Key Takeaways
- Blockchain sleuth ZachXBT has linked a Canadian threat actor to over $2 million in stolen funds through a fake Coinbase support scam.
- The scammer utilized social engineering and impersonation tactics, even leaking his own Telegram account and email in a screen recording.
- Stolen crypto was reportedly spent on luxury lifestyles, including rare social media handles, gambling, and bottle service.
Social Engineering Scam Drains $2 Million from Users
Famous crypto sleuth ZachXBT just blew the lid off a major scam targeting Coinbase users. For over a year, a “Canadian threat actor” posed as a fake support agent to swindle people out of over $2 million. He used high-pressure tech support calls to trick victims into handing over their data or clicking “approve” on bad transactions.
But here’s the kicker: the scammer’s own ego was his downfall. Despite being a “pro” social engineer, his OpSec was a total mess. He couldn’t stop bragging about his new wealth on social media, posting stories of his bottle-service lifestyle and gambling habit.
He even leaked his own identity in a recorded call where he accidentally showed his personal email and Telegram handle on screen. As ZachXBT put it, it’s rare to see someone so skilled at theft be so reckless with their own identity.
How Users Can Protect Themselves Against Social Engineering
The scariest thing about social engineering is that it doesn’t care how good your software is; it hacks your brain instead. Scammers love to play on your nerves by creating a fake emergency.
They’ll tell you your account has been “hacked” or “compromised” just to get your heart racing. The goal? To make you panic so you’ll stop thinking clearly and make the exact mistake they need to get into your wallet. ZachXBT noted that the suspect in this case spent significant portions of the stolen funds on high-value Telegram usernames to hide his identity, but his constant gloating made him an easy target for tracking.
To prevent falling victim to such schemes, experts emphasize that legitimate exchanges like Coinbase will never ask for your password, 2FA codes, or request that you move funds to a “secure” new wallet. Users should never respond to cold calls or click links in unsolicited emails.
The most effective defense remains the use of hardware wallets for significant holdings and the activation of “withdrawal allow-listing,” which prevents transfers to any address not pre-approved by the user.
Final Thoughts
The unmasking of this $2M scammer highlights the power of on-chain transparency. While social engineering is evolving, the trail left by “flaunting” stolen wealth is often what leads to a scammer’s downfall.
Frequently Asked Questions
How did the Coinbase support scam work?
The scammer posed as a help desk worker to gain trust and used social engineering to steal account access or funds.
Will Coinbase call me for technical support?
No. Coinbase and other major exchanges will never call you to ask for sensitive info like your 2FA code or password.
Who is ZachXBT?
ZachXBT is a prominent independent blockchain investigator known for tracking major crypto hacks, scams, and fraudulent actors.
