$2M Crypto Stolen in Fake Coinbase Support Social Engineering Scam

Crypto

$2M Crypto Stolen in Fake Coinbase Support Social Engineering Scam

• The fake Coinbase support scammers managed to steal in excess of $2 million.
• Investigators link the scam to fake support channels and on–chain asset space.

An alleged scammer, posing as a Coinbase help desk employee, reportedly stole more than $2 million in cryptocurrency by using social engineering tactics to convince victims they were receiving legitimate support. He contacted victims through apps like Telegram and fake support chats, often sharing convincing messages or calls that appeared authentic. By gaining their trust, he manipulated them into revealing sensitive account details or authorizing transactions that sent funds directly to wallets he controlled.

Blockchain investigator ZachXBT identified the scammer by cross-referencing Telegram group screenshots, social media posts, and on-chain wallet transactions tied to the thefts. The fraudster, according to the report, used this tactic to convince them to send funds to wallets he controlled.

1/ Meet Haby (Havard), a Canadian threat actor who has stolen $2M+ via Coinbase support impersonation social engineering scams in the past year blowing the funds on rare social media usernames, bottle service, & gambling. pic.twitter.com/bBqrV7GmPi

— ZachXBT (@zachxbt) December 29, 2025

The Smooth Execution Of The Scam

The scam didnt involve hacking into the Coinbase systems directly, but rather leaned on social engineering, where the attackers try to befriend victims to get sensitive information from them or make them confirm or authorise some transfers. The scammer reportedly posed as an official support agent and directed victims to provide details or move assets to new locations under the guise of “protecting” their funds. Applications were supported by spoofed e-mail addresses and Telegram accounts, some of them connected to his online persona and boasting of making luxury purchases using the stolen funds.

This kind of impersonation scam is not an isolated case, where extended trends show that quite often, scammers advertise fake support numbers or initiate unsolicited contact to deceive users. Official guidance by Coinbase stresses that legitimate support staff will never ask for passwords, two–factor authentication codes, private keys, or request that users send funds to external wallets, and that genuine communication only happens through verified channels listed on the companys website or official app.

The Breaches and Their Risks

Perhaps worse, previous events illustrate that bad actors have previously accessed user information via compromised or extorted support agents. More specifically, Coinbase announced at one point that international agents had been bribed to share customer data, like names, addresses, masked Social Security details, and other personal information, which ended up being used for scams and extortion. Coinbase reacted by firing those who had engaged in this behaviour, and also issued a $250,000 reward for any individual with information leading to the capture of its attackers. These kinds of scams are the ones that recur, and the ones that are resolved are fewer. While blockchain networks stay secure themselves, on the other hand, there is an increase in the way that attackers manipulate people for their benefit.

Therefore, it can be seen that investors must be more cautious regarding security measures, given the way scammers are evolving. This would include storing investments in hardware wallets, not disclosing personal information for authentication, and checking support conversations through legit channels. The crypto community, regulators, and users must be aware of the technical measures for them to effectively address any future attacks.