- Trending
- Comments
- Latest
A Canadian man posing as a Coinbase support executive has been publicly identified after stealing more than $2 million from crypto users over the past year.
Blockchain investigator ZachXBT traced the fraudster to Abbotsford, British Columbia, after the suspect inadvertently exposed his identity during a recorded support call and flaunted stolen funds on social media.
In a Dec. 29 post on X, ZachXBT detailed how the Canadian crypto scammer convinced users he was a legitimate Coinbase support agent using a mix of spoofed communications and psychological manipulation.
By cross referencing Telegram chat screenshots, social media activity, and on-chain wallet movements, the investigator identified the suspect, known online as “Haby” or “Havard.”
According to ZachXBT, the Canadian crypto scammer accumulated over $2 million in the past year alone spending the proceeds on rare social media usernames, bottle service, gambling, and other luxury activities.
A leaked video shared by the investigator shows the Canadian crypto scammer impersonating Coinbase support during a live call during which he inadvertently exposed an email address and his Telegram handle critical clues that tied his online identities together.
The fraudster reportedly cycled through expensive Telegram usernames and deleted old accounts to obscure his trail. However, the Canadian crypto scammer ultimately undermined his own operation by publicly flaunting a lavish lifestyle on social media. These posts allowed ZachXBT to connect the dots and reportedly trace the individual’s location to Abbotsford.
Due to its scale and brand recognition, Coinbase continues to attract attackers using tactics ranging from phishing emails to impersonation scams.
In most cases, funds stolen by a Canadian crypto scammer are rapidly laundered through complex transaction paths or privacy focused assets making recovery extremely difficult without swift law enforcement action.
Earlier this year, ZachXBT urged Coinbase to take urgent steps after revealing that social engineering attacks led to at least $65 million stolen from users between December 2024 and January 2025.
In June, he also exposed a New York based scammer known as “Daytwo,” who siphoned more than $4 million from Coinbase users, including a $240,000 theft from a senior citizen often routing funds through online gambling platforms.
Other major exchanges including Binance have faced similar impersonation campaigns in the past underscoring the industry wide nature of the threat.
To stay safe, users should remember that legitimate support staff will never request seed phrases, passwords, or ask to move conversations to third party apps like WhatsApp or Telegram. Remaining vigilant is the best defense against the next Canadian crypto scammer attempting to exploit trust in the crypto ecosystem.
