在过去两个月中，Coinbase（Coin）用户损失了超过6500万美元的社会工程攻击

Crypto Sleuth Zachxbt在周一的X帖子中说。 Zachxbt说，实际损失的数字可能会更高，因为金额不包括未报告的案件。

Coinbase (COIN) users lost over $65 million to social engineering attacks in the past two months, with an estimated $300 million lost to such attacks annually, crypto sleuth ZachXBT said in an X post Monday.

Crypto Sleuth Zachxbt在周一的X帖子中说，在过去两个月中，Coinbase（Coin）用户在过去两个月内损失了超过6500万美元的社会工程攻击，估计每年损失了3亿美元的攻击损失的3亿美元。

The actual figure lost might be higher, because the amount doesn't include unreported cases, ZachXBT said.

Zachxbt说，实际损失的数字可能会更高，因为金额不包括未报告的案件。

Coinbase has not publicly commented on the matter. When asked for a comment, it highlighted a primer on identifying and avoiding social engineering scams posted to its blog on Monday.

Coinbase尚未公开对此事发表评论。当被要求发表评论时，它强调了识别和避免在周一发布到其博客上发布的社会工程骗局的入门。

Scammers utilize stolen personal data to deceive users by sending fake emails that mimic Coinbase's official communications, including false case IDs prompting users to transfer funds to scammer-controlled wallets, ZachXBT said.

Zachxbt说，骗子利用被盗的个人数据来欺骗用户，通过发送模仿Coinbase官方通信的虚假电子邮件，包括促使用户将资金转移到骗子控制的钱包的虚假案例ID。

“Scammers clone the Coinbase site nearly 1:1 and allow the scammers to send different prompts to the target via spoofed emails using panels,” he noted. “The two main groups conducting these scams are skids from the Com and threat actors located in India both primarily targeting US customers.”

他指出：“骗子克隆了Coinbase站点将近1：1，并允许骗子通过使用面板通过欺骗的电子邮件向目标发送不同的提示。” “进行这些骗局的两个主要小组是来自COM和位于印度的威胁行为者的滑行，这两者都主要针对美国客户。”

5/ They then sent a spoofed email which appeared to be from Coinbase with a fake Case ID further gaining trust. They instructed the victim to transfer funds to a Coinbase Wallet and whitelist an address while “support” verified their accounts security. pic.twitter.com/pOTQpnMfCz

5/然后他们发送了一封欺骗的电子邮件，该电子邮件似乎来自Coinbase，带有假案例ID进一步获得信任。他们指示受害者将资金转移到Coinbase Wallet，并在“支持”验证其帐户安全的同时，将资金转移到Coinbase Wallet上。 pic.twitter.com/potqpnmfcz

“A Coinbase employee told people on X to stop using VPNs to avoid being flagged as suspicious. Meanwhile, threat actors will explicitly block VPNs from phishing sites,” ZachXBT wrote in the now-viral post. “This shows Coinbase's failure to diagnose the actual problem.”

“一位共同的雇员告诉X上的人们停止使用VPN，以免被标记为可疑。同时，威胁性参与者将明确阻止VPN从网络钓鱼站点中阻止VPN。 “这表明Coinbase无法诊断实际问题。”

ZachXBT advised Coinbase to enhance security by making phone number inputs optional, creating a restricted account type for new users, and improving community education on scam prevention.

Zachxbt建议Coinbase通过使电话号码输入可选，为新用户创建受限制的帐户类型，并改善预防骗局的社区教育，从而提高安全性。

UPDATE (Feb. 4, 15:57 UTC): Adds Coinbase's blog post on the topic in third paragraph.

更新（2月4日，15:57 UTC）：在第三段中添加了有关该主题的Coinbase博客文章。