Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / coincentral /
Canadian Crypto Scammer Impersonates Coinbase Support, Swipes $2M+ in Digital Assets

Canadian Crypto Scammer Impersonates Coinbase Support, Swipes $2M+ in Digital Assets

Author:
coincentral
Published:
2025-12-30 13:46:09
7
2

Another day, another reminder that your crypto is only as secure as your common sense.

A sophisticated phishing operation—this time hailing from Canada—has successfully impersonated Coinbase support staff, siphoning over two million dollars from unsuspecting investors. The scam leverages a classic playbook: urgency, authority, and the trusted brand name of a major exchange.

The Anatomy of a Heist

Victims are typically contacted via email or social media by actors posing as Coinbase security personnel. The message warns of "suspicious activity" or a "compromised wallet"—creating immediate panic. A fake support link is provided, leading to a polished but fraudulent website designed to harvest login credentials and two-factor authentication codes. Once inside, the scammers drain wallets swiftly, often converting assets through privacy-focused protocols to obscure the trail.

Why This Keeps Happening

The scheme preys on a fundamental tension in decentralized finance: the promise of self-custody versus the peril of being your own security team. For every institutional-grade custody solution, there are countless individuals managing private keys without a net. The scammers' success highlights a gap not in blockchain technology, but in human-facing security protocols and education. It's the digital equivalent of a bank teller asking for your PIN—shouldn't happen, but sometimes does.

The Ironic Safety Net

Here's the cynical finance jab: In traditional banking, losing your life savings to a phone scam might earn you a sympathetic headline and a regulatory investigation. In crypto, it earns you a transaction hash and a brutal lesson in immutable accountability. The very feature that makes the asset class revolutionary—finality—is what makes it so merciless when things go wrong.

The takeaway isn't that crypto is inherently unsafe. It's that a $2 million dollar market attracts $2 million dollar predators. Vigilance isn't just a best practice; it's the entry fee. Verify, don't trust. And remember: no legitimate support agent will ever ask for your seed phrase—not even if they claim to be calling from the "Canadian branch."

TLDR

  • A Canadian scammer posing as Coinbase support stole over $2 million from users through phishing and social-engineering schemes.
  • ZachXBT traced the scammer’s activities using on-chain data and social media evidence, identifying him as “Haby” or “Harvard.”
  • The scammer’s boasting post exposed a destination address, leading to the discovery of multiple thefts and linking them to a larger pattern.
  • Social media clues, including wallet balances and lifestyle posts, helped pinpoint the scammer’s real-world location in Abbotsford, Canada.
  • On-chain analysis showed stolen funds were converted into Bitcoin and spread across various addresses, sometimes used on gambling sites.

A Canadian scammer posing as Coinbase support has allegedly stolen over $2 million from unsuspecting users. The scammer, operating under the alias “Haby” or “Harvard,” based his operations in Abbotsford, NEAR Vancouver. Through a series of phishing and social-engineering schemes, he gained control of victim accounts by impersonating official Coinbase support.

ZachXBT Traces Scam Activities and Identifies the Thief

ZachXBT, a well-known on-chain investigator, uncovered the scammer’s identity through detailed tracking. In a recent report, ZachXBT revealed that the thief operated under the name “Haby,” targeting Coinbase users through various deceptive means. The scammer’s activities were traced back to a post on December 30, 2024, where he boasted about stealing $44,000 worth of XRP from a victim.

🚨REPORT: A Canadian scammer posing as Coinbase support allegedly stole $2M from exchange users via social engineering, per blockchain sleuth @ZachXBT. The suspect was identified through Telegram chats, social media posts, and wallet tracking before being caught flaunting the…

— Max Avery (@realMaxAvery) December 30, 2025

Through on-chain tracing and analysis of public posts, ZachXBT connected the stolen funds to multiple incidents. He linked Haby’s XRP wallet to several Coinbase account compromises. The total value of confirmed thefts surpassed $2 million as additional incidents were uncovered. According to ZachXBT, “The extensive evidence in this case makes it an unusually easy win for law enforcement.”

Scammer’s Social Media Footprint and On-Chain Evidence

The scammer left a trail of evidence across his social media accounts, including Telegram and Instagram. Screenshots of Exodus wallet balances, rare username purchases, and lifestyle spending helped investigators LINK the scam to specific Coinbase account breaches. These social media posts were pivotal in narrowing down the scammer’s real-world location in Abbotsford, British Columbia.

On-chain data showed how the stolen XRP was often exchanged for Bitcoin using instant-exchange services. From there, the funds were split across multiple addresses and sometimes used on gambling sites. Timing analysis revealed a key Bitcoin address that connected several theft clusters. This connection revealed a broader pattern of systematic abuse, which included precise targeting of Coinbase users.

Coinbase Faces Increasing Threats from Impersonation Scams

Coinbase users have faced heightened risks due to an uptick in impersonation scams. The scammer behind the $2 million theft is just one example of the growing trend. In 2025, an insider data breach compromised sensitive customer data, fueling highly effective phishing schemes. The breach exposed names, emails, phone numbers, and other personal details of around 70,000 high-value clients.

Despite a public threat to the attackers, Coinbase took action by setting up a $20 million bounty and refunding affected victims. In December 2025, law enforcement efforts culminated in the arrest of Ronald Spektor, who stole $16 million from 100 Coinbase users. Spektor used stolen customer data to impersonate Coinbase support and orchestrate fund transfers to his own wallet.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.