Coinbase Users Hit by $2M Loss in Fake Customer Support Scam

A scammer posing as Coinbase support stole $2M by tricking users into approving transfers, highlighting social engineering risks.

Areeba Rashid
December 30, 2025
6:34 pm

Areeba Rashid

Areeba Rashid is a dedicated crypto news writer with a passion for making complex topics accessible to everyone. She covers the latest developments in the crypto world, including in-depth price analysis, helping readers stay informed and make sense of market trends.

The scammer impersonated Coinbase support and stole over $2M by exploiting user trust through social engineering.
Fraud involved fake support calls and urgency tactics, not any breach of Coinbase systems or infrastructure.
On-chain analysis tracked stolen funds despite account deletions and efforts to hide transaction activity.

A scammer posing as Coinbase customer support has allegedly stolen more than $2 million in cryptocurrency from multiple users, according to blockchain investigator ZachXBT. The fraud did not involve hacking exchange systems. Instead, it relied on deception and direct user contact. The case shows how social engineering remains one of the most effective attack methods in the crypto sector, despite stronger technical safeguards.

ZachXBT disclosed the findings in a post shared on X earlier this week. He said the suspected scammer operated for nearly a year. The investigator described the individual as a Canada-based threat actor. The attacker repeatedly impersonated support staff linked to Coinbase to gain user trust.

According to the investigation, the scammer contacted victims through phone calls. He introduced himself as a customer support representative. During the calls, he warned users that their accounts showed signs of compromise. These warnings created urgency and fear. Victims believed immediate action was required to protect their funds.

1/ Meet Haby (Havard), a Canadian threat actor who has stolen $2M+ via Coinbase support impersonation social engineering scams in the past year blowing the funds on rare social media usernames, bottle service, & gambling. pic.twitter.com/bBqrV7GmPi
— ZachXBT (@zachxbt) December 29, 2025

The attacker then guided users through fake security steps. These steps included approving transactions or sharing sensitive details. Victims thought they were securing their accounts. Instead, they unknowingly authorized transfers to wallets controlled by the scammer. Once completed, the funds could not be recovered.

ZachXBT emphasized that the fraud involved no technical breach. The attacker exploited human trust rather than software weaknesses. He used spoofed phone numbers, emails, and messaging apps to appear legitimate. These tools made the communication look official and reduced suspicion during the interactions.

Also Read: Ex-Coinbase Employee Arrested in India for 2025 Data Breach

A leaked screen recording shared by the investigator showed the alleged scammer speaking calmly with a victim. The conversation appeared professional and convincing. ZachXBT claimed the total stolen amount exceeded $2 million. He said the funds were later used for online gambling, luxury nightlife services, and the purchase of rare usernames on social media platforms.

Although the investigator said he traced the suspect’s identity and location using public data, he did not release personal details. He cited platform rules and ethical limits. However, he noted that blockchain transparency allowed him to track wallet movements and spending patterns linked to the stolen funds.

On-Chain Data Exposed Funds Despite Evasion Attempts

The suspect is said to have tried to escape detection. He removed the accounts online and bought costly Telegram usernames. All these were done to ensure less traceability. Nevertheless, transaction flows were still visible on-chain data. Limited efficiency with these tactics was made by use of public blockchain records.

The event is preceded by other high-profile crypto frauds that have been reported in the recent past. Lookonchain reported that one user had lost $50 million in USDT by copying a poisoned wallet address earlier this year. The error caused an irreversible transfer. The case emphasized the impact of minor mistakes that lead to massive losses.

A victim (0xcB80) lost $50M due to a copy-paste address mistake.

Before transferring 50M $USDT, the victim sent 50 $USDT as a test to his own address 0xbaf4b1aF…B6495F8b5.

The scammer immediately spoofed a wallet with the same first and last 4 characters and performed an… pic.twitter.com/eGEx2oHiwA
— Lookonchain (@lookonchain) December 20, 2025

In another move, in December, the U.S. authorities arrested a suspect based in New York. The arrest came after an investigation of a different multi-million-dollar Coinbase impersonation scam. ZachXBT’s on-chain analysis purportedly supported the arrest.

Crypto exchanges have repeatedly advised users to be cautious and avoid supporting impersonation. No legitimate personnel request passwords, seed phrases, or transfers. Analysts suggest that this case reinforces the need for increased user awareness. With transactions being irreversible, education remains essential as more people adopt it.

Also Read: Sberbank Launches Russia’s First Crypto-Backed Loan as Bitcoin Mining Gains Scale