Hackers Launch Advanced Social Engineering Attack on Coinbase Users

A sweeping and highly organized social engineering campaign has struck Coinbase users, exposing deep-seated vulnerabilities that transcend conventional cybersecurity defenses.

Beginning in late 2024 and intensifying through early 2025, these attacks have resulted in the theft of tens of millions of dollars, according to ongoing investigations by security researchers and victim reports.

Coinbase, one of the world’s largest cryptocurrency exchanges, confirmed on May 15, 2025, that insider activity was likely involved in the unauthorized leak of user data a revelation that has prompted a U.S. Department of Justice probe and galvanized the crypto community.

Insider Data Leaks Spark Major Security Crisis

Unlike traditional hacks that breach technical infrastructure, these scams relied on leaked personal information names, addresses, contact details, account data, and even ID photos to craft precision-targeted attacks.

By impersonating Coinbase support using sophisticated PBX phone systems and email spoofing toolkits, scammers convinced users that their accounts faced immediate risk due to fabricated “unauthorized withdrawals” or “suspicious activity.”

Victims were further manipulated by pressure tactics, such as false deadlines framed as official directives, forcing hasty compliance under the illusion of urgency.

A hallmark of this attack chain involved directing users to install the official Coinbase Wallet and migrate their assets from the platform’s custodial service.

In a novel twist, instead of extracting the users’ existing seed phrases, scammers supplied their own pre-generated “secure” wallets tricking victims into believing these were officially sanctioned.

Once assets were moved, the fraudsters rapidly drained the wallets, exploiting the axiom: “Not your keys, not your coins.”

Scammers Exploit Human Vulnerabilities

Security researcher Zach, who has tracked these incidents throughout the year, estimates that such scams now siphon off upwards of $300 million annually from Coinbase users.

Many victims are US-based and are selected using data purchased from darknet markets or Telegram groups, then segmented and targeted using tools like ChatGPT and SMS spam platforms.

Attackers also utilized legitimate enterprise VoIP systems, such as FreePBX and Bitrix24, to convincingly spoof Coinbase communications.

On-chain analysis by blockchain security firm MistTrack reveals that, after siphoning assets particularly Bitcoin and Ethereum scammers employed advanced laundering techniques.

Funds were swapped across decentralized protocols or bridged from Bitcoin to Ethereum via platforms like THORChain, where they were then converted into stablecoins such as USDT or DAI.

According to the Report, in several instances, laundered assets ultimately flowed toward centralized exchanges or remained dormant on-chain, complicating forensic efforts.

As these attacks sidestep most technical countermeasures by preying on user psychology, Coinbase and other platforms are being urged to adopt stronger human-centric security controls.

Recommended measures include continuous user education through in-app warnings, behavioral anomaly detection to flag risky transaction patterns, and standardized support verification portals.

Users are advised to compartmentalize their contact information, enable transaction whitelists and cooling-off periods, and remain highly skeptical of any urgent support requests.

Significantly, the scope of leaked data poses not only online but also offline risks, prompting warnings for users to remain vigilant against potential physical threats.

This crisis underscores the urgent need for cryptocurrency platforms to address insider threats systematically and to recognize that robust technical architecture must be matched by equally sophisticated social engineering defenses.

In conclusion, the Coinbase incident highlights a paradigm shift in crypto-related cybercrime, where human vulnerabilities have become the preferred vector for large-scale theft.

Going forward, a blend of technical, organizational, and educational strategies will be indispensable to restore user trust and resilience in an increasingly complex digital landscape.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates