ZachXBT Exposes $2M Coinbase Impersonation Scam via Onchain Clues and Social Media Evidence

A Canadian threat actor known as Haby or Havard allegedly stole over $2 million from

ZachXBT revealed the scammer used spoofed phone numbers and fake customer support interactions to manipulate users into revealing sensitive information or approving unauthorized transactions

The scammer attempted to cover his tracks by frequently purchasing high-value Telegram usernames and deleting old accounts. However, poor operational security—such as sharing selfies and lifestyle updates on social media—made it easy for ZachXBT to trace his identity

Why Did This Scam Work?

The scam primarily relied on social engineering rather than technical exploits. Scammers often target human trust and urgency to gain control over victims' funds

The use of fake wallet addresses and impersonation of customer support was key to the scam's success. ZachXBT found that the scammer would spoof wallet addresses and deposit stolen funds into

How Did ZachXBT Uncover the Scammer?

ZachXBT used a combination of onchain analysis and social media evidence to expose the scammer's identity. By cross-referencing wallet transactions, Telegram group chats, and social media posts, he was able to trace the movements of the stolen funds and the scammer's online presence

The investigator shared screenshots and wallet data that linked the scammer to a $44,000

ZachXBT also noted that the scammer had shared private device details, such as the name "Harvi's MacBook Air," in group chats. This level of detail exposed the scammer's poor security practices and made it easier for investigators to track his activities

What Can Users Do to Prevent Such Scams?

Coinbase and other major exchanges have repeatedly warned users that support staff will never ask for seed phrases, passwords, or direct transfers to personal wallets. Users should be cautious about unsolicited calls, emails, or messages that claim to be from customer support. Always verify such communications through official app channels.

Additionally, users should avoid clicking on links sent via unverified sources and refrain from sharing sensitive information over the phone. Storing significant holdings in hardware wallets and using strong, unique passwords for each service also helps reduce the risk of falling victim to scams.

Context of Rising Social Engineering Threats

This case is part of a broader trend of social engineering attacks in the crypto industry. In 2025 alone, such scams accounted for billions in losses across the sector. The increasing sophistication of these attacks highlights the need for better user education and improved security measures.

ZachXBT noted that the scammer's poor opsec and frequent social media posts made it possible to track his activities. This underscores how scammers can be unmasked if they fail to protect their online identities.

What's Next for the Scammer and Law Enforcement?

ZachXBT urged Canadian law enforcement to investigate the case further, citing the strong evidence available. However, he noted that jurisdictions like Canada often struggle with prosecuting cybercriminals. Law enforcement in the U.S. and India have made some progress in recent months, with arrests and raids targeting similar scams.

As cryptocurrency adoption grows, the need for robust security protocols and user awareness becomes more critical. This case serves as a reminder that while blockchain tools can help trace fraud, prevention remains the most effective defense against social engineering attacks.