Coinbase users have reportedly lost over $46 million to phishing scams in March 2025. Blockchain investigator ZachXBT traced several large thefts, including one involving 400.099 Bitcoin, valued at approximately $34.9 million, stolen from a Coinbase wallet on March 27. The stolen funds were moved across blockchains, making them difficult to trace. Other significant losses include 60.164 BTC on March 26, 46.147 BTC on March 25, and 20.028 BTC on March 16.

These scams often involve techniques such as wallet spoofing and address poisoning. Fraudsters trick users into sending funds to addresses that closely resemble legitimate ones. ZachXBT's investigation found that these tactics have led to a substantial increase in losses among Coinbase users.

A similar wave of phishing scams in late 2024 and early 2025 resulted in more than $65 million in stolen assets, with the actual total likely much higher. ZachXBT noted that the figures only account for on-chain thefts and data received through direct messages, excluding incidents not reported to Coinbase or law enforcement. This raises concerns about the scope of the problem, with some estimating that losses could exceed $300 million per year if these phishing scams continue.

Coinbase has confirmed that it is investigating the matter. Jaclyn Sales, a Coinbase spokesperson, clarified that Coinbase employees will never ask users for login credentials, API keys, or two-factor authentication codes. She urged users to remain cautious of anyone impersonating the platform, especially if they ask for sensitive information or request fund transfers. Despite these warnings, skepticism about Coinbase’s ability to prevent such scams remains high. ZachXBT pointed out that affected addresses have not been flagged in Coinbase’s compliance systems.

To bolster security, Coinbase has suggested that users enable two-factor authentication, use a dedicated email address for their Coinbase account, set up an address allowlist, and store funds in the Coinbase Vault. However, many users are still questioning the effectiveness of these measures.

Phishing scams are not limited to Coinbase. They often involve scammers impersonating well-known brands to create a false sense of trust. Meta, for instance, was targeted by over 25x as many scammers as Coinbase in 2024. In addition to address poisoning, fraudsters use phone number spoofing and fake customer support calls. One notable case involved a user losing $850,000 after being tricked by a fake Coinbase support call.

Pig butchering scams, where fraudsters build long-term relationships with victims before coercing them into sending money, have also been a growing concern. According to Cyvers, these scams led to over $5.5 billion in losses on the Ethereum network in 2024. These evolving tactics continue to highlight the need for better security in the cryptocurrency space.