Blockchain investigator ZachXBT has just accused a "dangerous Canadian individual" of stealing over $2 million in cryptocurrency through social media scams impersonating Coinbase support.
This incident highlights a worrying reality: attacks targeting human behavior are becoming a major threat to the Web3 ecosystem, causing significant damage throughout 2025.
Inside the $2 million crypto scam.
In a chain of detailed posts on X (formerly Twitter), ZachXBT Chia screenshots of Telegram chats, social media posts, and wallet transactions to substantiate his allegations against a person named Haby (Havard).
“This is Haby (Havard), a dangerous Canadian individual who has defrauded over $2 million by impersonating Coinbase support and engaging in social media scams over the past year. The money was used to purchase rare social media usernames, lavish parties, and gambling,” investigators stated .
ZachXBT's investigation traced the alleged fraudulent activities from late 2024. ZachXBT Chia a screenshot allegedly posted by Haby in December 2024, showing the theft of 21,000 XRP (approximately $44,000) from a Coinbase user.
Further analysis of the wallet linked a suspected individual's Bitcoin address to other thefts totaling over $560,000. Group chat logs XEM by ZachXBT also showed the suspect boasting about wallet balances, including nearly $237,000 in February 2025.
A leaked video also revealed this person making a real-life social media scam call . The video disclosed the email address and Telegram account associated with that same online identity.
“Furthermore, screenshots from his Instagram account also exposed numerous other scams. One post was even leaked from 'Harvi's MacBook Air.' Someone in the group chat even advised him to stop showing off,” the post added.
Despite stealing a large sum of money, Haby was very poor at protecting information. Investigators noted that he posted selfies and bragging about his lavish lifestyle on social media. Ultimately, ZachXBT called on Canadian authorities to intervene and handle the case.
“Canadian police may have known about Haby because there have been several swatting incidents involving his personal information in the area. Unfortunately, Canada rarely prosecutes dangerous individuals from these communities. I hope this time the authorities will do things differently, because Haby has shown no remorse towards the victim and this case is relatively easy to handle given the abundant evidence,” he said.
Web3 security is under pressure as social engineering scams increase.
This incident reflects a widespread security crisis in the cryptocurrency industry. Malicious actors are increasingly relying on social media scams instead of just technical attacks, using brand impersonation to build trust and lure victims. A recent example involved a scammer impersonating Booking.com to promote a fake crypto event in Dubai in order to commit fraud.
Earlier this month, BeInCrypto reported that malicious actors from North Korea had impersonated reputable figures in the industry through fake Zoom and Microsoft Teams meetings to steal more than $300 million.
In India alone, in December 2025, police raided 21 locations across Karnataka, Maharashtra, and Delhi, dismantling a decade-long cryptocurrency Ponzi scheme. This federal operation uncovered numerous fake platforms , commission-based offers, and extensive social media marketing campaigns designed to lure victims since 2015.
These incidents highlight an alarming reality: besides technical vulnerabilities, human psychology has now become a primary target of attacks. Instead of exploiting programming errors, attackers mainly manipulate trust, reputation, and exploit the sense of urgency in victims.
This was also highlighted in Kerberus' 2025 report – a Web3 security firm – which indicated that human behavior is now the biggest risk factor in the Web3 ecosystem.
