Over $46 million worth of crypto has reportedly been stolen from Coinbase users in the past two weeks through sophisticated phishing scams. Blockchain investigator ZachXBT uncovered the series of thefts, including a single attack that drained nearly $35 million (400 BTC) from one wallet.

These scams involve deceptive techniques like address poisoning and wallet spoofing, which trick users into sending funds to malicious addresses that look nearly identical to trusted ones. ZachXBT’s findings suggest multiple Coinbase-linked wallets were hit this month, with all signs pointing to highly coordinated phishing attacks.

Coinbase confirmed it is investigating the claims. The company emphasized that it will never request login credentials, two-factor authentication codes, or ask users to transfer funds. “If someone claims to be from Coinbase and makes these requests — it’s a scam,” warned Jaclyn Sales, Coinbase’s director of communications.

Despite being a trusted name in crypto, Coinbase remains a top target for scammers impersonating brands. In fact, according to a 2024 Cointelegraph report, Coinbase was the most mimicked crypto brand, while Meta faced even more frequent impersonation attempts.

This isn't the first time Coinbase users have been hit. Between December 2024 and January 2025, more than $65 million was stolen in what ZachXBT called “high confidence thefts.” He noted the true figure is likely higher, as much of the data, including support tickets and police reports, remains undisclosed.

To stay safe, Coinbase recommends users activate two-factor authentication, create a whitelist for withdrawal addresses, use a dedicated email, and store large holdings in Coinbase Vault.

As crypto prices climb, phishing scams are escalating. In 2024 alone, over $5.5 billion was lost through Ethereum-based pig butchering scams, highlighting the ongoing threat to users in the Web3 space.