{"id":36044,"date":"2025-02-04T17:30:02","date_gmt":"2025-02-04T14:30:02","guid":{"rendered":"https:\/\/coinengineer.net\/blog\/?p=36044"},"modified":"2025-02-04T17:06:38","modified_gmt":"2025-02-04T14:06:38","slug":"coinbase-loses-users-300-million-annually-due-to-vulnerabilities","status":"publish","type":"post","link":"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/","title":{"rendered":"Coinbase Loses Users $300 Million Annually Due to Vulnerabilities"},"content":{"rendered":"<p>Crypto researchers <strong>ZachXBT and tanuki42<\/strong> claimed <strong>that Coinbase has ignored security vulnerabilities<\/strong> and that this negligence <strong>is costing<\/strong> investors <strong>up to $300 million every year<\/strong>.<\/p>\n<p><strong>According to data shared on February 3,<\/strong> <strong>between December 2024 and January 2025<\/strong> alone <strong>, Coinbase users lost $65 million<\/strong>. However, the researchers noted <strong>that complaints that were reported to the police but could not be accessed were not included in the calculations<\/strong>, so the actual losses could be much higher.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_71 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#Coinbase_Users_Targeted\" title=\"Coinbase Users Targeted\">Coinbase Users Targeted<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#Scammers_Revelations_Shocking\" title=\"Scammers&#8217; Revelations Shocking\">Scammers&#8217; Revelations Shocking<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Coinbase_Users_Targeted\"><\/span><strong>Coinbase Users Targeted<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>According to the report, most of these scams <strong>were carried out by India-based threat actors targeting US users<\/strong>.<\/p>\n<p><strong>While<\/strong> Coinbase <strong>warned<\/strong> its users <strong>not to use VPNs<\/strong>, it turned out that the scammers were <strong>automatically blocking VPNs and<\/strong> redirecting Coinbase users to fake sites. <strong>&#8220;This suggests that Coinbase failed to diagnose the real problem,<\/strong> &#8221; the researchers said.<\/p>\n<p>In particular, the following vulnerabilities were reportedly exploited:<\/p>\n<ul>\n<li><strong>Use of legacy API keys<\/strong><\/li>\n<li><strong>An error in the verification code system<\/strong><\/li>\n<li><strong>Laundering stolen funds through Coinbase<\/strong><\/li>\n<\/ul>\n<p>ZachXBT criticized Coinbase for<\/p>\n<ul>\n<li><strong>Failure to properly report stolen wallet addresses<\/strong><\/li>\n<li><strong>Ineffective customer support team<\/strong><\/li>\n<li><strong>Lack of support in non-US time zones<\/strong><\/li>\n<\/ul>\n<p>The researchers emphasized <strong>that Coinbase needs to take urgent measures<\/strong> because <strong>millions of dollars are going to scammers every month<\/strong>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Scammers_Revelations_Shocking\"><\/span><strong>Scammers&#8217; Revelations Shocking<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In November 2024, a <strong>Coinbase phishing scammer<\/strong> admitted to <strong>making at least five figures a week<\/strong> by targeting company executives and software engineers.<\/p>\n<p><strong>Nick Neuman, CEO of<\/strong> Bitcoin wallet provider <strong>Casa<\/strong>, quoted a scammer as telling him:<br \/>\n<strong>&#8220;We made $35,000 two days ago. We&#8217;re doing this for a reason, there&#8217;s big money in it.&#8221;<\/strong><\/p>\n<p>The scammer also stated that <strong>they only target people with at least $50,000 in assets<\/strong>.<\/p>\n<p>The inability of Coinbase&#8217;s security policies to prevent such attacks once again <strong>highlights the platform&#8217;s weaknesses in user security<\/strong>.<\/p>\n<p><em>You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don\u2019t forget to follow us on our\u00a0<a href=\"https:\/\/t.me\/coinengineernews\" target=\"_blank\" rel=\"nofollow noopener\"><strong>Telegram,\u00a0<\/strong><\/a><a href=\"https:\/\/www.youtube.com\/@CoinEngineer\" target=\"_blank\" rel=\"nofollow noopener\"><strong>YouTube<\/strong><\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/coinengineers\" target=\"_blank\" rel=\"nofollow noopener\"><strong>Twitter<\/strong><\/a>\u00a0channels for the latest\u00a0<a title=\"News\" href=\"https:\/\/coinengineer.net\/blog\/news\/\" data-internallinksmanager029f6b8e52c=\"7\">news<\/a>\u00a0and updates.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Crypto researchers ZachXBT and tanuki42 claimed that Coinbase has ignored security vulnerabilities and that this negligence is costing investors up to $300 million every year. According to data shared on February 3, between December 2024 and January 2025 alone , Coinbase users lost $65 million. However, the researchers noted that complaints that were reported to<\/p>\n","protected":false},"author":6,"featured_media":36045,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,2],"tags":[151,11449,2415],"class_list":["post-36044","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-exchange-news","category-news","tag-coinbase","tag-tanuki42","tag-zachxbt"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Coinbase Loses Users $300 Million Annually Due to Vulnerabilities - Coin Engineer<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Coinbase Loses Users $300 Million Annually Due to Vulnerabilities - Coin Engineer\" \/>\n<meta property=\"og:description\" content=\"Crypto researchers ZachXBT and tanuki42 claimed that Coinbase has ignored security vulnerabilities and that this negligence is costing investors up to $300 million every year. According to data shared on February 3, between December 2024 and January 2025 alone , Coinbase users lost $65 million. However, the researchers noted that complaints that were reported to\" \/>\n<meta property=\"og:url\" content=\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Coin Engineer\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-04T14:30:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-04T14:06:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/thorchain_ce-1-1024x576.