社会工程骗局正在上升，这些漏洞特别针对的是共同用户

在2025年第一季度，几位共插针用户成为社会工程骗局的受害者。

Social engineering scams have been affecting Coinbase users throughout the first quarter of 2025. So far, Web3 researcher ZachXBT has reported that these scams have resulted in over $100 million in funds lost by December 2024, while annual losses are said to have reached $300 million.

在2025年第一季度，社会工程骗局一直在影响Coinbase用户。到目前为止，Web3研究员Zachxbt报告说，这些骗局已导致到2024年12月的资金超过1亿美元，而据说年损失已达到3亿美元。

After sorting through the complaints made by different users, BeInCrypto spoke with Coinbase Chief Information Security Officer (CISO) Jeff Lunglhofer to understand what makes users vulnerable to these kinds of attacks, how they happen, and what’s being done to stop them.

在整理了不同用户的投诉之后，Beincrypto与Coinbase首席信息安全官（CISO）杰夫·伦格霍夫（Jeff Lunglhofer）进行了交谈，以了解是什么使用户容易受到此类攻击，如何发生以及如何阻止他们。

Gauging the Seriousness of Scams Affecting Coinbase Users

衡量影响Coinbase用户的骗局的严重性

Throughout the first quarter of 2025, several Coinbase users fell victim to social engineering scams. Considering that the leading centralized exchange in a sector where hacks are becoming more sophisticated with time, this reality is no surprise.

在2025年第一季度，几位共插针用户成为社会工程骗局的受害者。考虑到在骇客变得越来越复杂的行业中，领先的集中式交流，这并不奇怪。

In a recent investigation, Web3 researcher ZachXBT reported on several messages he received from different X users who had suffered major withdrawals from their Coinbase accounts.

在最近的一项调查中，Web3研究人员ZachXBT报道了他从不同X用户那里收到的几条消息，这些X用户从其Coinbase帐户中进行了重大提款。

On March 28, ZachXBT uncovered a significant social engineering exploit that cost one individual nearly $35 million. The crypto sleuth’s further investigations during that period revealed additional victims of the same exploit, pushing the total stolen in March alone to more than $46 million.

3月28日，Zachxbt发现了一个重大的社会工程漏洞，耗资一个人将近3500万美元。在此期间，加密侦探的进一步调查显示了同一漏洞的其他受害者，仅在3月就将总偷来的人数推向了超过4600万美元。

In another investigation concluded a month earlier, ZachXBT revealed that $65 million was stolen from Coinbase users between December 2024 and January 2025. He also reported that Coinbase has been quietly dealing with a social engineering scam issue costing its users $300 million a year.

在一个月前的另一项调查中，Zachxbt透露，在2024年12月至2025年1月之间，Coinbase用户被盗了6500万美元。他还报告说，Coinbase一直在悄悄处理一个社会工程骗局，每年耗资3亿美元。

While Coinbase users have been particularly vulnerable to social engineering scams, centralized exchanges, in general, have also been significantly impacted by these increasingly sophisticated attacks.

尽管Coinbase用户特别容易受到社会工程骗局的影响，但总的来说，集中的交流也受到这些日益复杂的攻击的重大影响。

How Does The Broader Context Reflect This Situation?

更广泛的环境如何反映这种情况？

Public data regarding the evolution of social engineering scams in recent years is limited and somewhat outdated. Still, the numbers in the available reports are staggering.

近年来有关社会工程骗局演变的公共数据有限且过时。尽管如此，可用报告中的数字还是惊人的。

In 2023, the Internet Crime Complaint Center (IC3) undertook by the US Federal Bureau of Investigation (FBI) released its first-ever cryptocurrency report. Investment fraud constituted the largest category of cryptocurrency-related complaints, covering 46% of the nearly 69,500 complaints received, or about 33,000 cases.

2023年，美国联邦调查局（FBI）提出的互联网犯罪投诉中心（IC3）发布了其第一份加密货币报告。投资欺诈构成了与加密货币相关的投诉的最大类别，占收到的近69,500家投诉中的46％，约为33,000例。

Investment fraud, or pig butchering, involves false promises of high returns with low risk to lure investors, especially crypto newcomers driven by a fear of missing out on significant gains.

