Most victims don't know code and even if you know code you won't go and inspect it in your phone. That's why users rely on Coinbase Wallet, the app that they are using to inform them of what the app is doing.

In this case, Coinbase Wallet was not informing users that it was executing a transaction that grants unlimited access to victims' USDT where scammers can take their funds at anytime. Relying on Coinbase's UI, victims never authorized any outgoing transaction, they were only confirming a payment to purchase a voucher that costs as much as the network fee displaying in that Confirmation Payment dialog at that time.

Thus, that is the vulnerability in Coinbase Wallet where scammers exploited.

I am not sure if you understood what you read, but the only app they installed was Coinbase Wallet. They did not install any other app. The only action they did was exploring dapps as encouraged by Coinbase saying that their wallet is for exploring a whole world of dapps. They were always keeping their seed phrase safe. Coinbase was saying that they can only lose their funds if they leaked that seed phrase which was never the case.

The issue is victims didn't know that they were doing such action due to the poor UI of Coinbase Wallet. They believe that it is an actual security hole of Coinbase Wallet. Please read the following blog posts and let me know your opinion on whether there was any security hole and how Coinbase react to their reports:

• https://coinbase-wallet-not-secure.blogspot.com/2021/11/coinbase-wallet-scam-vulnerability.html
• https://coinbase-wallet-not-secure.blogspot.com/2022/01/inside-scammers-dapp.html
• https://coinbase-wallet-not-secure.blogspot.com/2021/12/my-experience-contacting-coinbase.html
• https://coinbase-wallet-not-secure.blogspot.com/2021/12/reporting-dapp-phishing-to-coinbase.html

You will likely be a victim too if you believe the scammer needs to get your seed phrase to take your money. The seed phrase was never given out. In fact, the victim in this post believed in that and that's how he got scammed:

• https://coinbase-wallet-not-secure.blogspot.com/2021/11/coinbase-wallet-scam-vulnerability.html

If you want to learn more how that's possible, read this post:

• https://coinbase-wallet-not-secure.blogspot.com/2022/01/inside-scammers-dapp.html

You can read the post below to see how that victim was contacting Coinbase support, not on social media:

• https://coinbase-wallet-not-secure.blogspot.com/2021/12/my-experience-contacting-coinbase.html
• https://coinbase-wallet-not-secure.blogspot.com/2021/12/reporting-dapp-phishing-to-coinbase.html