Coinbase users may have lost as much as $46 million to suspected phishing scams over the past two weeks as rising crypto prices continue to attract bad actors to the industry.

Scams such as address poisoning and wallet spoofing involve tricking victims into sending assets to fraudulent wallet addresses that closely resemble legitimate ones.

According to blockchain investigator ZachXBT, multiple Coinbase-linked wallets have been targeted this month. A screenshot from blockchain explorer Blockchair shows a suspected 400 Bitcoin (BTC) theft from a single wallet address.

“It is suspected a Coinbase user was scammed yesterday for $34.9M (400.099 BTC),” the investigator wrote in a March 28 Telegram post. “After uncovering this theft I noticed multiple other suspected thefts from Coinbase users in the past two weeks bringing the total stolen this month to $46M+,” he added.

Suspected 400 BTC phishing theft victim. Source: Blockchair

“We are aware of ZachXTB’s claims and are investigating,” Jaclyn Sales, director of communications at Coinbase, told Cointelegraph, adding:

“Coinbase will never call you or ask for your login credentials, API key or two-factor authentication codes. We will also never ask you to transfer funds.”

“If someone contacts you claiming to be from Coinbase and requests this information or asks you to transfer assets, do not do it. It is a scam,” she said.

Related: Security concerns slow crypto payment adoption worldwide — Survey

Scammers continue to impersonate top brands

Scammers often impersonate large global brands to create a false sense of trust with victims.

US brands are often impersonated by scammers. Source: Mailsuite

In the crypto industry, Coinbase was the most impersonated brand by scammers, but Meta was targeted by over 25 times as many scammers as the cryptocurrency exchange, Cointelegraph reported in June 2024.

Coinbase is the world’s third-largest centralized cryptocurrency exchange (CEX), with over $1.6 billion of daily crypto trading volume, according to CoinMarketCap.

To protect themselves, Coinbase users are advised to use a dedicated email account, enable two-factor authentication, set up an address allowlist, and use Coinbase Vault for additional security, the exchange said in a February blog post.

Related: Sophisticated crypto address poisoning scams drain $1.2M in March

History of phishing losses at Coinbase

Over $65 million may have been stolen from Coinbase users between December 2024 and January 2025 in “high confidence thefts,” ZachXBT said in a Feb. 3 X post. He added:

“Our number is likely much lower than the actual amount stolen as our data was limited to my DMs and thefts we discovered on-chain which does not account for Coinbase support tickets and police reports we do not have access to.”

Source: ZachXBT

Pig butchering scams are another type of phishing scheme involving prolonged and complex manipulation tactics to trick investors into willingly sending their assets to fraudulent crypto addresses.

Pig butchering schemes on the Ethereum network cost the industry over $5.5 billion across 200,000 identified cases in 2024, according to Cyvers.

Magazine: Bitcoiner sex trap extortion? BTS firm’s blockchain disaster: Asia Express