Coinbase Users Fall Victim to $46 Million in Suspected Scams: A Closer Look at Recent Hacks
A worrying turn of events for the crypto world, a blockchain investigator by the name of Zachxbt has put together a report suggesting that users of the popular exchange Coinbase have been falling prey to high-dollar thefts of late, with the value of those thefts adding up to an eye-popping $46 million in just the past couple of weeks.
The shadiest dealing associated with this report seems to have gone down last Thursday, when a Coinbase user was seen getting scammed out of $34.9 million—
The traced stolen funds have a not-so-simple story to tell. This is because they pass through Thorchain and Chainflip, two decentralized cross-chain protocols, before being exchanged for DAI (a decentralized stablecoin). These thefts in a series of complex hacks really test the security of the cryptocurrency ecosystem. With so many complex methods of robbing coins, you’d think the system was designed to be porous. Still, as they say in the business, “there’s no such thing as an unhackable system.”
ZachXBT: It is suspected a Coinbase user was scammed yesterday for $34.9M (400.099 BTC). Also multiple other suspected thefts from Coinbase users in the past two weeks bringing the total stolen this month to $46M+. Funds from each theft were bridged from Bitcoin to Ethereum via…
— Wu Blockchain (@WuBlockchain) March 28, 2025
A Rising Wave of Theft: $46 Million Stolen in Two Weeks
In the last two weeks, a number of very public thefts have been reported that involve Coinbase users. The total value of these thefts now stands at over $46 million and counting. While the biggest single event of this ongoing saga took place on Thursday, a pattern of attacks has emerged that suggests a not-so-coincidental financial hit being taken by Coinbase users.
According to Zachxbt, this hit appears to have been financially facilitated by Thorchain and Chainflip, two platforms that let users swap assets across different blockchains. In each case analyzed, the thefts were bridged through these platforms.
When the pilfered finances hitched a ride to Ethereum, they underwent a transformation into DAI—a favorite stablecoin that is almost universally employed for the kinds of trading and lending that happen in the decentralized finance (DeFi) ecosystem. The way the hackers moved the funds between chains and then turned them into stablecoins suggests something more organized than your average cybercriminal operation. This level of organization obscures the origin of the stolen assets in a way that would seem to make any authorities tracking the assets have a much harder job.
A method that crypto thieves are increasingly using to launder stolen funds is decentralized bridges and stablecoins. When they use this method, it allows them to remain more anonymous than when using other methods of laundering. And it definitely makes it harder for authorities to trace stolen assets across different networks. Lots of crypto criminals are now opting to use decentralized technologies to bypass the traditional financial system and the associated safeguards.
Coinbase’s Response: No Flags on Theft Addresses
One of the most troubling aspects of these thefts is the lack of response from Coinbase’s compliance tools. So far, the addresses associated with these thefts have not been flagged, even though the stolen funds have gone through several stages of the theft process. Exchange compliance tools are usually put to work to watch for suspicious transactions and stop them before they turn into money laundering or some other illegal act.
Coinbase operates under stringent regulations in many places. This makes it all the more concerning when they seemingly take no action on certain addresses that all other companies working in the space flag as suspicious. When you consider what a failure it is for them not to have flagged these addresses at all, it raises the issue of whether or not they can be trusted to have a safe foundation upon which the even more elaborate various elements of their in-house compliance architecture can be built.
Coinbase’s slow response might also indicate that the exchange is not as closely tuned to the sorts of signals that DeFi protocols such as Thorchain and Chainflip might give off when being used as part of a cybercriminal’s toolkit. These protocols serve perfectly good, legitimate purposes, but as with many other useful technologies, they are also experiencing a wave of interest from bad guys. And those bad guys do not want to be caught.
The Growing Risk of Decentralized Bridges and DeFi Protocols
The cryptocurrency market is still growing, and so is the sophistication of the attacks it faces. These are now targeting not just exchanges, but also users. With decentralized protocols like Thorchain and Chainflip now being used for cross-chain bridging, new opportunities for criminals to exploit have been opened up. These decentralized bridges, necessary for the growing DeFi ecosystem, present new security questions, as bad actors have begun to demonstrate.
Because they involve linking different blockchain networks, bridges are inherently more complex to secure than traditional centralized exchanges. Their decentralized protocols often result in oversight that is too weak and protections that are too few to stop bad actors from doing bad things. And when bad things are done, stolen assets are moved across different networks and laundered through stablecoins.
It is a matter of concern that stablecoins are involved in these scams. Stablecoins such as DAI, which are meant to maintain a steady value, are often used in DeFi applications for lending, borrowing, and trading. But stablecoins are also finding a growing role in money laundering operations. Their use for such purposes is a direct challenge to the supposed stability and liquidity that make them ideal candidates for employment in smart contracts and other decentralized financial instruments.
Moving Forward: Calls for Better Security and Regulation
The thefts occurring recently have renewed interest in the call for improved security within the ecosystem of cryptocurrencies. Although platforms like Coinbase have taken steps and even some leaps to improve their security protocols, it is evident that more moves need to be made in order to safeguard user assets from an increasingly bold and well-practiced cadre of digital thieves.
To meet these challenges, cryptocurrency exchanges, decentralized finance protocols, and regulators must work together much more effectively than they do today. There must be a much clearer system of signals and signs that moves both ways between these enterprises and the people who use them. These signals are about the detection of obvious and not-so-obvious bad guys (using either very good or just decent systems of detection) and the prevention of bad acts. These must also be aboveboard acts in the eyes of law enforcement.
The cryptocurrency industry is still evolving, and so too are the financial crime combatants within it. These precautionary recommendations will help users avoid the extremes of what can happen in this new world of virtual currency.
Disclosure: This is not trading or investment advice. Always do your research before buying any Metaverse crypto coins.
