社會工程騙局正在上升，這些漏洞特別針對的是共同用戶

在2025年第一季度，幾位共插針用戶成為社會工程騙局的受害者。

Social engineering scams have been affecting Coinbase users throughout the first quarter of 2025. So far, Web3 researcher ZachXBT has reported that these scams have resulted in over $100 million in funds lost by December 2024, while annual losses are said to have reached $300 million.

在2025年第一季度，社會工程騙局一直在影響Coinbase用戶。到目前為止，Web3研究員Zachxbt報告說，這些騙局已導致到2024年12月的資金超過1億美元，而據說年損失已達到3億美元。

After sorting through the complaints made by different users, BeInCrypto spoke with Coinbase Chief Information Security Officer (CISO) Jeff Lunglhofer to understand what makes users vulnerable to these kinds of attacks, how they happen, and what’s being done to stop them.

在整理了不同用戶的投訴之後，Beincrypto與Coinbase首席信息安全官（CISO）傑夫·倫格霍夫（Jeff Lunglhofer）進行了交談，以了解是什麼使用戶容易受到此類攻擊，如何發生以及如何阻止他們。

Gauging the Seriousness of Scams Affecting Coinbase Users

衡量影響Coinbase用戶的騙局的嚴重性

Throughout the first quarter of 2025, several Coinbase users fell victim to social engineering scams. Considering that the leading centralized exchange in a sector where hacks are becoming more sophisticated with time, this reality is no surprise.

在2025年第一季度，幾位共插針用戶成為社會工程騙局的受害者。考慮到在駭客變得越來越複雜的行業中，領先的集中式交流，這並不奇怪。

In a recent investigation, Web3 researcher ZachXBT reported on several messages he received from different X users who had suffered major withdrawals from their Coinbase accounts.

在最近的一項調查中，Web3研究人員ZachXBT報導了他從不同X用戶那裡收到的幾條消息，這些X用戶從其Coinbase帳戶中進行了重大提款。

On March 28, ZachXBT uncovered a significant social engineering exploit that cost one individual nearly $35 million. The crypto sleuth’s further investigations during that period revealed additional victims of the same exploit, pushing the total stolen in March alone to more than $46 million.

3月28日，Zachxbt發現了一個重大的社會工程漏洞，耗資一個人將近3500萬美元。在此期間，加密偵探的進一步調查顯示了同一漏洞的其他受害者，僅在3月就將總偷來的人數推向了超過4600萬美元。

In another investigation concluded a month earlier, ZachXBT revealed that $65 million was stolen from Coinbase users between December 2024 and January 2025. He also reported that Coinbase has been quietly dealing with a social engineering scam issue costing its users $300 million a year.

在一個月前的另一項調查中，Zachxbt透露，在2024年12月至2025年1月之間，Coinbase用戶被盜了6500萬美元。他還報告說，Coinbase一直在悄悄處理一個社會工程騙局，每年耗資3億美元。

While Coinbase users have been particularly vulnerable to social engineering scams, centralized exchanges, in general, have also been significantly impacted by these increasingly sophisticated attacks.

儘管Coinbase用戶特別容易受到社會工程騙局的影響，但總的來說，集中的交流也受到這些日益複雜的攻擊的重大影響。

How Does The Broader Context Reflect This Situation?

更廣泛的環境如何反映這種情況？

Public data regarding the evolution of social engineering scams in recent years is limited and somewhat outdated. Still, the numbers in the available reports are staggering.

近年來有關社會工程騙局演變的公共數據有限且過時。儘管如此，可用報告中的數字還是驚人的。

In 2023, the Internet Crime Complaint Center (IC3) undertook by the US Federal Bureau of Investigation (FBI) released its first-ever cryptocurrency report. Investment fraud constituted the largest category of cryptocurrency-related complaints, covering 46% of the nearly 69,500 complaints received, or about 33,000 cases.

2023年，美國聯邦調查局（FBI）提出的互聯網犯罪投訴中心（IC3）發布了其第一份加密貨幣報告。投資欺詐構成了與加密貨幣相關的投訴的最大類別，佔收到的近69,500家投訴中的46％，約為33,000例。

Investment fraud, or pig butchering, involves false promises of high returns with low risk to lure investors, especially crypto newcomers driven by a fear of missing out on significant gains.

