A new wave of highly targeted social engineering attacks has hit Coinbase users in 2025. The scammers have used insider access to steal sensitive personal and account data, leading to major financial losses for victims.
Unlike traditional hacks that exploit software vulnerabilities, these attacks rely on psychological tactics. Victims are tricked into handing over their money voluntarily, often believing they are protecting it from fraud.
Some users have reported losses in the millions. Experts say this marks a dangerous shift from random phishing to carefully planned and personalized attacks.
Insider Involvement Confirmed
On May 15, Coinbase confirmed suspicions that insiders may have played a role in the data breach. The U.S. Department of Justice is now investigating what appears to be a major data leak.
According to Coinbase, the stolen data includes full names, addresses, contact information, account details, government-issued ID photos, and transaction history. This information enables attackers to impersonate users convincingly.
Millions Stolen in Ongoing Campaign
Cybersecurity firm SlowMist reported that the attack campaign has been active for months. Blockchain analyst Zach found that over $45 million was stolen from users in a single week in May.
Between December 2024 and January 2025, another $65 million was lost using similar methods. Experts estimate the total losses this year could reach $300 million.
The attacks mainly target users in the United States and appear to be part of a coordinated global campaign.
Who Is Behind the Attacks?
The operation is being carried out by two main groups: low-skill attackers from an online group called “Com,” and organized cybercrime syndicates based in India. The stolen funds are laundered through complex systems to hide their origin.
How the Scam Works
The attackers use a four-step process to bypass both technical security and user caution:
- They make phone calls using spoofed systems that show official Coinbase numbers on caller ID.
- They claim there is a suspicious login or withdrawal from the victim’s account, causing panic.
- They send phishing emails that look like real Coinbase messages, often including ticket numbers or fake security links.
- They instruct the user to install the Coinbase Wallet app and use a seed phrase provided by the attacker.
The seed phrase gives the attacker full control of the wallet. When victims transfer their funds to this wallet, the scammers quickly steal the money. The funds are then moved through multiple blockchain services to avoid detection.
A Growing Threat to Crypto Security
This campaign shows how social engineering has become one of the biggest threats in the cryptocurrency world. It highlights the need for better user education and stronger internal controls within crypto platforms.
