Coinbase is facing mounting pressure on multiple fronts as it navigates regulatory challenges and security concerns. The cryptocurrency exchange has called on US regulators to clarify whether banks are permitted to provide services to crypto firms, arguing that current policies create unnecessary barriers. At the same time, blockchain investigators have accused Coinbase of failing to address security vulnerabilities that have led to millions in user losses. As regulatory uncertainty and security risks persist, the exchange’s role in shaping the future of crypto banking and investor protection remains in focus.
Coinbase Faces Criticism Over Security Lapses as Users Lose Millions to Scams
Cryptocurrency exchange Coinbase is under fire after two prominent blockchain investigators, ZachXBT and tanuki42, accused the platform of failing to address security vulnerabilities that have led to massive investor losses. According to their research, Coinbase users lost over $65 million in just December 2024 and January 2025, with estimated annual losses exceeding $300 million due to social engineering scams.
The investigators shared their findings on X, highlighting that their reported numbers were likely conservative estimates as they did not include unreported police complaints and Coinbase support tickets.
“Our number is likely much lower than the actual amount stolen as our data was limited to my DMs and thefts we discovered on-chain, which does not account for Coinbase support tickets and police reports we do not have access to,” ZachXBT stated.
One of the key criticisms levied against Coinbase was its inability to diagnose the actual cause of these scams. The investigators noted that some of the most sophisticated attacks were orchestrated by scam groups in India, with a significant focus on US-based users.
Coinbase advises its customers against using virtual private networks (VPNs) to prevent being incorrectly flagged by its internal security system. However, ZachXBT and tanuki42 highlighted that scammers specifically block VPN access on their phishing sites, which further exposes users to attacks.
Additionally, ZachXBT and tanuki42 detailed several long-standing security issues on Coinbase that have yet to be addressed:
Exploits of old API keys, allowing attackers to gain unauthorized access.
Verification code-related bugs, which can be manipulated to bypass security layers.
The ability to launder stolen funds through Coinbase due to inadequate monitoring.
The investigation further criticized Coinbase’s compliance practices, stating that the company fails to properly report scam addresses in widely used compliance tools, making it easier for bad actors to operate undetected.
In addition, Coinbase’s customer support has come under scrutiny for being largely ineffective. Complaints about “useless customer support agents” and a lack of assistance for users outside US time zones were common themes in the investigators’ findings.
The situation has become so lucrative for scammers that one self-proclaimed Coinbase phishing scammer revealed in a November 2024 interview that they make a minimum of five figures a week by targeting specific demographics.
One of the biggest concerns highlighted by blockchain security experts is how organized and strategic these scam networks have become. Scammers are no longer targeting random victims but instead focusing on high-value individuals.
Nick Neuman, CEO of Bitcoin self-custody firm Casa, recently shared his experience with a “Coinbase support” scammer, who revealed shocking details about their operations.
“We make a minimum of five figures a week. We hit $35K two days ago; we do it for a reason; there is money to be made in it,” the scammer said.
Perhaps the most disturbing revelation was that these scammers intentionally avoid low-income individuals, instead pulling contact information from databases of people with at least $50,000 in assets. The scammer revealed that they never target “poor people.”
Coinbase’s Reputation on the Line
Coinbase has previously positioned itself as a secure and compliant exchange, often touting its regulatory approvals and security measures. However, the rising number of social engineering scams and security loopholes raises questions about the platform’s commitment to protecting its users.
While Coinbase has yet to officially respond to these latest accusations, the exchange must address its systemic security failures before more users fall victim to increasingly sophisticated scam operations.
For now, crypto users are advised to remain vigilant, double-check all communications, and never share sensitive information with supposed "support agents"—even if they claim to be from Coinbase.
Coinbase Pushes US Regulators to Clarify Banking Rights for Crypto Firms
In related news, Coinbase is intensifying its efforts to secure clear regulatory approval for US banks to provide services to cryptocurrency businesses. The exchange has formally urged the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board of Governors, and the Federal Deposit Insurance Corporation (FDIC) to confirm that banks are allowed to engage in crypto-related activities without restrictions.
According to a Feb. 4 Bloomberg report, Coinbase’s letter specifically asked the OCC to repeal an interpretive letter that, in its view, imposes an unnecessary application process for banks wanting to engage with crypto assets. This restriction, Coinbase argued, creates barriers to entry for traditional financial institutions that wish to provide banking services to crypto firms.
Additionally, the exchange called on the Federal Reserve and the FDIC to confirm that state-chartered banks are legally permitted to offer crypto custody services and execute crypto-related transactions.
Coinbase’s regulatory push is backed by three prominent US law firms—Arnold and Porter Kaye Scholer, Cleary Gottlieb Steen and Hamilton, and Wilmer Cutler Pickering Hale and Dorr. In a separate letter, these firms asserted that current federal laws already allow banks to engage in crypto services and collaborate with third-party providers like Coinbase.
Despite this, Coinbase emphasized that regulatory confirmation is essential to remove any lingering doubts in the banking sector.
“It’s important for regulators to make clear that banks can work with third-party providers in providing trading and exchange services to their customers,” said Faryar Shirzad, Coinbase’s Chief Policy Officer.
The role of traditional financial institutions in the cryptocurrency industry has been a subject of intense debate.
While major banks like BNY Mellon have advanced plans to offer crypto custody services, reports suggest that the FDIC has actively discouraged banks from expanding into the crypto sector. Some US banks were allegedly urged by the FDIC to pause their crypto-related activities, further complicating Coinbase’s push for regulatory clarity.
Coinbase’s letter comes in the wake of its ongoing legal confrontation with US regulators.
In June 2024, Coinbase sued both the Securities and Exchange Commission (SEC) and the FDIC, accusing them of coordinated efforts to isolate crypto firms from essential banking services. The lawsuit claimed that these agencies were actively blocking financial access for digital asset companies, a move that Coinbase deemed unfair and detrimental to the industry’s growth.
Paul Grewal, Coinbase’s Chief Legal Officer, reinforced these claims in January 2025, alleging that the FDIC deliberately withheld certain “pause letters” regarding cryptocurrency businesses in response to a Freedom of Information Act (FOIA) lawsuit.
The regulatory battle is unfolding at a time of political transition in the United States. With Donald Trump taking office on Jan. 20, 2025, the crypto community is hopeful for a more favorable regulatory environment.
Coinbase has been strengthening ties with the Trump administration, signaling optimism that his presidency could bring positive reforms for digital assets.
Coinbase’s Push for Banking Support in Crypto ETFs
Coinbase’s regulatory effort is particularly significant given its role as a custodian for multiple Bitcoin exchange-traded funds (ETFs), which launched in early 2024. The exchange provides custody solutions for several major US-based Bitcoin ETFs, and securing regulatory clarity for banking services could further strengthen institutional participation in the space.
Coinbase’s regulatory battle is part of the ongoing struggle for legitimacy and stability in the US crypto industry. While the legal framework technically allows banks to service crypto businesses, the lack of explicit regulatory endorsement continues to create uncertainty for financial institutions.
With new leadership in Washington, the crypto industry will be watching closely to see whether Trump’s administration removes existing barriers or if regulatory pressure on crypto remains unchanged.
For now, Coinbase is leading the charge, urging US regulators to break the silence and provide clear, definitive guidance—a move that could reshape the future of crypto-banking relations in the United States.
