Coinbase Users Targeted by Canadian Scammer Who Posed as Support and Stole Millions in Crypto

Canadian Scammer Allegedly Steals Over $2 Million Through Coinbase Support Impersonation

A Canadian individual, known online as Haby or Haverd, is accused of orchestrating a series of elaborate scams that defrauded Coinbase users of more than $2 million over the past year.

The alleged criminal reportedly used social engineering tactics to pose as a Coinbase support worker, manipulating victims into transferring cryptocurrency to wallets under his control.

How The Scam Unfolded

Blockchain investigator ZachXBT revealed the operation after tracing wallet transactions, cross-referencing social media posts, and analysing Telegram group chat screenshots.

According to ZachXBT, Haby spent his stolen funds on luxuries including rare social media usernames, bottle service, and gambling.

A leaked video shared by ZachXBT showed the alleged scammer on a call with a victim, offering fake customer support.

The screen recording exposed Haby’s email, [email protected], and his Telegram account.

ZachXBT wrote,

“In the screen recording he leaks the email…. and his Telegram account with a number.”

Tracing Stolen Funds Through Blockchain

ZachXBT detailed how Haby bragged about stealing 21,000 XRP, worth around $44,000, from a Coinbase user on 30 December 2024.

Further investigation linked Haby to additional thefts, including over $500,000 from two other Coinbase users.

Using wallet screenshots and transaction timing, ZachXBT traced the stolen XRP as it was converted into Bitcoin, eventually identifying Haby’s Bitcoin address:

bc1qn3k5cz3905p6k50r44pjlj2rl9qcy72flsq3zh

Three more Coinbase impersonation scams were traced, netting over $560,000.

ZachXBT reported that Haby frequently purchased expensive Telegram usernames and deleted old accounts to evade detection, but a pattern of social media posts and selfies displaying his lifestyle made tracking his activities easier.

Lifestyle And Public Exposure Of The Scammer

Despite attempts to conceal his identity, Haby often flaunted his gains online.

Publicly available posts allowed the investigator to approximate Haby’s location in Abbotsford, near Vancouver.

Screenshots from Instagram and Telegram revealed additional thefts and showed metadata indicating use of “Harvi’s MacBook Air.”

He was also caught seeking romance online.

ZachXBT noted,

“stories and selfies flaunting his lifestyle with little regard for opsec and was also caught simping for eGirls.”

Haby’s constant online boasting and lack of operational security reportedly provided a clear trail for investigators.

ZachXBT refrained from sharing Haby’s home address due to platform rules, but stated that several swatting attempts have already occurred locally.

Understanding Social Engineering In Crypto Scams

Social engineering, the method employed in these scams, involves manipulating victims into believing the scammer is a legitimate authority.

Scammers often request private data or instruct victims to transfer funds, exploiting trust rather than technical vulnerabilities.

Experts advise users to remain vigilant with private data, avoid reusing passwords across services, and store significant crypto holdings in hardware wallets rather than exchanges.

Users should never respond to unsolicited messages or calls and should always contact official support channels through verified websites or apps.

Coinbase and other exchanges will never ask for seed phrases, login credentials, or redirect users to social media apps for account access.

Broader Implications For Crypto Security

This case highlights ongoing risks in the cryptocurrency sector, where human-focused attacks often outweigh technical breaches.

Earlier in 2025, Coinbase reportedly faced a data breach linked to insider threats in India, where sensitive user information was allegedly extracted and exploited for a $20 million Bitcoin ransom demand.

The Haby case is notable not only for the amount stolen but for the detailed evidence available, offering investigators a clear path to prosecution.

ZachXBT expressed hope that Canadian law enforcement will pursue the case, noting that Canada rarely prosecutes threat actors from “The Com,” despite the abundance of evidence.

The scam demonstrates the continuing vulnerability of exchange users to social engineering, emphasising the need for robust security practices, vigilance, and awareness in the rapidly evolving crypto landscape.