A significant wave of thefts has impacted Coinbase users amid a broader crypto market recovery. According to blockchain analyst ZachXBT, over $46 million in crypto has been siphoned from wallets linked to Coinbase over the past two weeks. The core of these schemes involves address poisoning and fake wallet interfaces.
400 BTC Withdrawn From a Single Address
On March 28, ZachXBT reported a suspicious transaction of 400.099 BTC (worth about $33.5 million at the time), suggesting the funds may have belonged to a phishing victim using Coinbase. He later uncovered additional cases over the same two-week period, estimating total losses at more than $46 million.
As evidence, ZachXBT posted a screenshot from Blockchair, a blockchain explorer, showing a large transaction sent to an unknown address.
Coinbase Initiates Internal Review
Coinbase spokesperson Jaclyn Sales confirmed that the company is reviewing the claims shared by ZachXBT. She emphasized that Coinbase never requests login credentials, API keys, or two-factor authentication codes — whether by phone or via messaging apps. Anyone making such requests is a scammer.
Address Poisoning and Fake Interfaces
One of the key techniques used is address poisoning — where scammers alter the first or last character in a recipient’s address, tricking the user into sending funds to the wrong wallet. Other tactics include fake versions of popular wallets and phishing websites disguised to look like Coinbase’s interface.
According to Mailsuite, Coinbase was the most impersonated crypto exchange in June 2024. However, Meta was impersonated over 25 times more frequently in phishing contacts.
The Problem Is Bigger Than It Seems
ZachXBT noted that his $46 million estimate is likely conservative. Back in February, he wrote that between December 2024 and January 2025, Coinbase users may have lost another $65 million in what he called "high-probability thefts", with at least $150 million stolen over the past year.
He clarified that these figures only include cases reported directly to him or traceable via on-chain analysis. They do not include support tickets or police reports.
In its February blog post, Coinbase advised users to:
- Use a dedicated email address for their account.
- Enable two-factor authentication (2FA).
- Set up a whitelist for withdrawal addresses.
- Use Coinbase Vault for storing large balances.
Read Also:
- Data of 230,000 Binance and Gemini Users Leaked on the Dark Web
- Blockchain Detective ZachXBT Helps Recover $20M for the U.S. but Receives No Reward
- Microsoft: New Virus StilachiRAT Targets MetaMask, Trust Wallet, and Other Crypto Wallets
This post is for informational purposes only and is not an ad or investment advice. Please do your own research making any decisions.