A fraudulent Coinbase support, a well-rehearsed speech, and victims falling into a trap. According to an investigation published by ZachXBT, a scammer posing as a Coinbase support employee allegedly stole over $2 million in cryptocurrencies over the past year. A striking case of the persistent damage caused by social engineering in the crypto ecosystem.
A meticulous onchain and social tracking
In a series of posts on X, ZachXBT claims to have successfully identified the suspect by cross-referencing screenshots of Telegram chats, social media posts, and onchain transactions. The investigation points to a perpetrator based in Canada, accused of engaging in multiple scams by impersonating a Coinbase customer service agent.
The scheme relied on classic yet effective techniques. The fraudster would directly contact users, leading them to believe there was a security issue with their account. Once trust was established, they coerced them into disclosing sensitive information or carrying out transactions under the guise of urgent security measures.
ZachXBT also shared a leaked video showing the scammer on the phone with a victim, posing as a fake customer advisor. In a separate screen recording, the email address used and a Telegram account linked to a phone number were visible, aiding in the verification process.
An ostentatious display that betrayed the attacker
Despite repeated attempts to cover their tracks, including purchasing expensive Telegram usernames and regularly deleting accounts, the suspect reportedly made operational security mistakes. According to ZachXBT, the individual frequently boasted about their lifestyle on social media, posting selfies, stories, and images showcasing extravagant spending, VIP parties, and gambling sessions.
The stolen funds were largely squandered on high-end services, gambling, and purchasing rare pseudonyms on social platforms. This excessive exposure allowed the investigator to track their movements and even determine their personal address from publicly available data, purposely undisclosed information.
Social engineering, the Achilles’ heel of crypto
This case exemplifies a persistent reality. In 2025, social engineering remains one of the costliest attack vectors for cryptocurrency users. Unlike technical vulnerabilities, it exploits the human factor, often catching individuals off guard due to urgency or fear of losing funds.
Novice users are particularly vulnerable, but even experienced individuals can fall prey to well-executed and believable scenarios. Scammers rely on confusion and psychological pressure, often through highly sophisticated calls.
