A Coinbase user reportedly lost about $34.9 million worth of BTC to scammers, according to crypto investigator ZachXBT.
ZachXBT took to his Telegram channel “Investigations by ZachXBT” on March 28 to reveal this alleged heist involving a staggering sum of 400.099 BTC, which was transferred to an address “bc1qvlustvxhqzee9tgqers4tfungrg6c0fs4u76jf.”
He also noticed other suspected thefts involving Coinbase users over the past two weeks, totaling over $46 million this month. The funds from the thefts were bridged from Bitcoin to Ethereum via Thorchain or Coinflip and subsequently converted to the DAI stablecoin.
Coinbase has yet to flag any of the theft addresses from these victims in its compliance tools.
Onchain detective discovers $34.9 million worth of BTC heist
ZachXBT had raised alarms earlier in the year that Coinbase customers, the largest crypto exchange in America, lose about $300 million to scammers annually. He revealed that about $65 million was stolen between December 2024 and January 2025, and now the numbers are climbing in March, which is becoming an increasingly troubling trend.
The scammers use sophisticated social engineering attacks and mostly target the elderly. Scammers use stolen personal data to trick users by sending fraudulent emails that impersonate official Coinbase communications, including fake case IDs, to lure victims into transferring funds to wallets controlled by the scammers.
“Scammers clone the Coinbase site nearly 1:1 and allow the scammers to send different prompts to the target via spoofed emails using panels,” ZachXBT noted.
Alongside these scams, ZachXBT also claims that Coinbase has faced multiple security breaches, which it never publicly acknowledged. These incidents include compromises involving outdated API keys for tax software sending verification codes to any email address regardless of its association with an account.
In 2023, Coinbase Commerce suffered a $15.9 million theft, while a threat actor laundered about $38 million from the BTCTurk hack through Coinbase. According to ZachXBT, these highlight systemic security lapses and inadequate customer support, which he put at the door of Coinbase’s leadership.
Coinbase lapses in regulatory compliance and ensuring security
Zach also called the crypto exchange’s compliance practice into question, saying its failure to flag addresses related to thefts in monitoring tools creates blind spots in fraud detection. He contrasted Coinbase’s approach with that of competitors like OKX and Binance, which he claims are more proactive in managing similar threats. He argued that Coinbase has repeatedly failed to take decisive action against threat actors.
In July 2024, CB Payments Limited, or CBPL, the UK branch of Coinbase, was fined £3.5 million by the UK Financial Conduct Authority for AML violations. CBPL entered a voluntary requirement with the FCA, which prevents the company from servicing high-risk clients. However, it breached this requirement and onboarded and served about 13,500 high-risk clients. The FCA says these breaches were a result of CBPL’s lack of due skill, care, and diligence in the design, testing, implementation, and monitoring of security controls.
Crypto scams are increasing in frequency and severity. In February 2025, Bybit experienced a massive security breach, which resulted in the loss of about $1.5 billion worth of Ethereum when hackers gained control of an Ethereum wallet during a routine funds transfer between a cold and hot wallet. These incidents show the persistent threat crypto exchanges face.
In response, regulatory bodies are intensifying efforts to make the crypto space safe. For example, the U.S. Securities and Exchange Commission (SEC) is revising its approach to crypto regulations and cybersecurity. SEC Commissioner Hester Peirce emphasized the need for clear regulatory frameworks that define the SEC’s jurisdiction, criticizing previous enforcement-based approaches and advocating for principles-based rule-making to foster innovation while ensuring security.
Cryptopolitan Academy: Coming Soon – A New Way to Earn Passive Income with DeFi in 2025. Learn More
News – Cryptopolitan – Read More
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sundanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu