Coinbase Experiences Insider Threat? $300 Million Scam Revealed, User Data Accurately Leaked
Original Title: "Over $300 Million Lost in One Year, Coinbase Users Repeatedly Targeted by Sophisticated Scams, Is There an Insider Leak Behind the Scenes?"
Original Author: Fairy, ChainCatcher
"Hello, this is the Coinbase Security Team. We have detected unusual activity on your account..."
The voice on the other end of the phone is professional and urgent, able to accurately state your name, registered email, and recent transaction history. Will you choose to hang up immediately, or follow the "customer service" guidance to gradually transfer your funds to a so-called "secure wallet"?
Recently, multiple Coinbase users have been consecutively scammed, with staggering losses. In March alone, the stolen funds have exceeded $46 million, and the annual losses for Coinbase users due to social engineering scams have reached over $300 million.
However, how exactly have these hackers been able to precisely target their victims? How have they obtained users' personal information? This security crisis may be even more severe than imagined.
Rampant Scams, Industrialized Phishing Attacks
On March 28, blockchain detective ZachXBT revealed that in the past two weeks, there have been multiple suspected cases of Coinbase users falling victim to scams, resulting in a total stolen amount in March exceeding $46 million.
In fact, such scams have long been evident. As early as the beginning of February, ZachXBT had previously disclosed that between December 2024 and January 2025, Coinbase users had lost as much as $65 million due to similar tactics, putting Coinbase at risk of facing over $300 million in social engineering scam losses annually.
According to ZachXBT's analysis, the scam tactics have formed a mature industrial chain:
1. Fraudsters Impersonate Coinbase Official
The scammers use a spoofed phone number to call the victim and leverage the user's personal information to gain trust. They claim that the user's account has experienced unauthorized login attempts, leading the victim to cooperate with security verification.
2. Sending Phishing Emails
The scammers send fake Coinbase emails containing a forged Case ID.
3. Guide User to Transfer Funds
The scammer asks the victim to transfer funds to a Coinbase Wallet and whitelist a scam address, claiming this is a form of account security verification.
4. Clone Coinbase Website
The scammer creates an almost 1:1 replica of the Coinbase phishing website and sends different operation prompts to the victim through forged emails and a Telegram scam panel.
In addition, according to Cointelegraph, several cryptocurrency users have recently received scam emails impersonating Coinbase and Gemini. These emails usually claim that due to regulatory requirements, users must transition to a self-hosted wallet and set April 1 as the deadline to create a sense of urgency.
The emails provide links to download the Coinbase Wallet or Gemini Wallet, along with pre-generated recovery phrases. Once users use these phrases to create a new wallet and transfer assets, the funds are instantly emptied by the scammer.
Internal Data Access Issues Surface
The core of social engineering scams lies in precise information gathering. In the Coinbase user scam cases, the attackers seem to have had access to victims' personal information, including phone numbers, email addresses, transaction records, etc. This raises a key question: how did this data fall into the hands of scammers?
Yesterday, The Block co-founder Mike Dudas claimed to have received an email from Coinbase on the X platform. The content of this email was unsettling, pointing directly to internal data access issues. The email stated:
"We are writing to inform you that we have detected signs indicating that a Coinbase employee may have accessed a small number of Coinbase customer accounts' records in a manner not consistent with internal policies, including your account."
While the email stated, "Your assets remain secure, and your Coinbase account has not been compromised," and emphasized that there is currently no evidence of data leakage to external parties, this email issued a clear warning to users: internal data access issues have been confirmed and are not isolated incidents.
Dudas stated that this explains the phishing emails and calls pretending to be from Coinbase.
However, the scope of the data breach is questionable and may involve a larger set of users. Community user @ghaiankur stated: "I don't have any funds on Coinbase, and I have never used it. Yet I still received these emails because I have an account, so this may not just be targeting a few specific accounts but the entire database."
Data Breaches as an Industry Risk
Not only Coinbase, other exchanges also seem to face similar internal security vulnerabilities.