投資欺詐或養豬屠殺涉及對高回報的虛假承諾，誘使投資者風險低，尤其是由於擔心會錯過巨大收益而驅動的加密新人。

According to the IC3 report, these schemes rely on social engineering and building trust. Criminals use platforms like social media, dating apps, professional networks, or encrypted messaging to connect with their targets.

根據IC3報告，這些方案依靠社會工程和建築信任。犯罪分子使用社交媒體，約會應用程序，專業網絡或加密消息的平台來與目標聯繫。

In 2023, these investment scams resulted in losses of $3.96 billion for users, representing a 53% increase from the previous year. Other social engineering scams, like phishing and spoofing, further constituted $9.6 million in losses.

在2023年，這些投資騙局為用戶造成了39.6億美元的損失，比上一年增加了53％。其他社會工程騙局，例如網絡釣魚和欺騙，進一步構成了960萬美元的損失。

These scams have affected Coinbase users extensively over the past few years.

在過去的幾年中，這些騙局影響了Coinbase用戶。

New Scam Tactics Targeting Crypto Users

針對加密用戶的新騙局策略

Coinbase scammers tend to create fake emails that appear legitimate using cloned website images and false Case IDs. They then contact users through spoofed calls, leveraging private information to build trust before sending them these deceptive emails.

Coinbase Scammers傾向於使用克隆的網站圖像和虛假案例ID創建假郵件，這些電子郵件似乎是合法的。然後，他們通過欺騙電話與用戶聯繫，利用私人信息在發送這些欺騙性電子郵件之前建立信任。

Once scammers have convinced users of the interaction’s legitimacy, they exploit the situation to persuade them to transfer funds.

一旦騙子說服了用戶互動的合法性，他們就會利用這種情況說服他們轉移資金。

The increasing sophistication of these scams showcases both the emotional manipulation involved and the victims’ particular vulnerability. They highlight that centralized exchanges are often the primary platforms for these exploitations.

這些騙局的越來越複雜，展示了所涉及的情感操縱和受害者的特殊脆弱性。他們強調說，集中交流通常是這些開發的主要平台。

While discussing the scams on X, victims and users whose funds were frozen are urging Coinbase to take stronger action against this growing and costly issue. To understand how these scams take place is essential to effectively address them.

在討論X上的騙局時，受害者和資金被凍結的用戶敦促Coinbase對這個不斷增長且昂貴的問題採取更強大的行動。要了解這些騙局是如何有效解決這些騙局至關重要的。

How Are Coinbase Users Made Victims?

Coinbase用戶如何成為受害者？

In January, a victim contacted the investigator after losing $850,000. In that instance, the scammer contacted the victim from a spoofed phone number, using personal information likely obtained from private databases to gain their trust.

一月份，一名受害者損失了85萬美元，與調查人員聯繫。在這種情況下，騙子使用私人數據庫獲得的個人信息從欺騙性的電話號碼與受害者聯繫，以獲得他們的信任。

The scammer convinced the victim that their account had suffered multiple unauthorized login attempts by sending them a spoofed email with a fake Case ID. The scammer then instructed the victim to safelist an address and transfer funds to another Coinbase wallet as part of a routine security procedure.

騙子說服受害者，他們的帳戶通過向他們發送帶有假案件ID的欺騙電子郵件，遭受了多次未經授權的登錄嘗試。然後，騙子指示受害者在日常安全程序的一部分中，將地址救助並將資金轉移到另一個Coinbase錢包。

Last October, another Coinbase user lost $6.5 million after receiving a call from a spoofed number impersonating Coinbase support.

去年10月，另一位Coinbase用戶在接到欺騙數字的Coinbase支持的電話後損失了650萬美元。

The victim was coerced into using a phishing site. Eight months earlier, another victim lost $4 million after a scammer convinced them to reset their Coinbase login.

受害者被強迫使用網站釣魚場。八個月前，另一名受害者在騙子說服他們重置共同登錄後損失了400萬美元。

While discussing this issue on X, ZachXBT raised concerns about Coinbase’s lack of reporting the theft addresses in common compliance resources and their perceived inadequate handling of the escalating social engineering issue.

在X上討論此問題的同時，Zachxbt對Coinbase缺乏報告的盜竊地址及其對處理不斷升級的社會工程問題的處理不足表示擔憂。

In a conversation with BeInCrypto, Jeff Lunglhofer, Coinbase’s Chief Information Security Officer,

在與Coinbase首席信息安全官Jeff Lunglhofer Beincrypto的對話中