Coinbase Impersonation Scams Expose Crypto Enforcement Gaps

• Coinbase support impersonation scam overdrained $2M through social engineering tactics.
• ZachXBT traced wallets and chats to a Canadian suspect amid limited enforcement.
• Rising Web3 losses show human-focused attacks outpacing cross-border prosecution.

A Coinbase support impersonation scam drained over $2 million from users through social engineering calls, according to investigator ZachXBT. The activity in Canada targeted retail users globally. ZachXBT linked the thefts to a Canadian suspect, showing how attackers exploited trust while enforcement lagged behind fast-moving crypto crime.

Inside the Coinbase Support Impersonation Scheme

ZachXBT detailed the alleged operation in a long X thread by sharing screenshots, wallet data, and chat logs. He identified the suspect as Haby, also known as Havard, describing him as a Canadian threat actor. According to the investigator, the suspect posed as Coinbase support to manipulate victims into transferring funds.

The investigation traced activity beginning in late 2024 and continuing through early 2025. However, the evidence showed repeated patterns rather than isolated incidents. ZachXBT cited Telegram group screenshots where the suspect bragged about successful thefts and wallet balances.

One December 2024 post showed a theft of 21,000 XRP, valued at $44,000, from a Coinbase user. Subsequently, wallet analysis linked that XRP address to additional Coinbase-related thefts. Those transactions pushed the known total well beyond $500,000.

Further tracking linked the suspect to a Bitcoin wallet that appeared to hold money from several scams. In February 2025, group chats reviewed by ZachXBT showed the person bragging about having around $237,000. The past balance of the linked Bitcoin wallet matched what was shown in those messages.

ZachXBT also shared a leaked screen recording of what looked like an active scam call. The video reportedly revealed an email address and a Telegram account connected to the same person. The suspect was also known for posting selfies and lifestyle updates, which made it easier to link the activity back to them.

Enforcement Gaps Leave Exchanges Exposed

Despite extensive on-chain and open-source evidence, ZachXBT noted limited enforcement follow-through in Canada. He stated that Canadian authorities rarely prosecute threat actors tied to online fraud networks. However, he urged law enforcement to intervene due to the volume of available evidence.

The case shows a broader enforcement challenge seen across major jurisdictions. Similar impersonation scams have appeared in the United States, the United Kingdom, and across the European Union over the last two years. These cases show that scammers are increasingly targeting people directly, as breaking systems through technical hacks has become more difficult.

Blockchain transparency has improved, making fund movements easier to trace. Still, bringing cases like this to court depends on cooperation between countries and clear legal authority. Because of this, exchanges often take reputational hits while legal action moves slowly or stalls. 

ZachXBT also noted that the suspect had reportedly been targeted by several local swatting incidents. Yet, no public prosecution has followed. According to the investigator, this gap shows how cyber-financial crimes often fall between regulatory frameworks.

Related: Hyperliquid Says Former Employee Was Behind HYPE Shorting

Social Engineering Drives Rising Web3 Losses

The Coinbase case aligns with broader loss trends reported in 2025. According to Hacken’s annual security report, Web3 losses reached an estimated $3.95 billion. That figure rose by about $1.1 billion compared with 2024.

Losses peaked above $2 billion during the first quarter of 2025 before declining later. However, Hacken said the pattern reflected systemic operational weaknesses rather than short-term anomalies. Access control failures dominated the loss profile.

Hacken attributed roughly $2.12 billion, or 54 percent of losses, to operational security lapses. These included compromised signers, weak key management, and poor off-boarding practices. By contrast, smart contract exploits accounted for about $512 million.

A single Bybit breach accounted for nearly $1.5 billion in losses. Hacken said this incident largely explained why North Korea-linked actors represented over half of the stolen funds. However, many smaller losses stemmed from impersonation and access manipulation.

Other incidents showed this trend during 2025. Threat actors impersonated trusted brands and industry figures through fake meetings and phishing campaigns. According to Kerberus, human behavior now represents the primary risk factor in Web3 security.

As crypto adoption expands among retail users, these cases show how enforcement struggles persist. While on-chain evidence grows stronger, legal outcomes remain uneven across borders. Social engineering continues to thrive within the gaps between technology and prosecution.

Meanwhile, the Coinbase impersonation case documents how social engineering scams drained millions using trust-based manipulation. ZachXBT’s findings show strong on-chain visibility but limited enforcement response. Alongside rising 2025 loss data, the case shows how jurisdictional gaps remain central to crypto fraud exposure.