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"576\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tanju Akb\u0131y\u0131k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tanju Akb\u0131y\u0131k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/\",\"url\":\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/\",\"name\":\"Coinbase Loses Users $300 Million Annually Due to Vulnerabilities - Coin Engineer\",\"isPartOf\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/thorchain_ce-1.png\",\"datePublished\":\"2025-02-04T14:30:02+00:00\",\"dateModified\":\"2025-02-04T14:06:38+00:00\",\"author\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546\"},\"breadcrumb\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#primaryimage\",\"url\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/thorchain_ce-1.png\",\"contentUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/thorchain_ce-1.png\",\"width\":1920,\"height\":1080,\"caption\":\"Coinbase\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/coinengineer.net\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Coinbase Loses Users $300 Million Annually Due to Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\",\"url\":\"https:\/\/coinengineer.net\/blog\/\",\"name\":\"Coin Engineer\",\"description\":\"Btc, Coins, Pre-Sale, DeFi, NFT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/coinengineer.net\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546\",\"name\":\"Tanju Akb\u0131y\u0131k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g\",\"caption\":\"Tanju Akb\u0131y\u0131k\"},\"url\":\"https:\/\/coinengineer.net\/blog\/author\/cetanju\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Coinbase Loses Users $300 Million Annually Due to Vulnerabilities - Coin Engineer","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Coinbase Loses Users $300 Million Annually Due to Vulnerabilities - Coin Engineer","og_description":"Crypto researchers ZachXBT and tanuki42 claimed that Coinbase has ignored security vulnerabilities and that this negligence is costing investors up to $300 million every year. According to data shared on February 3, between December 2024 and January 2025 alone , Coinbase users lost $65 million. However, the researchers noted that complaints that were reported to","og_url":"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/","og_site_name":"Coin Engineer","article_published_time":"2025-02-04T14:30:02+00:00","article_modified_time":"2025-02-04T14:06:38+00:00","og_image":[{"width":1024,"height":576,"url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/thorchain_ce-1-1024x576.png","type":"image\/png"}],"author":"Tanju Akb\u0131y\u0131k","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tanju Akb\u0131y\u0131k","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/","url":"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/","name":"Coinbase Loses Users $300 Million Annually Due to Vulnerabilities - Coin Engineer","isPartOf":{"@id":"https:\/\/coinengineer.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/thorchain_ce-1.png","datePublished":"2025-02-04T14:30:02+00:00","dateModified":"2025-02-04T14:06:38+00:00","author":{"@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546"},"breadcrumb":{"@id":"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#primaryimage","url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/thorchain_ce-1.png","contentUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2025\/02\/thorchain_ce-1.png","width":1920,"height":1080,"caption":"Coinbase"},{"@type":"BreadcrumbList","@id":"https:\/\/coinengineer.net\/blog\/coinbase-loses-users-300-million-annually-due-to-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/coinengineer.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Coinbase Loses Users $300 Million Annually Due to Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/coinengineer.net\/blog\/#website","url":"https:\/\/coinengineer.net\/blog\/","name":"Coin Engineer","description":"Btc, Coins, Pre-Sale, DeFi, NFT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/coinengineer.net\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546","name":"Tanju Akb\u0131y\u0131k","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g","caption":"Tanju Akb\u0131y\u0131k"},"url":"https:\/\/coinengineer.net\/blog\/author\/cetanju\/"}]}},"_links":{"self":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/36044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/comments?post=36044"}],"version-history":[{"count":1,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/36044\/revisions"}],"predecessor-version":[{"id":36046,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/36044\/revisions\/36046"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media\/36045"}],"wp:attachment":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media?parent=36044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/categories?post=36044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/tags?post=36044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}