Key Highlights
- ZachXBT alleges a scammer impersonating Coinbase support stole over $2 million using social engineering tactics.
- The suspect reportedly exploited user trust through fake calls and messages while leaving on-chain and social media traces.
- The case highlights rising Coinbase impersonation scams and the growing role of blockchain forensics in tracking crypto fraud.
An alleged scammer impersonating Coinbase customer support has reportedly stolen more than $2 million in cryptocurrency from unsuspecting users, according to blockchain investigator ZachXBT.
The case highlights the growing threat of social engineering scams in the crypto industry, where attackers exploit trust rather than technical vulnerabilities.
In a post shared on X earlier this week, ZachXBT said he identified a “Canadian threat actor” who allegedly carried out support impersonation scams over the past year.
The fraudster allegedly called Coinbase users claiming to be a help desk worker and persuaded victims that their accounts were compromised.
Users targeted through fake support calls
According to ZachXBT, the attacker used social engineering tactics, including phone calls and fake support conversations, to trick users into revealing sensitive information or approving unauthorized transactions.
A leaked screen recording shared by the investigator shows the scammer speaking directly with a victim while offering fraudulent assistance. ZachXBT claimed that the money stolen in these frauds was over $2 million and used to gamble, lavish night services, and rare usernames on social media.
While the investigator said he traced the suspect’s identity and location using public data, he did not disclose personal details due to platform policies.
How the scam worked
Social engineering frauds are based on deceit and not hacks. The attacker in this case is accused of spoofed phone numbers, emails, and messaging applications to look legitimate.
The victims thought they were talking to official Coinbase employees and took the advice that led to the loss of assets. ZachXBT noted that the alleged scammer repeatedly deleted accounts and purchased expensive Telegram usernames to cover tracks.
Nevertheless, it was said that it was possible to trace the money by public posts and wallet activity. The case highlights the importance of the fact that even seasoned users may become victims when the scams are carried out in a convincing manner.
Similar crypto scams and law enforcement action
This case follows several high-profile crypto fraud incidents in recent months. Earlier this year, a user lost $50 million in USDT when he copied a poisoned wallet address into transaction history, as reported by Lookonchain.
In another major development, U.S. authorities arrested a New York-based suspect in December following an investigation into a multimillion-dollar Coinbase impersonation scam, also linked to ZachXBT’s on-chain analysis.
The event is a reminder that impersonation of customer support is one of the most efficient scamming techniques in the crypto world.
Why this matters for crypto users
The incident serves as a reminder that customer support impersonation remains one of the most effective scam methods in crypto. The exchanges have already issued several warnings to users that support personnel will never request seed phrases, passwords, or transfer funds to personal wallets.
With the increased use of crypto, new users are at greater risk because they do not have much knowledge about the typical tricks of scammers. Such cases also highlight the urgent need to educate users, improve security practices, and authenticated communication channels.
Although blockchain tools simplify the process of tracking fraud, prevention is the best defense. Social engineering is still taking advantage of human trust and it is important to be watchful in an industry where the transactions are irreversible.
Also Read: Chinese Crypto Scammers Build $27B Darknet Market Via Telegram