Coinbase Users Lose $16M in Phishing Scheme Run by 23-Year-Old New Yorker

What Are Prosecutors Alleging?

A 23-year-old Brooklyn resident has been indicted on 31 criminal counts for allegedly stealing nahead $16 million in cryptocurrency from roughly 100 Coinbase users through a prolonged phishing operation, according to the Brooklyn District Attorney’s Office.

The defendant, Ronald Spektor of Sheepshead Bay, was arraigned on charges including first-degree grand larceny, criminal possession of stolen property, and money laundering. Prosecutors say the scheme ran from April 2023 through December 2024 and relied on impersonation, social engineering, and post-theft laundering through crypto-native tools.

Spektor allegedly contacted Coinbase users while posing as a customer support representative, warning them their accounts were at risk. He then persuaded victims to move their assets into new wallets that he secretly controlled. Once funds were transferred, prosecutors say he routed them through crypto mixers, token-swapping services, and online gambling platforms to obscure their origin.

Investor Takeaway

How Was the Scheme Operated?

Court filings allege Spektor operated online under the alias “Ronaldd” and the handle “@lolimfeelingevil.” Prosecutors say he ran a Telegram channel titled Blockchain enemies, where he discussed his activity and claimed to have lost $6 million through gambling.

Investigators identified victims across multiple states. One California resident reportedly lost more than $1 million, while a Virginia-based victim lost over $900,000. Authorities say more than 70 victims have been interviewed so far, with the total victim count estimated at around 100.

Law enforcement has recovered about $105,000 in cash and roughly $400,000 in cryptocurrency. Prosecutors say the remainder was dissipated through mixers, swaps, and gambling services, making recovery more hard.

What Role Did Coinbase and Onchain Investigators Play?

The Brooklyn District Attorney’s Virtual Currency Unit worked with Coinbase during the investigation, using internal data and blockchain tracing to identify the suspect and . Coinbase publicly acknowledged the cooperation following the indictment.

Independent also contributed to identifying the suspect later than publishing an investigation in November 2024. His involvement began later than a victim who lost $6 million reached out for assistance. Coinbase’s official account later thanked him for his contribution.

commented publicly on the case via X, warning that scammers targeting the platform’s users would be pursued. The company has increasingly leaned on public messaging to deter impersonation attempts as social engineering scams continue to scale.

Investor Takeaway

Why This Case Matters for Crypto Security

The indictment follows a challenging year for Coinbase on the security front. In February, ZachXBT reported that users lost more than $65 million to in just two months. In May, Coinbase disclosed a data breach affecting nahead 70,000 users later than criminals bribed overseas support staff, with estimated costs ranging from $180 million to $400 million.

Unlike protocol exploits or bridge hacks, phishing schemes depend on deception rather than technical flaws. Attackers impersonate support staff, exploit urgency, and rely on victims voluntarily authorizing transactions. Once funds are transferred, recovery becomes hard, even when wallets are identified.

Prosecutors also revealed that Spektor was planning to flee the country prior to his arrest. Court filings state that his father is now considered an “active suspect” in connection with the case.

Spektor has pleaded not guilty. His attorney described the allegations as “speculative.”

What Comes Next?

The case will move through New York’s criminal courts, where prosecutors will attempt to link onchain activity, communications records, and victim testimony into a single evidentiary trail. While only a fraction of the stolen funds has been recovered, authorities say tracing efforts are ongoing.