Blockchain trackers have uncovered evidence that a Canadian hacker impersonated Coinbase customer support to steal cryptocurrency for several years. The losses amounted to approximately $2 million, with most of the funds being used to buy Bitcoin (BTC) and luxury goods.
Year-long tracking… 2 billion won worth of cryptocurrency stolen by impersonating Coinbase
Blockchain expert ZachXBT revealed these findings following a year-long investigation into Canadian hacker Haby (also known as Havard). The investigation revealed that Haby used "social engineering" techniques, combining phishing and impersonating customer support agents, to trick dozens of Coinbase users into giving up their login credentials and accessing their funds.
ZachXBT stated that “Haby bragged about real-life cases of damage through Telegram and Instagram channels,” and “implicitly admitted that he was the mastermind of the crime through screenshots of the so-called Coinbase account hijacking and verification shots of wallet balances.” Among the screenshots he released was one showing the theft of 21,000 Ripples (XRP), worth approximately $44,000 (approximately 63.37 million won) at the time, in December 2024.
Money laundering through XRP swaps to Bitcoin conversions
ZachXBT captured the timing of transactions where XRP from the victim's address was immediately exchanged for Bitcoin via an exchange service platform. By retracing this process, they identified a Bitcoin address, which matched the $237,000 (approximately KRW 341.51 million) balance Haby had been boasting about in the chatroom. Further transaction analysis revealed that this address was also linked to additional thefts worth at least $560,000 (approximately KRW 807 million).
He boasts about fraud and makes a series of mistakes... His true identity is revealed.
In particular, ZachXBT explained that Haby frequently shared "victim-playing" videos in Telegram chatrooms, even exposing his email address and Telegram ID. He reportedly flaunted his extravagant lifestyle without even observing basic security guidelines, and despite warnings from those around him to "stop bragging," he ignored them.
Additionally, his social media activity and analysis of open-source information suggest Haby resides in Abbotsford, British Columbia, Canada. ZachXBT urged an investigation, stating, "There is already a police record of him being involved in a swatting incident, so Canadian authorities may have some idea of his identity."
It's not just Coinbase's problem; it's a warning sign for the entire industry.
Social engineering is considered one of the most critical security threats in the cryptocurrency industry. According to a ZachXBT report, Coinbase users suffered approximately $65 million in losses between December 2024 and January 2025. These losses stemmed from individuals being deceived into handing over their assets to fraudsters posing as customer service representatives via email, phone, and chat.
But the problem isn't limited to Coinbase. In the first half of 2025, over $2 billion (approximately KRW 2.88 trillion) was lost across the entire cryptocurrency industry, 80% of which was attributed to insider manipulation and social engineering. Recently, a single incident occurred where 783 Bitcoins, worth approximately $91 million (approximately KRW 131.1 billion), were stolen.
Experts advise that the best response is for investors to be more security conscious, saying, “With personal information leaks on the rise, customer service phishing techniques are becoming increasingly sophisticated.”
🔎 Market Interpretation
This case serves as a cautionary tale that simply strengthening security systems is limited, as hacking methods are shifting from technical to psychological warfare. It's urgent that Coinbase users, as well as most cryptocurrency wallet users, receive relevant authentication and fraud prevention training.
💡 Strategy Points
- Many phishing scams impersonating customer service centers use the pretext of “requesting account unlinking” or “confirming suspicious transactions.”
- Be more suspicious of urgent messages sent via messenger, and only use official apps and addresses.
- Implement two-step verification for all accounts where possible, and be especially careful with similar IDs or domains.
📘 Glossary
Social engineering: An attack technique that exploits human psychology to steal information or gain authority. It focuses more on manipulating emotions and trust than on technical hacking.
- Swatting: A crime in which a false emergency is reported to another person's address, triggering the dispatch of a special police SWAT team. It is often used as a means of harassment or retaliation.
💡 Want to know more? AI-prepared questions for you:
A. Haby, a Canadian resident, impersonated Coinbase customer support personnel to gain access to users, steal their login information, and steal cryptocurrency. Over several years, he stole approximately $2 million in this manner.
A. ZachXBT combined blockchain wallet balances, Instagram and Telegram activity, and screenshots left by the subject to trace wallet addresses and phishing incidents. Specifically, they compared the time and amount of stolen XRP converted to Bitcoin, and even identified the actual wallet used.
A. Customer service messages received via email, phone, or messenger must be verified on the official website. Cryptocurrency storage wallets should utilize hardware wallets and incorporate two-step authentication and anti-phishing security measures.
A. Very high. In the first half of 2025 alone, $2 billion worth of cryptocurrency was stolen, with over 80% of that being related to social engineering or insider attacks. These methods are becoming more dangerous and common than technical hacking.
TP AI Precautions
This article was summarized using a TokenPost.ai-based language model. Key points in the text may be omitted or inaccurate.
Get real-time news... Go to TokenPost Telegram
Copyright © TokenPost. Unauthorized reproduction and redistribution prohibited.
