Coinbase, a major cryptocurrency exchange, is facing criticism for reportedly failing to address security problems, leading to significant financial losses for users. Crypto investigators ZachXBT and tanuki42 believe that the platform’s refusal to resolve vulnerabilities costs customers more than $300 million per year.
Their calculations show that Coinbase consumers lost more than $65 million in just two months, December 2024 and January 2025. However, they believe the actual figure is greater because their analysis does not include unavailable police reports or unreported occurrences.
A major portion of these losses are due to social engineering schemes, in which fraudsters trick consumers into providing critical information. Investigators report that many of these frauds originate in India and exclusively target customers in the United States.
One of the main criticisms is Coinbase’s position on virtual private networks (VPNs). While the organization advises users against using VPNs to risk security flagging, scammers actively block VPNs on phishing sites. Investigators believe that this omission reveals a bigger problem with Coinbase’s security strategy
People also say that the platform doesn’t care about long-term security issues like API keys that are out of date, bugs in the verification code, and fraud detection that isn’t good enough. Critics also point to Coinbase’s failure to report theft-related addresses in compliance tools, inefficient customer service, and restricted assistance for users outside of U.S. time zones.
The scope of these scams is disturbing. One scammer apparently acknowledged earning at least five figures every week by targeting executives and high-income professionals. Investigators point out that these scams thrive because of Coinbase’s inadequate security measures and lack of transparency.
As worries grow, industry insiders emphasize the significance of bitcoin exchanges putting consumer safety first. Strengthening security standards, resolving vulnerabilities, and enhancing customer service are critical steps toward regaining trust and minimizing more financial losses for users.
