Blockchain investigator ZachXBT warned investors on Telegram about the critical checks necessary to avoid falling prey to fraudulent projects. At the same time, Coinbase users reportedly lost over $46 million to phishing scams. In this article, we’ll explore ZachXBT’s two crucial checks, review real-world phishing incidents, and offer practical security tips to help you stay one step ahead of scammers.

Suspected 400 BTC phishing theft victim. Source: Blockchair
Suspected 400 BTC phishing theft victim. Source: Blockchair

ZachXBT’s Two Critical Checks - A Warning from the Frontlines

ZachXBT, a well-known figure in blockchain investigation, recently shared two “minimum checks” designed to help investors steer clear of crypto scams. His first piece of advice focuses on newly launched DeFi protocols on forked EVM chains. Many of these protocols are clones of proven models, created by forking established code bases. While this method requires minimal technical know-how, it also introduces significant security risks. A notorious case in point is the DeFi protocol SIR.trading, which suffered a hack resulting in approximately $350,000 in losses, despite being marketed as a “new protocol for safer leveraged trading.”

Another high-profile incident involved Abracadabra, the DeFi lending platform, where an exploit involving collateralized tokens led to a staggering $13 million loss.

The second check revolves around scrutinizing project credibility on platforms like Kaito, an AI-powered tool that analyzes genuine community engagement. According to ZachXBT, investors should be wary of projects with few “smart” followers. As Investor Xero put it, “Kaito has become an amazing security and reputation tool that I value over others. If a 40k+ follower project isn’t connecting with real smart followers, it’s not legit.” ZachXBT bluntly warns, “If you make either of these decisions, it is your own personal choice to risk funds, and I will NOT help you.” This no-nonsense advice highlights that protecting your investment starts with the basics: thorough research and verifying real community support.

Real-World Lessons from the Coinbase Phishing Scams

The importance of due diligence is underscored by recent phishing scams targeting Coinbase users. Over the past two weeks, scammers have allegedly swiped more than $46 million through tactics like address poisoning and wallet spoofing. A screenshot from blockchain explorer Blockchair revealed a suspected theft of around 400 BTC—roughly $34.9 million in a single incident. These scams work by tricking users into sending their assets to fraudulent wallet addresses, cleverly designed to resemble those of legitimate platforms.

Jaclyn Sales, Director of Communications at Coinbase, stressed the importance of caution: “Coinbase will never call you or ask for your login credentials, API key or two-factor authentication codes. If someone contacts you claiming to be from Coinbase and requests this information or asks you to transfer assets, do not do it.” Such guidance is imperative as scammers continually hone their tactics to impersonate major brands and fool even seasoned investors.

US brands are often impersonated by scammers. Source: Mailsuite
US brands are often impersonated by scammers. Source: Mailsuite

Emerging Scam Tactics and Additional Red Flags

Beyond phishing scams, the crypto industry has seen a variety of other fraud tactics. Scammers now exploit features like automated browser downloads to sneak in malicious software.

Some schemes involve sending minuscule transactions—often as little as 0.001 tokens—from wallet addresses that mimic legitimate ones. The goal is simple: to deceive users into copying fraudulent addresses when transferring funds.

According to a Chainalysis report, from 2021 to 2024, decentralized finance (DeFi) platforms have been the primary targets of crypto hacks.

Amount of Funds Stolen by Victim Platform Type. Source: Chainalysis
Amount of Funds Stolen by Victim Platform Type. Source: Chainalysis

Moreover, Microsoft recently flagged StilachiRAT, a new remote access trojan geared toward stealing cryptocurrency wallets and login credentials. And let’s not forget pig butchering scams, which in 2024 cost the industry over $5.5 billion across 200,000 reported cases on the Ethereum network. For anyone venturing into DeFi, these red flags underscore the vast risks posed by rapid development that often neglects essential security measures.

 Source: ZachXBT
Source: ZachXBT

Practical Tips to Stay Protected

So, how can you fortify yourself against these threats? Here are some practical tips:

• Always verify project credibility using tools like Kaito; if a project’s community seems inflated with fake followers, steer clear.
• Avoid depositing funds into newly launched or forked DeFi protocols until a thorough audit proves their security.
• Enable two-factor authentication (2FA) and use a dedicated email account for your crypto transactions.
• Regularly update your wallet software and maintain an address allowlist to ensure you’re not redirected to fraudulent addresses.
• Be cautious with unsolicited communications asking for your personal credentials or urging you to transfer assets.

FAQs

What is address poisoning in crypto scams?
- Address poisoning refers to scams where fraudsters subtly alter wallet addresses so that users accidentally send funds to the wrong account.

How can tools like Kaito help assess project credibility?
- Kaito uses AI to evaluate both the number and quality of followers, helping to discern genuine community interest from fake engagement.

What should I do if I suspect a phishing scam?
- Immediately report the incident to your crypto exchange and update all security settings on your wallet accounts. Avoid clicking on links from unverified sources.

Concluding Thoughts

Investors can reduce their risk of falling victim to scams while following ZachXBT’s critical checks and adhering to robust security measures. Meanwhile, incidents like the recent $46 million phishing scam on Coinbase serve as a stark reminder of the importance of due diligence. Stay informed, stay secure, and always verify before you trust.

How to Keep Your Crypto Safe: 8 Tips to Stay Protected | HODL FM
Keep your crypto secure with these 8 tips! Learn the best practices for protecting your cryptocurrency from potential hacks & data breaches.
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice of this sort, HODL FM strongly recommends contacting a qualified industry professional.