Coinbase scams: How they work and how you can stop them
The phone rings and it’s a number you don’t recognize. You answer and there’s a friendly yet concerned voice on the other end. The caller says they’re from Coinbase, your account is in danger, and they’re here to help. The trap is set.
In recent months, many bitcoin and crypto holders have been the target of a series of phishing and social engineering attempts related to their Coinbase accounts.
As much as $300 million in assets has been lost in these scams, including $65 million in December 2024 and January 2025, according to researcher ZachXBT.
In addition to the above, many customers are having the opposite problem. Their assets are secure at Coinbase, but they can’t withdraw them due to account restrictions. In this overview, we’ll discuss what you should know to protect yourself and your assets.
How the scams work
The “Coinbase scams” are a combination of phishing and social engineering. Phishing is when scammers try to bait you into giving up sensitive information like a seed phrase with unsolicited communications. Social engineering is when scammers manipulate you into giving up information or taking an action.
2/ Myself and @tanuki42_ spent time reviewing Coinbase withdrawals and gathering data from my DMs for high confidence thefts on various chains.
— ZachXBT (@zachxbt) February 3, 2025
Below is a table we created which shows $65M stolen from Coinbase users in Dec 2024 - Jan 2025.
Our number is likely much lower than… pic.twitter.com/ZceQ5AggYU
There are a variety of tactics used, and scammers are known for adapting their scripts on the fly. Here’s an example of how one of the scams could work.
- The scammer calls you on the phone and says they are from Coinbase (or another exchange)
- They inform you of suspicious activity or unauthorized logins on your account.
- They send you an email containing a link that appears to come from Coinbase. This email will describe steps you can use to secure your account, such as resetting your password or enabling two-factor authentication (2FA).
- If you have SMS-based 2FA enabled, a text message may arrive to the scammer’s phone without your knowledge as the result of a SIM swap.
- The link directs you to a spoofed Coinbase webpage
- The page asks you for your login credentials or a seed phrase. Alternatively, the scammer may talk you into sending funds from a new address.
- If you provide the requested information, the scammers use it to drain your account or your on-chain address.
My fellow co-founder and Casa CEO Nick Neuman was even targeted by one of the scams. He knew what the scammers were up to and got them to explain how they operate behind the scenes.
How scammers find victims
Trading bitcoin and other crypto creates a lot of data. Some of it is public on blockchains while other data arises from KYC identification practices that link trading activity to contact information and other personally identifiable information. While that latter data is expected to be kept private, it can nonetheless end up public on hacker forums and other places on the Dark Web.
Social engineers parse through this data and social media activity to zero in on likely targets with enough assets to be worth their time. It’s common for crypto investors to have accounts at multiple exchanges, so bad actors will often assume you have a Coinbase account, especially if you are based in the U.S.
No data breach at Coinbase has to occur for you to be targeted.
It’s worth noting that these scams aren’t necessarily specific to Coinbase. They can easily be used to target accounts at other services. Scammers simply choose Coinbase because it has significant market share in the U.S. and other countries, thus the probability of you having an account there is higher.
Why is this scam successful?
Humans are social creatures and we have psychological biases. While we tend to preach “don’t trust, verify” in bitcoin and security circles, our defenses often drop when an actual scam shows up in our lives. We think it’ll never happen to us, and when it does, it’s easy to believe another human voice actually cares.
Navigating account restrictions
It’s hard for exchanges to stop scammers, especially when they manipulate users through social engineering. The crime looks like legitimate activity when it’s primarily coming from your devices.
Depending on what an exchange tries to do to detect scammers, false positives can occur. And there are various compliance reasons why an exchange may freeze withdrawals on your account.
When your account is restricted, it can be highly unsettling even if it’s just temporary. Many crypto holders have found themselves stranded from their assets.
Coinbase has restricted my account without any explanation, and support refuses to provide clarity.
— Erik Stevens 🐆 (@HopiumPapi) December 12, 2024
As a paying Coinbase One customer with over $2,000,000 in inaccessible assets, I’d appreciate an immediate explanation.
cc: @coinbase @CoinbaseSupport @brian_armstrong pic.twitter.com/Yx9JqNHxuY
If you have bitcoin or other assets sitting in an exchange account, you are at the mercy of that exchange. While tagging them on social media may get their attention, it is up to the exchange to lift the restriction and you will have to comply with their process since they hold the keys.
If you want to avoid having assets restricted by an exchange, self-custody is the best way to ensure your access is free from third-party interference.
Tips for avoiding scams
As a rule of thumb, never trust incoming messages. There are three telltale signs of a scam:
- Someone contacts you without you having contacted them
- They say you have to take an action right now — time is a factor
- The request involves money, a valuable asset, or sensitive information
If you receive one of these requests, verify it out of band through another form of communication. For example, if you receive a phone call from someone claiming to be Coinbase, log onto Coinbase with another device and contact their support team there. Remember that Coinbase and other exchanges are highly unlikely to ever call you.
Don’t answer phone calls from unknown numbers. If someone is calling you and you’ve never heard from them before, they’re probably a scammer or trying to sell you something.
Separate your trading activity from the rest of your online activity with different email addresses and fresh passwords for each account. Remember that your email address is a primary data point used to triangulate you around the web.
Avoid publicizing your involvement with bitcoin and other digital assets. This can also cause you to be targeted physically as well as digitally.
For Casa clients, we recently rolled out a new feature to help you ensure your bitcoin remains undisturbed. Our deepfake verification codes give you two-way verification so you know you’re talking to a Casa Advisor, and our team knows they are talking to you.
Want help defending yourself from scammers? We got you.
The growing trend of scams is just one of many reasons why it’s critical to consider the rest of your security, not just bitcoin. As a Casa Private Client, you can access personal guidance from expert advisors and a complete blueprint for your digital life to avoid leaving breadcrumbs of data everywhere you go online. Learn more here.