ZachXBT linked a fraudulent scheme posing as Coinbase support to the theft of $2 million

Key points

• ZachXBT reported that over the past year, the attacker posing as a Coinbase support employee stole approximately $2 million worth of cryptocurrency from users.
• The investigation is based on a comparison of on-chain transactions, social media posts, and screenshots from messengers.
• According to the analyst, the suspect is a Canadian citizen.

Blockchain analyst ZachXBT reported that he linked a series of cryptocurrency thefts to a fraudulent scheme in which the attacker posed as a Coinbase support employee. He estimates that the total damage to users over the past year amounted to about $2 million.

In his post on X, ZachXBT stated that he was able to identify the alleged fraudster by comparing messages in Telegram groups, social media posts, and blockchain transactions. According to him, the suspect repeatedly bragged about the thefts in private chats and publicly displayed his wallet balances.

Source: X.com

Investigation details

ZachXBT claims that the suspect employed social engineering techniques to deceive Coinbase users into believing he represented the platform’s official support service. In one episode, the analyst published a video recording of a conversation in which the attacker communicates with the victim over the phone, offering fake support services.

Source: X.com

According to ZachXBT, during the conversation, the scammer himself revealed his email address and Telegram account, along with a linked phone number. The analyst also stated that cryptocurrency addresses linked to the suspect appear in several other thefts of funds from Coinbase users.

The suspect’s behavior

ZachXBT’s publication notes that the suspect regularly showed off his lifestyle on social media, posting stories and selfies, and spending stolen funds on expensive Telegram usernames. According to the analyst, the attacker periodically deleted accounts, but previously disclosed pseudonyms and on-chain data allowed the chain of activity to be reconstructed.

Source: X.com

ZachXBT also stated that he was able to establish the suspect’s presumed location, but did not disclose this information due to the rules of the X platform.

Christmas scam: how Trust Wallet users were robbed

A hacker attack on a popular crypto wallet affected 2596 addresses and resulted in $7 million in damages.

Читать дальше

The incident with the fake Coinbase support service occurred against the backdrop of other major attacks on crypto wallet users. On December 26, Trust Wallet confirmed the theft of funds from users due to a critical vulnerability in version 2.68 of the browser extension, into which malicious code was embedded to steal seed phrases. According to the company, the attack affected 2596 wallets, with damages amounting to approximately $7 million, with funds being withdrawn through centralized exchanges and exchangers.