An alleged scammer posing as a Coinbase help desk worker has reportedly stolen around $2 million in crypto from users of the exchange, according to blockchain sleuth ZachXBT.
In a Monday X post, ZachXBT claimed that he had managed to pinpoint the identity of the alleged scammer after cross referencing Telegram group chat screen shots, social media posts and wallet transactions.
ZachXBT alleged that the “Canadian threat actor” had “stolen $2M+ via Coinbase support impersonation social engineering scams in the past year blowing the funds on rare social media usernames, bottle service, & gambling,”
The Canadian allegedly deployed social engineering tactics to dupe Coinbase users into believing he worked for the exchange. In his post, ZachXBT shared a leaked video of the alleged scammer on the phone with the victim offering fake customer support.
While the specifics were not detailed, social engineering generally consists of scammers posing as someone from a legitimate organisation to gain trust and elicit private data from unsuspecting victims, or to make dubious transactions.
“In the screen recording he leaks the email…. and his Telegram account with a number,” ZachXBT wrote.
The alleged scammer attempted to hide their tracks by continually buying “expensive Telegram usernames” and deleting old accounts. However, ZachXBT claimed it was easy to pinpoint their identity and movements due to constant gloating on social media, and posted screenshots of numerous examples of “stories and selfies flaunting his lifestyle with little regard for opsec and was also caught simping for eGirls.”
ZachXBT even claimed to worked out the alleged scammer’s home address using publicly available information, but did not share them due to X’s terms of service.
How can users protect themselves against social engineering?
While seasoned crypto veterans know the best practices to protect themselves after years of trial and error, newcomers often need a heads-up.
Related: Social engineering cost crypto billions in 2025: How to protect yourself
It’s important for users to be very vigilant about safe-keeping their private data, don’t use the same password for multiple services and keep significant holdings off an exchange in a hardware wallet.
As a rule of thumb, it’s important to never click on links sent to you or respond to cold calls. Always contact customer support directly through verified avenues such as on the actual website or app.
Additionally, help desk workers will never ask for seed phrases or login credentials, share private wallets to send funds to, or re-direct conversations over to social media apps like Telegram.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
