Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack

Coinbase users have become the prime targets of an intricate social engineering campaign since early 2025.

Reports from on-chain investigator Zach reveal that over $300 million is stolen annually through these meticulously coordinated attacks, with a staggering $45 million lost in just one week in May.

Unlike traditional hacks exploiting technical vulnerabilities, these scams manipulate human psychology, leveraging stolen insider data including names, addresses, contact details, and ID photos to execute highly personalized fraud.

The U.S. Department of Justice has launched an investigation into a suspected data leak at Coinbase, with the exchange confirming insider involvement on May 15, highlighting the severity of this ongoing crisis primarily affecting U.S.-based users.

On-Chain Laundering Exposed

The attackers, comprising low-level “skid” groups from the Com community and organized cybercrime syndicates in India, employ a four-stage methodology that bypasses Coinbase’s technical infrastructure.

Initially, they impersonate official support using spoofed PBX phone systems like FreePBX and Bitrix24, creating urgency with claims of “unauthorized access” or “suspicious withdrawals,” followed by phishing emails and texts with fake recovery links leading to cloned websites.

Victims are then guided to install Coinbase Wallet, tricked into importing a scammer-provided seed phrase under the guise of securing funds, and finally coerced into transferring assets, which are swiftly drained.

Blockchain analysis via MistTrack shows funds, mainly BTC and ETH, are laundered through complex processes ETH swapped to DAI or USDT via Uniswap, BTC bridged to Ethereum using THORChain or Chainflip, then dispersed across addresses or centralized exchanges.

According to the Report, this technical proficiency in on-chain obfuscation underscores the attackers’ advanced capabilities, with some scam-linked addresses still holding dormant stablecoins, evading immediate detection.

Additionally, tools like Telegram bots (@spoofmailer_bot) and ChatGPT-aided data segmentation enable bulk phishing with alarming precision, exploiting purchased darknet datasets to tailor attacks.

Urgent Call for Enhanced Defenses

As these social engineering attacks expose critical gaps in human-centric security, both platforms and users must adapt to this evolving threat landscape.

Coinbase and similar exchanges are urged to implement behavioral risk models to detect suspicious user actions such as rapid transfers to new addresses

and enforce cooldown periods or manual reviews. Unified official communication channels and in-app anti-scam education can further mitigate impersonation risks.

For users, practicing identity compartmentalization, enabling withdrawal whitelists, and staying informed via security resources are vital steps.

Emerging tools like Web3 phishing simulation platforms by SlowMist and others offer risk-free training against such scams.

With leaked personal data also posing offline threats, as seen in real-world incidents targeting crypto professionals in 2025, vigilance extends beyond digital defenses.

This crisis demands a robust response platforms must integrate insider risk management into their security architecture, while users must verify interactions skeptically, especially under pressure.

Only through combined technical and organizational efforts can trust be preserved in the face of such sophisticated, human-exploiting cyber threats.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!