Onchain sleuth and security analyst ZackXBT claims to have identified an additional $45 million in funds stolen from Coinbase users through social engineering scams in the past seven days alone.

According to the onchain detective, the $45 million figure represents the latest financial losses in a string of social engineering scams targeting Coinbase users, which ZackXBT said is a problem unique among crypto exchanges:

“Over the past few months, I have reported on nine figures stolen from Coinbase users via similar social engineering scams. Interestingly, no other major exchange has the same problem.”

Cointelegraph reached out to Coinbase but was unable to get a response by the time of publication.

Source: ZachXBT

The claims made by ZackXBT place the total amount lost by Coinbase users to social engineering scams at $330 million annually and reflect the growing number of sophisticated attack strategies employed by threat actors to defraud crypto holders.

Related: $330M Bitcoin social engineering theft victim is elderly US citizen

FBI issues warnings on social engineering scams targeting crypto users

In July 2024, reports emerged that several Coinbase users were targeted by scammers posing as the exchange’s support staff. The scammers managed to drain $1.7 million from one user.

The United States Federal Bureau of Investigation (FBI) issued a warning in August 2024, sounding the alarm on scammers posing as crypto exchanges in an attempt to steal user funds and sensitive user data.

The FBI expanded this warning in September 2024, highlighting the use of fake employment offers from scammers targeting crypto users.

According to the FBI, North Korean state-affiliated hacking groups would direct victims to download malicious software by disguising the software packages as employment tests, job applications, and information on investment opportunities.

More recently, in March 2025, crypto users reported an uptick in scam emails imitating legitimate communication from crypto exchanges, directing users to withdraw their funds to external wallets.

The growing variety and sophistication of social engineering scams prompted Coinbase chief security officer Phillip Martin to call for streamlining the scam reporting process by having a single, unified framework or repository for identifying and combating scams.

Magazine: Real AI use cases in crypto, No. 3: Smart contract audits & cybersecurity

Key takeaways:

Reclaiming the $2,200 level remains the first price challenge for ETH. 

ETH price could recover if the Pectra upgrade leads to a surge in DApp and Ethereum network activity. 

Ethereum successfully implemented a key network upgrade on May 7, but Ether (ETH) price and its derivatives metrics showed little response to the upgrade. The lackluster response surprised traders and led analysts to question whether ETH still has a real chance of climbing 22% to retake the $2,200 level.

Ether 30-day futures annualized premium. Source: Laevitas.ch

The ETH futures premium has remained below the 5% neutral threshold, indicating a lack of appetite from leveraged bulls. More significantly, this indicator was unchanged at 3% after the Pectra upgrade, suggesting traders did not adjust their positions despite the upgrade’s successful deployment. 

The subdued response can be partly explained by investors’ focus on macroeconomic issues, as recession risks arise amid uncertainty in global trade disputes. But traders’ lack of interest in Ether predates the recent worsening of risk aversion conditions. In fact, ETH underperformed the broader cryptocurrency market capitalization by 28% in the first three months of 2025. 

The lackluster price impact following the Pectra upgrade reflects broader dissatisfaction, as competing blockchains have gained traction.

Solana monthly active addresses vs. layer-1 competitors. Source: Token Terminal

Historically, high Ethereum base layer fees may have limited network activity, but these costs have dropped below $1 since mid-February. Additionally, Ethereum’s leading layer-2 solution, Base, currently boasts 10.3 million monthly active users-far fewer than Solana’s 82.2 million and BNB Chain’s 25.9 million, according to Token Terminal data.

Ethereum lags in DApp interoperability — Will it hurt ETH price? 

Solana has dominated the decentralized exchange sector, particularly in token launches, by offering an integrated user experience. Similarly, Hyperliquid has exceeded expectations in perpetual futures trading, demonstrating that traders’ primary focus is not necessarily on Ethereum’s decentralization and security. Meanwhile, Tron has made significant inroads in the stablecoin market.

Blockchains and DApps 30-day fees, USD. Source: DefiLlama

Ethereum’s leadership in total value locked (TVL) remains undisputed at $53.7 billion. However, this has provided little benefit to ETH holders, as network fees have been relatively low at $19 million over the past 30 days, according to DefiLlama. For comparison, Tron has amassed $51.8 million in fees in the same period, while Solana has accrued $39.4 million.

Source: X/ProbablyNoam

Noam Hurwitz, head of engineering at Alchemy, noted that Ethereum blob fees have dropped to their lowest possible level since the Pectra upgrade. For Hurwitz, Ether’s success depends on base layer scalability, including further improvements in the rollup mechanism, and ultimately, a more seamless user experience.

Related: Standard Chartered predicts BNB will more than double in 2025

Bridging assets and data across Ethereum’s layer-2 ecosystem has long been a challenge, while users on Solana and BNB Chain can easily switch between multiple decentralized applications (DApps). The Pectra upgrade, while a step in the right direction, does not resolve this issue, which explains why ETH has been unable to reclaim the $2,200 level seen in early March.

For Ether’s price to climb 22% from its current $1,810 level, investors likely need reassurance that the network’s progress, whether through deposits or layer-2 growth, translates into clear benefits. Ultimately, improved staking yields or stronger incentives are needed to drive broader adoption of DApps, which in turn would generate increased demand for ETH within the ecosystem.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Threat group COLDRIVER is using new malware to steal documents from Western targets, according to a May 7 report from Google Threat Intelligence. The malware, called LOSTKEYS, shows the evolution of the group from credential phishing to more sophisticated attacks.

According to the Google report, the new malware is installed through four steps. The process involves a “lure website” with a fake CAPTCHA, a PowerShell script downloaded to the user’s clipboard, some device evasion, and retrieval of the final payload. Lastly, the malware is installed.

LOSTKEYS payload delivery. Source: Google

LOSTKEYS is capable of stealing files from extensions and directories. It can also send system information and running processes back to COLDRIVER. The address from which the parts of the attack come is “165.227.148[.]68” according to Google.

The company says it has already taken steps to mitigate any damage the LOSTKEYS malware will cause, including adding the malicious websites to the company’s “Safe Browsing” feature.

According to Google, COLDRIVER is a Russian-backed threat group that typically engages in phishing attempts at high-profile Western targets, such as former diplomats, and journalists. In January 2024, it started an attack with a malware called “Spica,” which can execute arbitrary shell commands and download or upload software.

Related: Crypto drainers now sold as easy-to-use malware at IT industry fairs

Crypto hack losses hit all-time high in 2025

Crypto hacks have surged in 2025, with total losses reaching $2 billion in the first quarter alone — exceeding all losses recorded in 2024.

According to a report by crypto cybersecurity firm Hacken, operational flaws and weak access controls remain key vulnerabilities — even among major centralized and decentralized players. Attackers are also increasingly using social engineering tactics to gain victims’ trust.

Contributing to last quarter’s losses was the $1.5 billion hack of cryptocurrency exchange Bybit. The February attack was reportedly orchestrated by the Lazarus Group.

Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis