Coinbase Support Impersonation Scam Linked to Over $2 Million in Crypto Losses
A coordinated social-engineering operation impersonating Coinbase customer support has allegedly siphoned more than $2 million in cryptocurrency from exchange users, according to findings published by blockchain investigator ZachXBT.
The activity is attributed to a single actor believed to be operating from Canada, who conducted the scheme over roughly a one-year period. Rather than exploiting technical vulnerabilities, the operation relied on direct user interaction, with victims contacted under the pretense of account security issues or support escalation. Once engaged, victims were guided through actions that enabled unauthorized transfers from their wallets.
ZachXBT reported identifying the individual behind the operation by cross-referencing on-chain transactions with Telegram records, leaked screen recordings, and social media activity. Wallet flows associated with the scam showed repeated consolidation and movement of funds, consistent with laundering patterns seen in organized crypto fraud cases.
A leaked video shared by the investigator allegedly shows the scammer speaking directly with a victim while posing as a Coinbase support agent. While details of the exact scripts used were not disclosed, the interaction appears structured to maintain legitimacy and urgency, a common characteristic of high-yield social engineering attacks.
Efforts to obscure attribution included frequent changes to Telegram accounts and the acquisition of high-value usernames, though these measures reportedly failed due to the actor’s extensive public activity online. ZachXBT noted that the suspect regularly posted identifiable content across platforms, which ultimately assisted in tracing movements and behavioral patterns.
Blockchain analysis suggests that stolen funds were not held long-term but quickly converted or spent, including transfers linked to gambling platforms and high-cost digital assets. The rapid outflow reduced the likelihood of recovery and complicated tracking efforts.
As major exchanges harden infrastructure, attackers are concentrating on trust-based access points, particularly customer support channels, which remain difficult to secure at scale.
Hottest
Copyright © 2026 FastBull Ltd
Risk Warning:
FX trading is of high risk and may not be suitable for all investors. Leverage will create additional risks and loss. Before trading, please carefully consider your investment objectives, experience level and risk tolerance. You may lose part or all of your initial investment; do not invest money that you cannot afford. Educate yourself about the risks associated with FX trading. If you have any questions, please consult an independent financial or tax advisor. Any data and information are provided "as is" and only for information purpose, not for trading or recommendations. Past performance does not predict future results.
Disclaimer:
The data contained in this website may not be real-time and accurate. The data and prices on this site are not necessarily provided by the market or exchange, but may be provided by market makers, so prices may be inaccurate and differ from actual market prices. Namely, this price is indicative price only to reflect market trend, and is unfavorable for trading purpose. The provider of the data contained in the Website shall not be liable for any loss incurred by you as a result of your trading activities or reliance on the information contained in the Website.