The Coinbase Customer Support Scam: Breaking Down Crypto’s Growing Multibillion-Dollar Push Payment Fraud Problem

In May 2025, Coinbase revealed a major security incident involving an insider-assisted scam where cybercriminals bribed a handful of overseas customer-support agents to provide sensitive user data. 

The stolen data was then used to launch targeted social-engineering attacks that could cost the company $180 million to $400 million and triggered lawsuits from at least one user to date.

Following the announcement, Coinbase’s Chief Security Officer noted that these types of scams “are a huge problem in the industry, and it’s only getting worse.”

The rapid rise of push payment scams in crypto

This Coinbase saga is one high-profile example of a much broader epidemic of authorized fraud scams plaguing the crypto world. Over the past two years, such scams—often combining romance fraud, investment schemes, and crypto phishing—have exploded in frequency and scale. 

The FBI’s Internet Crime Center reported a massive uptick in crypto investment fraud in 2024, with social engineering scams causing $5.8 billion in losses—a 66 % increase over 2023.

This dwarfs losses from traditional hacks. In fact, push payment fraud has become the single biggest threat to retail crypto users, eclipsing even exchange hacks in total funds stolen. By early 2025, analysts noted these schemes are “by far the biggest threat” to crypto investors, often costing victims their life savings.

Entire criminal enterprises and darknet “service marketplaces” have sprung up to fuel scam operations. In May 2025, investigators exposed and shut down Haowang (Huione) Guarantee, a massive Chinese-language darknet marketplace on Telegram that catered to pig-butchering gangs. 

This is what exchanges are up against. Industrialized crime, often run from scam “compounds” that also involve human-trafficking victims forced to defraud others.

Implications for exchanges

Centralized exchanges and wallets are often unwittingly involved at the on-ramps and off-ramps. Scammers instruct victims to buy crypto on reputable exchanges and then transfer it to scam wallets or platforms.

Scammers also leverage traditional infrastructure: they convince victims to wire money to crypto ATMs or OTC brokers that convert cash to crypto, attempting to bypass exchange controls. But eventually, illicit funds flow through exchanges—either on the way in or when scammers cash out. 

For exchanges, this can lead to:

Lawsuits

Shortly before Coinbase’s announcement, a Coinbase user filed a class-action lawsuit alleging the company fails to protect users from pig-butchering scams. The plaintiff argued that Coinbase should do more to detect and stop fraudulent transfers and comply with anti-fraud obligations under the Bank Secrecy Act. 

Reputational damage

Coinbase’s promise of reimbursement was met with overall positive responses but one victim commented that no refund can erase the “emotional damage of being conned by someone who pretended to help.”

Broken bank relationships

When scam payouts spike, banking partners see higher fraud‑to‑volume ratios and suspicious‑activity reports. Risk committees respond by throttling deposit limits, hiking fees, or off‑boarding the exchange entirely—shrinking fiat rails when liquidity matters most.

Why push payment scams are hard to detect

Push‑payment fraud turns victims into unwitting accomplices. Because they authorize each transfer, traditional fraud screens read the withdrawal as legitimate. Worse, every scam fragments its onchain trail, masking the link between victims.

• Victims land on polished investment‑scam websites that slip past simple URL blocklists
• Scammers direct them to move crypto straight into newly minted or constantly rotated addresses
• Each address stands alone—no exchange deposit history, no reputational tags, no clustering signal
• From the exchange’s POV, the victims appear to be unrelated retail traders, so rule‑based and volume‑anomaly models fail to flag the pattern in time

Preventing and detecting push payment scams with Blockaid

Exchanges, wallets, and financial platforms must go beyond reactive security to detect the red flags in real time. 

Blockaid’s crypto fraud-prevention solution does exactly that—combining onchain and offchain monitoring, user-behavior analytics, and shared intelligence to stop scams at the weakest point—withdraw. 

Onchain signals

Blockaid continuously monitors blockchain transactions and maintains an up-to-date database of known scam addresses and patterns. In a push payment fraud scenario, as soon as a few victims transfer funds to the scammers’ wallets, Blockaid’s system would flag those recipient addresses (using heuristics and reports from our network).

For example, when multiple exchange users suddenly send large amounts to the same new wallet, it’s a strong indicator of a coordinated scam. Blockaid’s policies engine can halt or alert on transfers to high-risk addresses in real time, potentially freezing a victim’s outgoing withdrawal before the money is gone.

By tagging the attackers’ addresses early, exchanges can prevent additional customers from sending money to those wallets. Blockaid automates and accelerates this kind of detection across all users on the platform.

Offchain signals

Social engineering schemes almost always involve fake websites or apps–whether it’s a bogus crypto exchange, a cloned wallet interface, or a fraudulent “customer support” portal. 

Blockaid’s security stack includes scanning and analyzing the entire internet for threats. We leverage a combination of static analysis (examining URLs, domains, and site code for red flags) and dynamic analysis (interacting with the site in a sandbox to see its behavior). 

For instance, if scammers create a fake Coinbase-branded site to harvest login codes or an imitation trading platform like “mecxtrade.com” (as one Reddit user encountered), Blockaid’s LLM-based web crawling agents  and machine learning models will detect anomalies: the domain age, hosting info, malicious scripts, or known phishing kit signatures. This allows us to identify scam websites early and add them to blocklists. 

In practice, if an exchange user tries to navigate to the scam’s URL (perhaps sent by SMS), Blockaid could either warn them (“This site is fraudulent!”) or, if integrated into a browser wallet, outright prevent the connection. 

Fraud detection network

Blockaid’s solution isn’t isolated to one client–it acts as a fraud intel network spanning many exchanges, wallets, and fintech platforms. This network effect is powerful against push payment fraud, which itself operates via sprawling criminal networks. 

For example, if Blockaid detects a new scam tactic or address at one exchange, it instantly updates the risk models and indicators for all other partners in our network. In the context of the Coinbase incident, once the attackers moved on to target another exchange’s users, that platform would already be on alert thanks to intelligence shared via Blockaid. 

Blockaid’s policies engine then allows each platform to customize automated responses to those shared alerts–whether it’s automatically blocking a transaction, sending an alert to their fraud team, or challenging the user with additional security prompts.

Threat intelligence

A key aspect in fighting these scams is providing context to both security teams and end-users so they can make informed decisions. Blockaid doesn’t just flag something as “suspect,” it explains why. 

For security analysts, our dashboard provides the ability to dig into incidents to see the entire attack chain, including malicious addresses and their recorded illicit activity. This rich context (addresses, patterns, prior incidents) enables rapid, confident decision making.

For end-users, Blockaid can help you inject contextualized educational content. For example, if a user’s activity triggers a push payment fraud risk rule, you could show a pop-up or email: 

This kind of tailored warning, backed by real examples or data, can jolt a user into realizing, “Oh, this is just like those scams I’ve heard about.” 

Conclusion

Push payment scams are growing in scale and sophistication. With advanced, proactive solutions like Blockaid’s, crypto platforms can detect these schemes early, engage potential victims, and block fraudulent transfers, shifting from reactive cleanup to true prevention.