ZachXBT Uncovers $2M Coinbase Support Impersonation Scam Linked to Canadian Suspect

Highlights:

• Coinbase support impersonation scam drained over $2M from unsuspecting users.
• ZachXBT linked wallets chats and social posts to expose a year-long fraud tied to a single Canadian operator.
• Impersonation scams keep rising as attackers use urgency and human error instead of technical exploits.

ZachXBT, a blockchain researcher, has tracked a one-year-long scam focused on Coinbase users. The scammer pretended to be a Coinbase customer service representative and stole over two million dollars in crypto. The plan was based on plain lying rather than technical adventures. Public online activity and on-chain data contributed to the operation being exposed.

ZachXBT said he uncovered the Coinbase-related scam by linking wallet chat screenshots and social posts. He matched Telegram conversations with transaction timing on public blockchains. Moreover, repeated transfers followed direct contact with Coinbase users.

The investigator identified the suspect as a Canadian individual he called “Haby” or “Havard.” He said the suspect repeatedly bought expensive Telegram usernames. The suspect then deleted older accounts to reduce traceability. Nevertheless, the uniformity of wallet conduct produced new connections among identities.

Social media posts were also a factor. ZachXBT noted common instances of lavish spending with stolen crypto. These posts were consistent with wallet outflows of Coinbase user losses. Consequently, public behavior weakened efforts to remain hidden. The investigator noted repeated operational security failures.

ZachXBT also reviewed a leaked call tied to the scheme. The footage depicted a fake Coinbase support conversation with one of the victims. The impersonator provided a Telegram handle and an email address during the call. The details assisted in connecting multiple accounts. The next action was the movement of wallets after the call.

Open-source data narrowed the suspect location to Abbotsford, British Columbia. ZachXBT did not provide specific details because of platform regulations. Nonetheless, the activity left a track that could be tracked down. Cleanup attempts failed to erase that footprint.

Coinbase Support Impersonation Scam Relied on Social Engineering Tactics

The fraud depended on social engineering rather than malware or smart contract vulnerabilities. The attacker directly contacted Coinbase users and posed as an employee of the exchange. He framed discussions on pressing account issues. This pressure pushed victims to act quickly.

Coinbase attracts these attacks due to its size and visibility. The exchange has millions of retail users globally. The resulting reach provides ample opportunities for impersonation. Moreover, many users expect proactive contact during account alerts. ZachXBT has flagged similar Coinbase-focused scams before. Earlier findings linked social engineering attacks to at least $65 million in losses. Those losses occurred within a short time window. The cases followed the same contact-first pattern.

In June, ZachXBT exposed another scammer using the alias “Daytwo.” That case involved more than $4 million stolen from Coinbase users. One victim lost about $240,000. The money was spent swiftly following theft, restricting chances of recovery. Gambling platforms are frequently used by attackers to launder stolen crypto. They also use methods that slow tracing efforts. These actions reduce the chance of intervention.

Ongoing Impersonation Attacks Keep Exchange Users at Risk

Coinbase users are constantly exposed to impersonation scams. Assailants take advantage of the sense of urgency and trust in personal interaction. Hence, calls that purport to be Coinbase support are to be regarded as suspicious.

Authentic Coinbase customer service does not demand seed phrases or logins. They also never move conversations to Telegram or WhatsApp. Users should contact support only through the official app or website. These habits reduce exposure to manipulation. According to industry data, the risk is not confined to a single exchange. Hacken noted Web3 lost approximately $3.95 billion this year. Access control failures and unsound operational practices were the main causes of most losses.