Over $2 million has been stolen from Coinbase users in what blockchain investigator ZachXBT calls one of the most brazen social engineering scam cases of 2025. The researcher tracked down a Canadian individual who allegedly spent months impersonating Coinbase support staff to drain victims’ wallets.
What makes this case particularly troubling? The scammer wasn’t some coding genius breaking through firewalls. He just picked up the phone and convinced people he worked for Coinbase, textbook social engineering scam tactics at play.
Meet the Alleged Mastermind Behind the Theft
ZachXBT dropped a bombshell thread on X, naming someone called Haby (also known as Havard) as the person behind these thefts. The evidence? Screenshots from Telegram chats, blockchain transactions anyone can verify, and social media posts where this guy literally bragged about his crimes.
In December 2024, screenshots show Haby celebrating after stealing 21,000 XRP from one victim. That’s about $44,000 gone in a single hit. But that was just the beginning.
When ZachXBT dug into the Bitcoin addresses connected to this operation, he found another $560,000 in stolen funds. Group chats from February showed Haby flashing screenshots of his wallet with around $237,000 sitting there. He even posted a video of himself actually running one of these scam calls, complete with his email address visible on screen, essentially documenting a live social engineering scam.
Also Read: Top Crypto Scams Explained: Rug Pulls, Phishing & Ponzi Schemes
The Social Engineering Scam Playbook
So how did this actually work? Pretty simple, really. Haby would contact Coinbase users pretending to be from their support team. Maybe he’d say there was suspicious activity on their account. Or that they needed to verify something urgently. Classic pressure tactics are commonly used in a social engineering scam.
People trusted him because he sounded official. They handed over their login credentials, private keys, and whatever else he asked for. And once he had that access, the money was gone.
What’s almost funny (if it wasn’t so serious) is how sloppy he got. Most criminals try to stay hidden. Not this guy. He posted selfies on Instagram, showed off expensive bottles at clubs, and bought rare social media usernames with stolen crypto. Even people in his own scammer groups told him to chill out with the flexing.
All that stolen money went straight to gambling, bottle service, and internet clout. ZachXBT found evidence of the guy using a MacBook Air, which leaked in one of his own Instagram stories. Talk about bad operational security for someone running a social engineering scam.
Also Read: How To Spot Crypto Scams And Rug Pulls – A Pro Guide
Why This Matters Beyond One Bad Actor
Look, this isn’t just about one scammer in Canada. We’re seeing a massive shift in how crypto theft happens. Hackers used to focus on exploiting smart contract bugs or finding vulnerabilities in exchange code. Now? They’re realizing it’s way easier to just trick people.
North Korea pulled off something similar recently, posing as legitimate crypto professionals in fake Zoom meetings. They walked away with over $300 million. Then there was that fake Booking.com crypto summit scam in Dubai. India busted a Ponzi scheme that had been running for ten years, using referral programs and social media hype, all variations of large-scale Social engineering scam operations.
A company called Kerberus put out a report this year saying human error is now the biggest security risk in Web3. Not bugs. Not hacks. Just people making mistakes because someone manipulated them. That should worry everyone in this space.
What Coinbase Users Need to Know Right Now
Real Coinbase support will never, ever ask you for your password. They won’t ask for your private keys. They definitely won’t ask for your seed phrase. If someone claiming to work for Coinbase contacts you out of nowhere, asking for any of this, it’s a scam. Period.
The problem with crypto is there’s no undo button. Your bank might refund a fraudulent charge. Coinbase can’t reverse a transaction once it’s on the blockchain. That money is just gone.
ZachXBT called on Canadian law enforcement to arrest Haby, pointing out there are mountains of evidence against him. Apparently, he’s already known to local cops because people have tried to swat him before. But here’s the frustrating part: Canada rarely prosecutes these cybercrimes. ZachXBT seems genuinely annoyed about this, especially since the suspect shows zero regret about his victims.
Also Read: Trust Wallet Browser Extension Hacked: All You Need to Know
Where Do We Go From Here?
Exchanges are trying. They’re adding more verification steps, sending out warnings, and educating users. But there’s only so much they can do when the weak point is human judgment.
This case should be a wake-up call. The blockchain makes everything transparent, which helped ZachXBT track these funds. But that transparency doesn’t stop the theft from happening in the first place. We need people to develop some healthy paranoia about unsolicited contact from “support teams.”
Maybe that sounds cynical. But in crypto, a little suspicion might save you thousands of dollars.
What exactly is a social engineering scam in crypto?
What happens is someone tricks you into sharing personal details they could never guess. Instead of breaking through security, they act like help desks while pushing false alarms. Acting fast feels right because they make it seem urgent. Handing over access seems logical at the moment, though it should never happen. Breaking trust works better for them than cracking codes ever would.
Also Read: AI-Powered Tools Fueling a Surge in Cryptocurrency Scams, New Report Finds
How do I know if Coinbase is really contacting me?
They won’t. Legitimate Coinbase support doesn’t cold-call or DM you asking for account details. If you need help, you initiate contact through the official app or website. Anyone reaching out to you first is probably trying to steal from you.
Can I get my crypto back if I fall for one of these scams?
Probably not. Once the transaction goes through, it’s permanent. There’s no crypto equivalent of calling your credit card company to dispute charges. This is why prevention matters so much in this space.
What should I do if someone’s trying to scam me right now?
Hang up. Close the chat. Don’t click any links. Then go directly to Coinbase’s official website (type it in yourself; don’t click anything) and report it through their actual support channels. Change your password immediately if you shared anything.
Get the news in a Jist. Follow Cryptojist on X and Telegram for real-time updates!
Disclaimer:
Look, we’re just journalists reporting the news here, not your financial advisors. Everything you read above is for information purposes only. Crypto is wild, unpredictable, and can absolutely wreck your savings if you’re not careful. Never invest money you can’t afford to lose. Seriously, we mean it. Do your own research, talk to actual licensed financial professionals, and remember that past performance means absolutely nothing when it comes to future results. The crypto market can turn on a dime, and what’s hot today might be toast tomorrow. We’re not responsible for your investment decisions, good or bad. Trade smart, stay safe, and don’t bet the farm on anything you read on the internet, including this article.
Bitcoin 
Ethereum 
Tether 
BNB 
XRP 
USDC 
Solana 
TRON 
Lido Staked Ether 
Dogecoin 