ZachXBT Busts $2M Coinbase Impersonation Scheme

$2M Social Engineering Scheme

Investigators revealed on December 29, 2025, that Haby Havard, a 23-year-old resident of Abbotsford, British Columbia, had orchestrated a sophisticated scam impersonating Coinbase support staff. Over the past 12 months, Havard allegedly duped at least 32 victims into handing over access to their accounts, resulting in more than $2 million in stolen cryptocurrencies.

The funds, traced through blockchain transactions, fueled a lavish lifestyle marked by high-stakes gambling, exclusive nightclub outings, and premium social media handles.

Haby Havard’s scheme relied on classic social engineering techniques. He created fake websites mimicking Coinbase’s official support pages, such as coinbase-support.io, to lure users facing account issues.

Posing as a helpful executive during phone calls or chats, he convinced victims their accounts were compromised and needed immediate “verification.”

In one documented case, he guided a user through transferring assets to a wallet under his control, promising it was a secure holding step. A leaked screen recording from a victim showed Havard accidentally revealing his personal email and Telegram handle, a critical slip that later aided his identification.

Investigation and Operational Failures

Blockchain analyst ZachXBT, known for exposing crypto frauds, pieced together the puzzle.

By analyzing wallet addresses linked to the thefts, such as an XRP address rfA8MiWkRb6xjveQGKfJpdr8h1Kb4c83Rb tied to $500,000 in losses, ZachXBT connected the dots to Havard’s social media activity.

Posts flaunting luxury watches, nightclub bottle service, and rare Telegram usernames like “@haby” provided the breadcrumbs.

Despite attempts to cover tracks by deleting old accounts and buying new identities, Havard’s poor operational security proved fatal.

ZachXBT shared the findings in a thread on X, withholding the exact home address to comply with platform rules but alerting authorities.

This case reveals a troubling surge in crypto-related fraud. Chainalysis reported that stolen funds from hacks and scams reached $2.2 billion in 2024, a 21% increase from the prior year, with social engineering playing a central role.

For 2025, preliminary data suggests losses could climb higher, driven by tactics like pig butchering and impersonation schemes.

Coinbase users alone have lost an estimated $300 million annually to such attacks, according to security firm Ledger. In May 2025, Coinbase itself disclosed a data breach where rogue overseas contractors, bribed by criminals, leaked customer information, including names, emails, and partial IDs.

Havard, also linked to forex trading scams under aliases like “Habby Forex,” reportedly swindled individuals out of tens of thousands in separate schemes. One victim claimed a $60,000 loss in crypto sent to his wallet, followed by immediate blocking.

Another described handing over $110,000 for trading, only to be told it vanished in an hour while Havard posted about a new car purchase. Such brazen displays on platforms like Instagram and Telegram not only attracted victims but also investigators.

Rising Fraud and Exchange Countermeasures

Coinbase has ramped up defenses in response to these threats. Following the May breach, the exchange introduced enhanced ID verification for large withdrawals, scam-awareness alerts, and a new U.S.-based support center with stricter security protocols.

They also tagged stolen funds for industry-wide tracking and fired the implicated insiders, pursuing charges through U.S. and international law enforcement.

Vulnerabilities and User Vigilance

The broader ecosystem remains vulnerable. Phishing now accounts for 16% of all breaches, per 2025 cybersecurity stats from DeepStrike, outpacing supply chain attacks. Malware variants, including clipboard hijackers that swap wallet addresses mid-copy, and SIM swaps that intercept two-factor codes, compound the risks.

Victims in Harvard’s case spanned various demographics, from novice investors to experienced traders, losing anywhere from $10,000 to $500,000 each. One anonymous account holder recounted the panic induced by a fake security alert, leading to a hasty transfer that wiped out retirement savings.

Recovery is rare; blockchain’s permanence means funds rarely return without scammer cooperation or seizures.

The ongoing investigations in Canada and the U.S. highlight a structural vulnerability in the crypto ecosystem: security is only as strong as the least-informed user. Exchanges may invest heavily in security, but scammers increasingly exploit human error rather than technical flaws.

User vigilance remains key: verify support contacts through official channels, enable hardware wallets for key isolation, and pause during urgent requests.