While cryptocurrency investors were busy watching market fluctuations, scammers made off with over $46 million from Coinbase users in March 2025 alone. The biggest hit? A single user lost 400 BTC—a staggering $34.9 million—on March 27. Just like that. Gone.
These numbers are probably lowballed. Many victims don’t report losses, embarrassed they fell for scams. Between December 2024 and January 2025, thieves pocketed another $65 million. Annual losses could reach $300 million. Not exactly pocket change.
The crypto criminals’ true haul? Likely far worse. Many victims stay silent, shame keeping the real numbers hidden.
The criminals aren’t amateurs. Two main groups—”skids from the Com” and Indian threat actors—execute sophisticated attacks using spoofed phone calls, fake emails, and clone websites. They’re good at what they do. Really good. They convince users to transfer funds to Coinbase Wallet or whitelist malicious addresses. Then poof—money vanishes.
Elderly users make prime targets, but nobody’s safe. The ongoing threat trend has been targeting Coinbase users for over a year now with increasingly sophisticated tactics. Even tech-savvy customers with API keys have been duped. The most concerning issue is that threat actors deliberately block VPNs from their phishing sites, directly contradicting Coinbase’s security advice. Experts recommend using cold wallets for long-term storage of significant cryptocurrency holdings to prevent unauthorized access. The scammers convert stolen crypto using Thorchain or Chainflip, often ending up with DAI stablecoin. Clever.
Coinbase’s response? Less than stellar. Critics point to their failure to flag known theft addresses and reluctance to publicly acknowledge security incidents. They’ve finally implemented a scam quiz for large transfers and launched a security awareness campaign. Too little, too late for many victims.
Regulators are paying attention. The UK Financial Conduct Authority slapped CB Payments Limited with a £3.5 million fine, while the SEC revises its approach to crypto regulations. Meanwhile, industry-wide losses to scams hit $4.6 billion in 2023, with social engineering attacks increasing tenfold.
Prevention relies heavily on users being vigilant—strong two-factor authentication, dedicated email accounts for crypto, address allowlists, and regular API key rotation. But let’s be real: scammers only need to get lucky once. Users must be lucky every time. And in March 2025, luck ran out for too many Coinbase customers.