After Dudas shared the email, crypto trader Jordan Fish (@Cobie) revealed that the crypto exchange Kraken recently experienced a similar attack. He speculated: "This could be the attackers' strategy — to infiltrate the customer support team and internally steal user data."
Meanwhile, on March 27, the dark web news site Dark Web Informer disclosed that a hacker codenamed AKM69 claimed to have obtained a significant amount of private information of Gemini exchange users. The database contains 100,000 records, including the full names, emails, phone numbers, and locations of U.S. users, and even some data from Singapore and the U.K.
Either learn to protect users, or be abandoned by users.
When commenting on this incident, Solana co-founder toly suggested that exchanges should implement user-controlled transfer time locks to reduce the risk of assets being rapidly stolen. However, the essence of this event goes beyond that, exposing the internal risk control failures of exchanges and the highly industrialized nature of fraud.
Exchange security is no longer just a technical protection issue but also a matter of management and trust. In the face of increasingly sophisticated attack methods, establishing a more comprehensive risk control system will determine the future security standards of the industry.
You may also like
Japan’s Three Megabanks Plan Joint Stablecoin Issuance in Fiscal 2026
MUFG, SMBC, and Mizuho reportedly plan to jointly issue fiat-pegged stablecoins in fiscal 2026, signaling Japan’s growing push into bank-led digital payment infrastructure.
Humanity Discloses H Token Dual-Chain Attack Details, With Losses on Ethereum and BSC Exceeding $36 Million
Humanity said the H token attack across Ethereum and BSC caused more than $36 million in losses after leaked ProxyAdmin keys enabled malicious contract upgrades and token minting.
White House Discusses CLARITY Act With Law Enforcement Ahead of Senate Vote
The White House discussed the CLARITY Act with law enforcement ahead of a Senate vote, focusing on illicit finance risks and developer protections.
$75 billion in foreign capital has fled, and South Korean retail investors have absorbed it all using leverage
Bitcoin Trading Guide 2026: Strategies for Experienced Traders
What Is XAUT and PAXG? Why Tokenized Gold Is Booming in 2026
Cryptocurrency CEXs are flocking to sell US stocks, and traditional brokerages are facing an "uninvited guest."
Will the SpaceX IPO Hurt Bitcoin? Here's What Traders Are Watching
Foreign selling in the South Korean stock market accelerates, with cumulative net sales reportedly reaching $75 billion this year
On June 9, The Kobeissi Letter, citing Goldman Sachs data, reported that global investors are selling South Korean stocks at an unusually rapid pace. In the latest trading session, foreign investors sold about $801 million worth of Kospi constituent stocks again; total foreign outflows last week reached about $10 billion, and the market has been in net foreign selling on nearly every trading day over the past month. According to the data cited in the report, foreign investors have sold about $75 billion worth of South Korean stocks so far this year. Meanwhile, South Korean retail and institutional investors together recorded roughly $69 billion in net buying over the same period, suggesting that the market’s main buying support has come from domestic capital rather than returning overseas funds. The information currently disclosed still mainly comes from The Kobeissi Letter’s retelling and Goldman Sachs data summaries, while public details on the statistical period and the specific definition of “selling” remain relatively limited.
Fortune Warns of Strategy’s Financing Structure Risks as Bitcoin Premium Narrows
Fortune warned that Strategy’s Bitcoin treasury model faces growing financing risks as MSTR’s net asset premium narrows and preferred stock dividend pressure increases.
Ferrari Challenge Le Mans: Carl Moon to Dominate in WEEX Livery
Sahara AI Responds to SAHARA’s Sharp Drop: No Contract or Product Security Issues Found, Internal Investigation Underway
Sahara AI responded to SAHARA’s 60% price drop, saying no token contract or product security issues have been found and an internal investigation is underway.
WEEX Deposit/Withdrawal Dynamic Island: Your Asset Status, Always in Sight
Scaling Crypto Derivatives: The Digital Asset Infrastructure Behind High-Volume Trading
In the fast-moving digital asset ecosystem, derivatives platforms face an extreme architectural test. High-leverage futures markets demand more than just standard security—they require absolute operational precision, zero-latency matching engines, and ironclad structural scalability, all while navigating intense market volatility.
