How did Coinbase users manage to lose over $46 million in a single month? March 2025 was a crypto bloodbath. Social engineering scams ravaged Coinbase accounts with unprecedented effectiveness. One user alone lost $34.9 million on March 27. Let that sink in. Nearly $35 million. Gone.
The thieves operated with shocking precision. Multiple attacks netted them 20 BTC here, 46 BTC there, culminating in a 60 BTC heist on March 26. The largest single theft? A whopping 400 BTC. After stealing the funds, scammers quickly bridged from Bitcoin to Ethereum, converting to DAI stablecoin. Classic laundering playbook.
These weren’t amateur hackers. Two main groups emerged: “skids from the Com” and India-based threat actors. Their methods? Sophisticated as hell. They spoofed phone calls using stolen personal data, sent convincing phishing emails, and created fake warnings about account security. They even cloned the Coinbase website.
And yet somehow they operated openly on Telegram, brazenly advertising their phishing kits. The targets weren’t random. Scammers focused on US customers with at least $50,000 in assets. The fraudsters used stolen personal information from private databases to craft extremely convincing scam narratives that fooled even cautious users. Easy pickings.
This isn’t new territory for Coinbase. Between December 2024 and January 2025, users lost $65 million. The platform’s estimated annual losses to social engineering approach $300 million. That’s a lot of zeroes for a company that’s supposed to be secure.
Coinbase’s security seems about as effective as a screen door on a submarine. They failed to flag theft addresses in compliance tools, implemented overly aggressive risk models, and provided lackluster support for victims. Users with significant holdings would have been better protected using hardware wallets that store private keys offline, completely isolated from internet threats. The investigation, conducted by ZachXBT and tanuki42, uncovered the true extent of these security failures. Meanwhile, other exchanges like Kraken, OKX, and Binance somehow managed similar risks more effectively.
Investigators have recommended making phone numbers optional for KYC-verified users and creating restricted accounts for vulnerable users. They’ve also suggested improved education and legal action against known threat actors.
With social engineering attacks on financial institutions up tenfold and crypto bull runs attracting more sophisticated criminals, the timing couldn’t be worse. Regulators are watching closely. Coinbase users? They’re just watching their money disappear.
