Do Son 
The cryptocurrency exchange Coinbase has once again found itself in the spotlight after a sophisticated phishing campaign potentially cost its users over $46 million in Bitcoin. The revelation comes from independent blockchain analyst ZachXBT, who spent the past two weeks tracing a series of suspicious transactions, believed to be linked to client wallets on the platform.
One of the most significant thefts involved the transfer of 400 BTC—worth nearly $35 million at the time. Analysis via the Blockchair platform revealed that the assets were moved from an address associated with Coinbase. According to the analyst, this was far from an isolated case: his calculations suggest that the total amount stolen in March alone exceeds $46 million. All incidents appear to be linked to social engineering tactics and address spoofing.
The phishing techniques employed by the perpetrators rely on subtle manipulations of wallet addresses designed to resemble legitimate ones, as well as deceptive interfaces mimicking popular crypto wallets. The primary target is an inattentive user who unwittingly sends funds to a fraudulent address, failing to notice the switch.
Coinbase has acknowledged the reports and stated that an internal investigation is underway. The exchange also reiterated essential security practices. A company spokesperson emphasized that Coinbase will never request login credentials, two-factor authentication codes, API keys, or initiate unsolicited calls. Any such communication should be treated as a fraudulent attempt.
Spoofed communications masquerading as messages from major brands remain a prevalent tool in the arsenal of cybercriminals. As of mid-2024, Coinbase ranks among the most frequently impersonated brands in the cryptocurrency sector, though it still trails global giants like Meta in the overall volume of attacks—underscoring the magnitude of the threat and the vulnerability even of highly recognizable companies.
As one of the largest centralized exchanges in the world, with daily trading volumes exceeding $1.6 billion, Coinbase continues to attract increasing attention—not only from investors amid the rise in cryptocurrency prices, but also from cybercriminals. This makes the protection of users more critical than ever.
The company advises users to employ a dedicated email address for Coinbase-related activity, enable two-factor authentication, activate address whitelisting, and, when possible, utilize its Vault feature, which introduces additional layers of security for fund withdrawals.
Phishing-related thefts are not new to Coinbase. In February, ZachXBT reported losses exceeding $65 million between December and January. At the time, he also noted that the actual figure is likely higher, as internal support tickets and law enforcement reports were not included in the analysis.
Among other common phishing methods are so-called “Pig Butchering” schemes—long-term psychological manipulations wherein fraudsters build rapport with their victims before gradually coaxing them into parting with their funds. In 2024 alone, such attacks on the Ethereum network reportedly cost users $5.5 billion across approximately 200,000 incidents, according to cybersecurity firm Cyvers.
Given the persistent rise in phishing threats, experts strongly urge all market participants to remain vigilant in their cryptocurrency transactions and to regularly review the security settings of their accounts and wallets.
