Coinbase must do more to stem the $300M its users lose to social engineering scams yearly

Signing up for a cryptocurrency exchange is an act of utmost trust. It’s believed that your chosen platform will provide you with the necessary safeguards and conveniences for accessing your funds. You wouldn’t want to wake up one morning and find that your account has been frozen or, worse, discover that you have become a victim of one of the most subtle crypto scams – social engineering.

Coinbase restrictions have been linked to the firm’s stringent risk models. And here’s the irony: while the platform has very tight controls on ‘suspicious’ activity, users lose over $300 million annually to social engineering scams, as pointed out by the renowned cybercrime sleuth ZachXBT.

Coinbase must balance fraud prevention with fair user access to funds

It’s incredulous that scammers can continue their con games unchecked while Coinbase’s risk models bar legitimate users from accessing their funds offhandedly. It flies in the face of the exchange’s claim, “We’re the most trusted place for people and businesses to buy, sell and manage crypto.”

This glaring inconsistency in Coinbase’s approach to user protection highlights the need to balance its fraud prevention mechanisms with fair user treatment. To that end, the exchange can borrow a leaf from its TradFi counterparts, whose strict adherence to consumer protection laws helps them curb internal mismanagement and external threats. 

It also must do more to ensure the integrity of its private databases, which unscrupulous actors use to launch attacks. It’s telling that scammers can clone the exchange’s website with eerily similarity and easily spoof phone numbers and email addresses to the detriment of its users. 

Transparency is vital in stemming social engineering attacks 

Coinbase also needs to adopt the highest levels of transparency in dealing with its users. Customers deserve clear explanations for why it would restrict their accounts and straightforward dispute resolution processes. Besides, it ought to invest more in user education programs targeting older people, who are the main victims of phishing attacks.

Again, the platform must come clean on the security incidents it has faced but remained mum on. It would help if it reported all the stolen addresses and froze them permanently, as, according to ZachXBT, they have poor operational security. So, Coinbase can easily shut them down while suing their owners.

Moreover, the exchange should retool its customer service to make it more responsive. From ZachXBT’s expose, Coinbase’s support team is unhelpful, especially for customers outside the US. That users outside American times can’t get help when needed is a stain on a firm serving a round-the-clock market where timely reactions to emerging threats are necessary. 

The widespread scams throughout the marketplace and the platform’s current strict risk assessment tool show that Coinbase has major flaws. They also show the importance of coordination between policymakers, companies, and users in creating a safer and more transparent platform. Any successful financial system relies on trust.

Paul Grewal, Coinbase’s Chief Legal Officer, recently announced that the exchange had submitted an amicus brief on Prime Trust’s ongoing bankruptcy case. Coinbase urges the court to uphold legal protections for customer assets held by custodians

Grewal posted the news of the filing on social media, noting that customer assets should not be absorbed into a custodian’s bankruptcy proceedings.