Canadian Hacker Steals $2M via Coinbase Scams: ZachXBT

• Haby used social engineering to steal over $2M, showing human behavior as the main crypto security risk.

• Blockchain analysis linked Haby’s XRP thefts to multiple Coinbase users, exposing global fraud patterns.

• Coinbase faces $307M in breach costs, emphasizing the need for stronger human-centered security measures.

A Canadian hacker named Haby (Havard) reportedly stole over $2 million in the past year by tricking Coinbase users. He used social engineering to convince victims to give up their login details.

As confirmed by ZachXBT, aside from stealing money, Haby flaunted her ill-gotten gains on social media, using the funds to buy unique handles, bottle service, and to finance her gambling habit.

On December 30, 2024, Haby posted a screenshot of a 21,000 XRP theft, valued at around $44,000. Later, on January 3, 2025, Haby again posted a screenshot of his Exodus wallet, where he showed connections between theft addresses and other thefts on Coinbase, amounting to about $500,000.

As a result, several links to fraud were found through blockchain analysis, and their accuracy and brazenness were established.

How Social Engineering Enables Crypto Theft

Social engineering is the main method behind these kinds of theft. An attacker might make these kinds of calls, emails, or messages unsolicited, implying that the calling entity is from the target company.

This will require victims to reveal their credentials or 2FA codes or simply transfer funds into attacker-owned wallets. Also, genuine employees of the help desk will never ask users to provide seed phrases and/or logins. It is always best to first verify support requests via the original websites/app.

This is not an isolated incident. In America, a 23-year-old Brooklyn resident was accused of stealing $16 million from around 100 Coinbase users in an identical attack. The North Koreans have also masqueraded as trusted individuals in Zoom and Microsoft Teams meetings and stolen over $300 million.

In other news, the Indian authorities carried out raids at 21 locations in Karnataka, Maharashtra, and the Delhi region, busting a crypto Ponzi scheme that was operating in the country for over a decade.

Coinbase Response and Industry Implications

Recently, a significant breach was handled by Coinbase, which affected close to 70,000 users from India, as a result of bribery related to their offshore employees. The CEO, Brian Armstrong, reported that the breach led to the company losing $307 million.

However, rather than paying out a $20 million ransom fee, Coinbase started a bounty program to assist with investigations. As such, exchanges are now encountering increasing operational costs and enhanced human-centered security needs.