BTC $95,134.00 +0.08%
ETH $3,324.29 +0.90%
SOL $142.41 -1.03%
AVAX $13.59 -0.36%
UNI $5.32 -1.14%
AAVE $173.34 -0.80%
MATIC $0.000000 +0.00%
ATOM $2.50 -2.37%
LINK $13.81 +0.67%
ADA $0.3937 -0.51%
DOT $2.15 -3.04%
DOGE $0.1372 -0.22%
SHIB $0.000008 -1.37%
LTC $75.46 +0.80%
TRX $0.3172 +1.68%
XLM $0.2268 -0.28%
XMR $585.69 -6.05%
ALGO $0.1292 -2.71%
VET $0.0116 -2.65%
BTC $95,134.00 +0.08%
ETH $3,324.29 +0.90%
SOL $142.41 -1.03%
AVAX $13.59 -0.36%
UNI $5.32 -1.14%
AAVE $173.34 -0.80%
MATIC $0.000000 +0.00%
ATOM $2.50 -2.37%
LINK $13.81 +0.67%
ADA $0.3937 -0.51%
DOT $2.15 -3.04%
DOGE $0.1372 -0.22%
SHIB $0.000008 -1.37%
LTC $75.46 +0.80%
TRX $0.3172 +1.68%
XLM $0.2268 -0.28%
XMR $585.69 -6.05%
ALGO $0.1292 -2.71%
VET $0.0116 -2.65%
HASH Banner
Home › HASH Desk › ZachXBT exposes $2M...
HASH DESK

ZachXBT exposes $2M theft scheme targeting Coinbase users

AI-Powered • Editor Verified
•
December 30, 2025
ZachXBT exposes $2M theft scheme targeting Coinbase users

A sophisticated social-engineering scam targeting Coinbase users has been uncovered by prominent blockchain investigator ZachXBT, who alleges the operation has siphoned off more than $2 million in cryptocurrency over the past year.

According to a detailed report published by the investigator on X (formerly Twitter), the scheme involved a threat actor impersonating Coinbase customer support, convincing victims to grant account access under the guise of receiving technical assistance. 

Once control was obtained, funds were quickly drained and laundered through a network of crypto wallets.

The individual behind the scheme, identified only by the online alias “Haby” or “Havard,” allegedly flaunted stolen funds in private Telegram group chats, posting screenshots of recent transfers and digital wallet balances. 

One such image, dated Dec. 30, 2024, showcased a 21,000 XRP (~$44,000) theft. Another screenshot from Jan. 3, 2025, reportedly revealed the same user’s Exodus wallet linked to Telegram and Instagram usernames.

Through historical balance matching and timing analysis of transactions, ZachXBT connected multiple XRP and Bitcoin wallet addresses to the same actor, tying them to at least five separate Coinbase user thefts totaling more than $1 million. 

Additional tracing of Bitcoin movements uncovered several more wallet addresses linked to the scam, pushing the estimated total proceeds above $2 million.

The stolen funds were swiftly swapped into Bitcoin via instant-exchange services, a move investigators say was likely intended to obscure their trail. 

In February 2025, the alleged scammer was seen boasting in chats about a wallet holding more than $230,000, which matched the value on one of the identified Bitcoin addresses during that period.

ZachXBT’s report highlights the ongoing threat of phishing and customer-service impersonation attacks against crypto users, even on major regulated platforms. 

He urged exchanges and wallets to strengthen identity-verification protocols for support interactions and warned users to never share account credentials or remote access with unsolicited representatives.

Coinbase has not publicly commented on this specific case, though the exchange has repeatedly issued warnings about impersonation scams targeting its customer base.

The investigation remains ongoing, with additional victims and wallet links expected to surface as analysis continues.