投资欺诈或养猪屠杀涉及对高回报的虚假承诺，诱使投资者风险低，尤其是由于担心会错过巨大收益而驱动的加密新人。

According to the IC3 report, these schemes rely on social engineering and building trust. Criminals use platforms like social media, dating apps, professional networks, or encrypted messaging to connect with their targets.

根据IC3报告，这些方案依靠社会工程和建筑信任。犯罪分子使用社交媒体，约会应用程序，专业网络或加密消息的平台来与目标联系。

In 2023, these investment scams resulted in losses of $3.96 billion for users, representing a 53% increase from the previous year. Other social engineering scams, like phishing and spoofing, further constituted $9.6 million in losses.

在2023年，这些投资骗局为用户造成了39.6亿美元的损失，比上一年增加了53％。其他社会工程骗局，例如网络钓鱼和欺骗，进一步构成了960万美元的损失。

These scams have affected Coinbase users extensively over the past few years.

在过去的几年中，这些骗局影响了Coinbase用户。

New Scam Tactics Targeting Crypto Users

针对加密用户的新骗局策略

Coinbase scammers tend to create fake emails that appear legitimate using cloned website images and false Case IDs. They then contact users through spoofed calls, leveraging private information to build trust before sending them these deceptive emails.

Coinbase Scammers倾向于使用克隆的网站图像和虚假案例ID创建假邮件，这些电子邮件似乎是合法的。然后，他们通过欺骗电话与用户联系，利用私人信息在发送这些欺骗性电子邮件之前建立信任。

Once scammers have convinced users of the interaction’s legitimacy, they exploit the situation to persuade them to transfer funds.

一旦骗子说服了用户互动的合法性，他们就会利用这种情况说服他们转移资金。

The increasing sophistication of these scams showcases both the emotional manipulation involved and the victims’ particular vulnerability. They highlight that centralized exchanges are often the primary platforms for these exploitations.

这些骗局的越来越复杂，展示了所涉及的情感操纵和受害者的特殊脆弱性。他们强调说，集中交流通常是这些开发的主要平台。

While discussing the scams on X, victims and users whose funds were frozen are urging Coinbase to take stronger action against this growing and costly issue. To understand how these scams take place is essential to effectively address them.

在讨论X上的骗局时，受害者和资金被冻结的用户敦促Coinbase对这个不断增长且昂贵的问题采取更强大的行动。要了解这些骗局是如何有效解决这些骗局至关重要的。

How Are Coinbase Users Made Victims?

Coinbase用户如何成为受害者？

In January, a victim contacted the investigator after losing $850,000. In that instance, the scammer contacted the victim from a spoofed phone number, using personal information likely obtained from private databases to gain their trust.

一月份，一名受害者损失了85万美元，与调查人员联系。在这种情况下，骗子使用私人数据库获得的个人信息从欺骗性的电话号码与受害者联系，以获得他们的信任。

The scammer convinced the victim that their account had suffered multiple unauthorized login attempts by sending them a spoofed email with a fake Case ID. The scammer then instructed the victim to safelist an address and transfer funds to another Coinbase wallet as part of a routine security procedure.

骗子说服受害者，他们的帐户通过向他们发送带有假案件ID的欺骗电子邮件，遭受了多次未经授权的登录尝试。然后，骗子指示受害者在日常安全程序的一部分中，将地址救助并将资金转移到另一个Coinbase钱包。

Last October, another Coinbase user lost $6.5 million after receiving a call from a spoofed number impersonating Coinbase support.

去年10月，另一位Coinbase用户在接到欺骗数字的Coinbase支持的电话后损失了650万美元。

The victim was coerced into using a phishing site. Eight months earlier, another victim lost $4 million after a scammer convinced them to reset their Coinbase login.

受害者被强迫使用网站钓鱼场。八个月前，另一名受害者在骗子说服他们重置共同登录后损失了400万美元。

While discussing this issue on X, ZachXBT raised concerns about Coinbase’s lack of reporting the theft addresses in common compliance resources and their perceived inadequate handling of the escalating social engineering issue.

在X上讨论此问题的同时，Zachxbt对Coinbase缺乏报告的盗窃地址及其对处理不断升级的社会工程问题的处理不足表示担忧。

In a conversation with BeInCrypto, Jeff Lunglhofer, Coinbase’s Chief Information Security Officer,

在与Coinbase首席信息安全官Jeff Lunglhofer Beincrypto的对话中