency losses for Coinbase users over the past year. According to an investigation by on-chain analyst ZachXBT, a fraudster posed as a Coinbase support employee, using polished and urgent communication to persuade victims to transfer their assets to a compromised wallet under the guise of a security procedure.
The investigator successfully identified the alleged scammer by connecting on-chain transactions to off-chain evidence, including Telegram chat screenshots and social media posts. Despite the scammer's attempts to cover their tracks by using expensive Telegram usernames and deleting accounts, their frequent online posts about their lifestyle reportedly revealed crucial identifying information, demonstrating poor operational security.
Social Engineering Fuels $16 Billion in Annual Cybercrime
The incident is part of a much larger trend where social manipulation has become a more significant threat than complex software exploits. Data from the US Federal Bureau of Investigation (FBI) shows the staggering scale of this problem, with reported internet crime losses exceeding $16 billion in 2024. These attacks often succeed by creating a false sense of urgency and authority.
Coinbase has issued repeated warnings about these tactics, stating its legitimate support staff will never ask for a user's password, two-factor authentication (2FA) codes, seed phrase, or request a transfer of funds to a so-called “safe” address. The effectiveness of these scams is often amplified by data leaks. In May 2025, Coinbase disclosed an extortion attempt involving overseas support agents who were bribed to leak customer data, providing scammers with personal details that make their impersonations more convincing.
Independent Verification Remains The Best Defense
For investors, the primary defense against such attacks is to disrupt the scammer's control of the situation. Security experts and Coinbase itself advise users to immediately end any unsolicited communication from someone claiming to be from support. Instead of using any phone number or link provided by the potential attacker, users should independently navigate to the company's official website to find legitimate contact channels.
Key red flags of a support scam include any request to share login credentials, verification codes, or install remote access software. Above all, any instruction to move funds to a new wallet or address for “safekeeping” is a definitive sign of fraud. The core principle is to slow down and verify every request, as social engineering thrives on rushed decisions.
