A compliant platform was impersonated and scammed out of $2 million: A comprehensive analysis of a Canadian hacker social engineering attack

Source: TokenPost Original Title: Coinbase Impersonation Leads to $2 Million Theft… Canadian Hacker Converts Bitcoin to Spend on Luxury Goods Original Link:

Canadian Hacker Impersonates Customer Service to Scam $2 Million

A Canadian hacker, by impersonating customer service of a compliant platform, used social engineering techniques to scam approximately $2 million (about 288 million yuan) in crypto assets over several years. The stolen assets mainly consisted of XRP and Bitcoin, which were later converted into Bitcoin and spent on luxury goods.

One Year Tracking: Social Engineering Scam Techniques Revealed

Blockchain tracking expert ZachXBT conducted a one-year investigation and disclosed this case. The hacker, known as “Haby” (or Havard), used a combination of phishing and impersonation of customer support teams, employing “social engineering” methods to deceive dozens of users into revealing login information and asset access.

ZachXBT pointed out that Haby had boasted about the crime process on Telegram and Instagram channels, sharing screenshots of stolen accounts, wallet balance verifications, and other evidence, indirectly admitting to the criminal activity. Public records include a case where 21,000 XRP were stolen in December 2024 (worth about $44,000 at that time).

Fund Flow: XRP Conversion → Bitcoin Money Laundering

ZachXBT tracked that the stolen XRP was immediately exchanged for Bitcoin via exchange services. By reverse-tracking transaction times and amounts, he identified a Bitcoin address whose balance ($237,000) matched the figures Haby boasted about in chat groups. Further analysis also linked this address to other theft cases totaling at least $560,000.

Self-Disclosure of Identity: Basic Security Rules Not Followed

Notably, Haby frequently shared videos mocking victims in Telegram groups and even exposed email addresses and Telegram IDs. He ignored basic security rules, flaunting luxury consumption. Despite warnings from others to “stop bragging,” he paid no attention.

Through social media activity and open-source information analysis, ZachXBT inferred that Haby currently resides in Abbotsford, British Columbia, Canada. He also noted that this individual has police records related to “swatting” crimes, and Canadian authorities may have already obtained some of his identity information.

Industry Warning: Social Engineering Threats Far Exceed Technical Hacks

Social engineering is considered one of the most deadly security threats in the cryptocurrency industry. According to ZachXBT’s report, from December 2024 to January 2025 alone, users of a compliant platform lost $65 million, all due to scams where users were deceived by impersonating customer service and voluntarily handed over assets.

The problem is not limited to a single platform. In the first half of 2025, the entire crypto industry experienced capital outflows exceeding $2 billion, with 80% stemming from insider involvement and social engineering. Recently, there was a case where 783 Bitcoin (about $91 million) were stolen in a single incident.

Protection Recommendations

Experts suggest:

• Be wary of impersonation messages: Customer service often uses “account unbinding requests” or “suspicious transaction confirmations” to phish users
• Verify official channels: Any urgent messages received via messaging apps should be double-checked, and only use official apps and addresses
• Enable two-factor authentication: Activate 2FA on all accounts, and be cautious of similar IDs and domains
• Use hardware wallets: Prioritize hardware wallets for storing crypto assets

This case demonstrates that in an era of increasingly severe personal information leaks, impersonation techniques are continuously improving. Merely strengthening security systems has limited effectiveness. For crypto users, enhancing security awareness and education is an urgent priority.