Fake Coinbase Support Scammer Steals $2M in Crypto

What Happened in the Alleged Coinbase Support Scam?

An individual posing as a Coinbase assist desk worker allegedly stole more than $2 million in cryptocurrency from users over the past year, according to blockchain investigator ZachXBT. In a post published Monday on X, ZachXBT said he traced the activity to a single threat actor later than reviewing Telegram chat screenshots, wallet movements, and social media posts.

ZachXBT described the suspect as a “Canadian threat actor” who used social engineering tactics to convince victims that he worked for Coinbase. He alleged the funds were later spent on rare social media usernames, bottle service, and gambling. The investigator also shared a video that appears to show the alleged scammer speaking to a victim on the phone while offering fake customer support.

“In the screen recording he leaks the email…. and his Telegram account with a number,” ZachXBT wrote, pointing to what he described as repeated operational mistakes that assisted connect the dots.

Investor Takeaway

How Did the Alleged Scam Work?

While not every detail of the operation was disclosed, the scheme followed a familiar pattern. The alleged scammer contacted users directly and claimed to represent Coinbase’s support team. By creating urgency or citing account issues, he reportedly gained victims’ trust and guided them into making transactions that transferred funds out of their control.

Social engineering relies less on technical exploits and more on manipulation. Scammers pose as employees of legitimate companies, using plausible language and insider references to pressure victims into revealing information or approving transfers. Once , recovery becomes hard or impossible.

ZachXBT said the suspect attempted to obscure his trail by repeatedly purchaseing “expensive Telegram usernames” and deleting old accounts. Despite that effort, the investigator claimed the individual’s habit of posting selfies and lifestyle content made attribution easier. Screenshots shared in the post showed what ZachXBT described as repeated public bragging with little concern for operational security.

ZachXBT also said he identified the individual’s home address using public information but chose not to publish it to comply with X’s rules.

Why Do Support Impersonation Scams Keep Working?

, making their brands frequent targets for impersonation. Scammers do not need to breach systems if they can persuade users to act on their own. For newer users in particular, it can be hard to distinguish between real support outreach and a convincing fake.

Cold calls, direct messages, and unsolicited emails remain common entry points. In many cases, victims believe they are resolving a routine account issue. By the time they realize the interaction was fraudulent, assets have already moved.

The scale of losses tied to social engineering has grown alongside broader crypto adoption. As platforms attract more users, the pool of potential targets expands, and scammers refine their scripts using real interface screenshots, leaked emails, or recycled support language.

Investor Takeaway

How Can Users Protect Themselves?

Basic precautions still stop most social engineering attempts. Users should avoid clicking on links sent through unsolicited messages and never engage with cold calls claiming to be from an platform. Customer support should always be contacted through official websites or apps, not through links or numbers provided in messages.

assist desk workers will never ask for viewd phrases, passwords, or login credentials. They will not request that users send funds to a private conversations to messaging apps like Telegram. Any request that includes those steps should be treated as fraudulent.

Security practices also matter. Using unique passwords across services reduces exposure if one account is compromised. Keeping larger holdings in a what can be drained even if an platform account is breached.

For experienced users, these rules are second nature. For newcomers, incidents like this serve as reminders that scams do not require advanced hacking skills—only a convincing story and a moment of misplaced trust.