Canadian Scammer Poses as Coinbase Support, Steals Over $2M in Crypto

TLDR

• A Canadian scammer posing as Coinbase support stole over $2 million from users through phishing and social-engineering schemes.
• ZachXBT traced the scammer’s activities using on-chain data and social media evidence, identifying him as “Haby” or “Harvard.”
• The scammer’s boasting post exposed a destination address, leading to the discovery of multiple thefts and linking them to a larger pattern.
• Social media clues, including wallet balances and lifestyle posts, helped pinpoint the scammer’s real-world location in Abbotsford, Canada.
• On-chain analysis showed stolen funds were converted into Bitcoin and spread across various addresses, sometimes used on gambling sites.

A Canadian scammer posing as Coinbase support has allegedly stolen over $2 million from unsuspecting users. The scammer, operating under the alias “Haby” or “Harvard,” based his operations in Abbotsford, near Vancouver. Through a series of phishing and social-engineering schemes, he gained control of victim accounts by impersonating official Coinbase support.

ZachXBT Traces Scam Activities and Identifies the Thief

ZachXBT, a well-known on-chain investigator, uncovered the scammer’s identity through detailed tracking. In a recent report, ZachXBT revealed that the thief operated under the name “Haby,” targeting Coinbase users through various deceptive means. The scammer’s activities were traced back to a post on December 30, 2024, where he boasted about stealing $44,000 worth of XRP from a victim.

Through on-chain tracing and analysis of public posts, ZachXBT connected the stolen funds to multiple incidents. He linked Haby’s XRP wallet to several Coinbase account compromises. The total value of confirmed thefts surpassed $2 million as additional incidents were uncovered. According to ZachXBT, “The extensive evidence in this case makes it an unusually easy win for law enforcement.”

Scammer’s Social Media Footprint and On-Chain Evidence

The scammer left a trail of evidence across his social media accounts, including Telegram and Instagram. Screenshots of Exodus wallet balances, rare username purchases, and lifestyle spending helped investigators link the scam to specific Coinbase account breaches. These social media posts were pivotal in narrowing down the scammer’s real-world location in Abbotsford, British Columbia.

On-chain data showed how the stolen XRP was often exchanged for Bitcoin using instant-exchange services. From there, the funds were split across multiple addresses and sometimes used on gambling sites. Timing analysis revealed a key Bitcoin address that connected several theft clusters. This connection revealed a broader pattern of systematic abuse, which included precise targeting of Coinbase users.

Coinbase Faces Increasing Threats from Impersonation Scams

Coinbase users have faced heightened risks due to an uptick in impersonation scams. The scammer behind the $2 million theft is just one example of the growing trend. In 2025, an insider data breach compromised sensitive customer data, fueling highly effective phishing schemes. The breach exposed names, emails, phone numbers, and other personal details of around 70,000 high-value clients.

Despite a public threat to the attackers, Coinbase took action by setting up a $20 million bounty and refunding affected victims. In December 2025, law enforcement efforts culminated in the arrest of Ronald Spektor, who stole $16 million from 100 Coinbase users. Spektor used stolen customer data to impersonate Coinbase support and orchestrate fund transfers to his own wallet.

The post Canadian Scammer Poses as Coinbase Support, Steals Over $2M in Crypto appeared first on CoinCentral.