TL;DR
- Over $46 million was stolen from Coinbase users in March through a wave of sophisticated phishing attacks, according to blockchain investigator ZachXBT.
- The most severe case involved the theft of 400 BTC — nearly $35 million — in a single transaction.
- Coinbase reminds users it will never request passwords, 2FA codes, or direct transfers. Still, it remains the most impersonated crypto brand by scammers.
A new wave of highly sophisticated scams has targeted users of Coinbase, the world’s third-largest cryptocurrency exchange. According to prominent blockchain investigator ZachXBT, more than $46 million worth of Bitcoin was stolen in just the last two weeks of March. The attacks involved phishing techniques such as address poisoning and wallet spoofing, which trick users into sending their funds to addresses that closely resemble legitimate ones, creating a false sense of security and authenticity.
One of the most shocking thefts involved 400 BTC — worth approximately $34.9 million — from a single wallet, as shown on the blockchain explorer Blockchair. ZachXBT shared the information on his Telegram channel on March 28, warning that this case is not isolated: several other Coinbase-linked wallets have been affected in a short period.
“Coinbase is aware of ZachXBT’s claims and we are investigating the matter,”
said Jaclyn Sales, Director of Communications at the company. She also reminded users that the platform will never ask for sensitive information or request transfers outside of official channels.
Coinbase Remains a Top Target for Crypto Scammers
Coinbase is no stranger to these types of attacks. Between December 2024 and January 2025 alone, more than $65 million in confirmed losses were reported. However, the actual number could be much higher, since many victims either don’t report the incidents or deal directly with law enforcement rather than public forums.
Scammers have increasingly relied on impersonating trusted brands to deceive users. In 2024, Meta was the most impersonated brand globally, but within the crypto space, Coinbase continues to top the list. With over $1.6 billion in daily trading volume, its visibility makes it a prime target for cybercriminals.
What Can Users Do?
Coinbase strongly recommends several protective actions: using a dedicated email account for crypto activity, enabling two-factor authentication (2FA), setting up an address allowlist, and storing long-term funds in Coinbase Vault. Most importantly, staying informed and educated remains the best defense in a digital environment that, while risky, still holds immense opportunity.
These scams should not overshadow the potential of the crypto ecosystem. Blockchain technology continues to evolve, and with vigilant and knowledgeable users, the future remains bright.
