A Canadian individual, known as Haby or Haverd, has reportedly defrauded victims of over $2 million by impersonating customer support for Coinbase. This elaborate scheme unfolded over the past year, during which the scammer managed to exploit the trust of multiple users.
Blockchain investigator ZachXBT revealed the details of this fraud on December 29, 2025, utilizing on-chain analysis to connect the perpetrator to various victims. The analysis included tracking Bitcoin addresses, Telegram accounts, and even leaked videos, exposing the extensive nature of the scam.
Victims were misled into believing they were experiencing account issues, prompting them to provide remote access to their computers. Once granted access, Haby drained their cryptocurrency wallets, which included BTC, ETH, and XRP, among other assets. One specific incident involved the theft of 21,000 XRP, valued at approximately $44,000, contributing to a total loss exceeding $1 million from at least five different Coinbase users.
Haby”s operational security was notably poor, as evidenced by frequent name changes on Telegram and blatant social media posts bragging about the theft. Such behaviors have raised alarms about the risks associated with social engineering tactics in the cryptocurrency space. Coinbase has previously warned its users against sharing private keys or allowing remote access to their accounts, reiterating that legitimate staff will never request such sensitive information.
This incident is part of a broader trend, as social engineering attacks have surged in 2025, now accounting for a significant portion of cryptocurrency thefts. Reports indicate that these types of frauds have risen by 20-30% year-on-year, driven by the increasing number of users on platforms like Coinbase, which now boasts over 100 million users.
The challenge of holding scammers accountable remains a critical issue in the cryptocurrency ecosystem. Recently, in May 2025, a hacker from 2020 moved $42 million in BTC, flaunting their success to forensic investigators like ZachXBT. Despite these challenges, advancements in accountability tools are aiding investigations, as firms like ZachXBT track stolen funds to lavish expenditures and gambling sites.
In response to the increasing threat posed by such scams, exchanges are enhancing their security measures. These improvements include implementing mandatory two-factor authentication, utilizing AI for phishing detection, and increasing the frequency of user alerts. Experts also recommend that users adopt hardware wallets for their significant holdings and rely on official applications for account verification, thereby reducing the risk of falling victim to similar scams in the future.
