qerranews 
An alleged scammer posing as a Coinbase customer support agent has reportedly stolen more than $2 million in cryptocurrency, according to findings shared by prominent blockchain investigator ZachXBT. The case highlights the growing threat of social engineering scams targeting crypto exchange users, especially through impersonation tactics.
ZachXBT Uncovers Scam Trail
In a post shared on X (formerly Twitter) on Monday, ZachXBT detailed how he traced the alleged scammer’s activities by cross-referencing Telegram group screenshots, social media posts, leaked screen recordings, and on-chain wallet data.
According to ZachXBT, the suspect is a Canadian-based threat actor who allegedly ran Coinbase support impersonation scams over the past year. The funds stolen from victims were reportedly spent on rare social media usernames, gambling, luxury bottle service, and online clout, rather than being laundered discreetly.
ZachXBT noted that the scammer repeatedly exposed himself through careless online behavior, making it easier to track his movements and identity despite attempts to cover his tracks.
Fake Coinbase Support Tactics
The scam allegedly relied on classic social engineering techniques, where attackers pose as legitimate customer support representatives to gain victims’ trust. In this case, Coinbase users were led to believe they were communicating with official help desk staff.
ZachXBT shared a leaked video allegedly showing the scammer speaking directly with a victim while pretending to offer customer support. Although the exact steps varied, the strategy generally involved convincing users to share sensitive information or authorize fraudulent transactions under the guise of account recovery or security verification.
Social engineering scams are particularly effective in crypto due to the irreversible nature of blockchain transactions, making stolen funds nearly impossible to recover.
Attempts to Hide Identity
The alleged scammer reportedly attempted to hide his digital footprint by frequently purchasing expensive Telegram usernames and deleting older accounts. However, these efforts were undermined by constant online bragging and lifestyle posts, which ZachXBT said showed little regard for operational security.
The investigator published screenshots of stories and selfies allegedly posted by the suspect, flaunting wealth and activities linked to the stolen funds. ZachXBT even claimed he was able to determine the individual’s home address using publicly available information, though he did not disclose it due to platform policies.
The case underscores how ego-driven online behavior can compromise even the most deliberate attempts to evade detection.
Social Engineering Still Thrives
Social engineering remains one of the most effective crypto scam methods, particularly against less experienced users. Rather than exploiting technical vulnerabilities, scammers exploit human psychology, urgency, fear, and trust in well-known brands like Coinbase.
Impersonation scams have surged as exchanges grow larger and more mainstream, giving attackers recognizable identities to mimic. Support-themed scams are especially dangerous because users often contact help desks during moments of panic, such as suspected hacks or account lockouts.
How Users Can Stay Safe
While experienced crypto users often learn security best practices through years of trial and error, newcomers are particularly vulnerable. Protecting yourself starts with basic digital hygiene and skepticism.
Users should never reuse passwords across platforms and should enable two-factor authentication wherever possible. Importantly, significant crypto holdings should be stored off exchanges, ideally in a hardware wallet, reducing exposure to account-based attacks.
As a general rule, users should never click on unsolicited links, respond to cold calls, or engage with unexpected support messages. Always reach out to customer support through verified channels, such as the official website or mobile app.
What Support Will Never Ask
Legitimate help desk staff will never request seed phrases, private keys, or login credentials. They will also never ask users to send funds to a “verification wallet” or redirect conversations to Telegram, Discord, or social media DMs.
Any request involving urgency, secrecy, or off-platform communication should immediately raise red flags. When in doubt, pause and independently verify before taking action.
A Warning for Crypto Users
The alleged $2 million Coinbase impersonation scam serves as a stark reminder that security in crypto is personal responsibility. As blockchain adoption grows, so does the sophistication of scams targeting everyday users.
Investigations like ZachXBT’s continue to play a crucial role in exposing bad actors, but prevention remains the best defense. Staying informed, cautious, and skeptical can make the difference between safeguarding assets and becoming the next victim.