Coinbase has rebuilt its anti-fraud infrastructure by tightly coupling machine learning models with a low-latency rules engine, dramatically shortening the time needed to respond to new scam patterns as AI-enabled fraud surges across crypto.
The company now runs a dual-track defense: production ML models provide long-term, behavior-based protections while a high-speed rules layer gives rapid, surgical responses to emergent threats. New rules capture novel fraud types and feed sanitized examples back into the modeling pipeline, strengthening defenses over time.
To make that loop practical, Coinbase automated a previously manual rule-creation process. Engineers restructured data pipelines, automated schema evolution, and provided risk teams with notebook-driven analytical tooling that recommends candidate rules. Those recommendations are data-backed, operationally validated, and easier to iterate on than the old hand-coded workflow.
Backtesting performance has improved more than tenfold, allowing teams to trial and deploy protections far faster as scam behavior changes. Machine learning helps set rule parameters to reduce false positives while maintaining strong fraud detection—an essential trade-off for an exchange that handles billions in transaction volume and must avoid disrupting legitimate users.
The upgrade builds on Coinbase’s earlier work around scalable, blockchain-aware machine learning systems designed to manage product-level risk without degrading user experience. The latest investments add automated, event-driven rule generation and a potential “one-click” path to convert high-confidence rules into model features, moving the firm closer to a largely automated risk management cycle.
That speed matters because crypto fraud has become industrialized. Blockchain intelligence firm TRM Labs estimated about $35 billion in global crypto fraud in 2025 and warned that underreporting could make true losses substantially higher. In a separate 2026 crime report, TRM put illicit crypto flows at a record $158 billion for 2025 and noted that scam networks are increasingly professionalized and using AI to scale impersonation and outreach.
Coinbase’s CISO, Philip Martin Lunglhofer, has highlighted growing AI use cases for fraud detection; the firm already uses machine learning to monitor user activity and support-chat interactions for signs of scams or account takeovers. By combining faster backtesting, automated rule generation, and tighter model integration, the new system aims to shrink the window from detection to defense from days to hours—keeping pace with adversaries who are using AI to probe and exploit weaknesses more quickly.
The architecture emphasizes speed, auditability, and conservative automation: fast rules stop emergent attacks, models provide robust, low-friction coverage, and the feedback loop ensures both channels learn from each other. For Coinbase, that layered, data-driven approach is intended to limit fraud at scale while minimizing friction for legitimate customers as threats evolve.