As global platforms scale to meet these demands, the industry is shifting away from rigid, monolithic setups toward a more agile, "decoupled" infrastructure philosophy.
The Blueprint for High-Volume Copy TradingFor elite global exchanges like WEEX (founded in 2018), this architectural choice becomes critical when scaling high-volume retail features like social copy trading. When thousands of users automatically mirror the real-time strategies of elite traders simultaneously, it triggers sudden, monumental spikes in concurrent transactional volume.
To prevent execution latency or settlement bottlenecks during these peak volatility events, a platform's primary engine must remain entirely dedicated to risk management, copy-trade synchronization, and order matching.
The Architectural Rule: New-generation platforms must separate front-end user execution engines from heavy backend infrastructural overhead to eliminate operational friction.
By separating these layers, platforms can maintain complete sovereignty over their trading environments and user experiences while strategically aligning with institutional-grade infrastructure ecosystems. This strategic framework allows modern exchanges to leverage advanced Digital Asset Custody infrastructure such as Cobo’s behind the scenes, ensuring that backend wallet management scales elastically alongside trading spikes.
Capitalizing on Market Momentum and 400× LeverageIn a derivatives arena where platforms offer up to 400× leverage on perpetual contracts, capital efficiency and market agility are core business metrics. To capture market momentum, an exchange needs the ability to rapidly expand its asset offerings, supporting everything from legacy crypto assets to sudden, trending altcoins across a massive library of trading pairs.
Adopting a flexible, scalable Wallet-as-a-Service (WaaS) solution such as Cobo’s could completely rewrite the development timeline for high-growth exchanges. Instead of spending months of engineering capital building out custom backend wallet architectures for every new blockchain network, platforms can deploy localized infrastructure in days.
This agility allows platforms to instantly scale their listings to over a thousand trading pairs without compromising security or delaying time-to-market. It mirrors the exact operational advantages seen during high-velocity market events, similar to how advanced wallet infrastructure empowers platforms during sudden asset surges; allowing exchanges to pass that speed and liquidity directly to their global user base.
A Mature Foundation for GrowthThe synergy between trusted infrastructure ecosystems and global trading platforms represents the natural evolution of a maturing crypto market. As WEEX continues to scale its global spot and derivatives offerings for over 6 million users, adopting robust backend paradigms proves that platforms no longer have to compromise between cutting-edge trading velocity and uncompromised structural security.
Morning Report | BitMine increased its holdings by 126,971 ETH last week; trader Eugene announced his exit from the crypto market
Wang Chuan: How can one not feel anxious after the neighbor Old Wang made thirty times profit by investing in storage stocks? (Seven) - A quarter-century cycle
Get Paid to Onboard? Try WEEX’s New Homepage with Rewards for Registration, Deposit & Trade
WEEX Custom Layout: Build Your Perfect Trading Workspace in Seconds
Japan’s Three Megabanks Plan Joint Stablecoin Issuance in Fiscal 2026
MUFG, SMBC, and Mizuho reportedly plan to jointly issue fiat-pegged stablecoins in fiscal 2026, signaling Japan’s growing push into bank-led digital payment infrastructure.
Humanity Discloses H Token Dual-Chain Attack Details, With Losses on Ethereum and BSC Exceeding $36 Million
Humanity said the H token attack across Ethereum and BSC caused more than $36 million in losses after leaked ProxyAdmin keys enabled malicious contract upgrades and token minting.
White House Discusses CLARITY Act With Law Enforcement Ahead of Senate Vote
The White House discussed the CLARITY Act with law enforcement ahead of a Senate vote, focusing on illicit finance risks and developer protections.
$75 billion in foreign capital has fled, and South Korean retail investors have absorbed it all using leverage
Bitcoin Trading Guide 2026: Strategies for Experienced Traders
What Is XAUT and PAXG? Why Tokenized Gold Is Booming in 2026
