A sophisticated scam involving a person impersonating Coinbase support has allegedly resulted in the theft of approximately $2 million from unsuspecting users. Recent investigations have brought to light the tactics employed by the scammer, as well as the devastating impact on victims.

In one instance, a retired artist, Ed Suman, 67, lost his life savings to these impersonators. Suman, who had spent two decades working on large-scale art installations, had invested in cryptocurrency after retirement. By early 2025, his portfolio included 17.5 Bitcoin and 225 Ether, worth approximately $2 million, stored in a Trezor hardware wallet.

The scam began with a text message that appeared to be from Coinbase, warning Suman of unauthorized access. Responding to the message, Suman was contacted by an individual posing as "Brett Miller," a Coinbase security staffer. The impersonator sounded convincing and was aware that Suman used a Trezor Model One wallet, claiming it was still vulnerable. Under the guise of performing a security check, Suman was directed to enter his seed phrase on a fraudulent website that mimicked the Coinbase interface. Nine days later, a second call prompted Suman to repeat the process, after which all of his cryptocurrency was stolen.

The ability of the scammers to reference specific details, such as Suman's wallet type and holdings, raised concerns about how they obtained such information. It appears this attack may have been linked to a broader breach at Coinbase, where criminals bribed third-party support contractors in India to leak sensitive customer information. The breach included customer names, account balances, and transaction histories, affecting less than 1% of Coinbase's monthly transacting users.

In a separate revelation, blockchain investigator ZachXBT exposed a Canadian individual known as Haby or Haverd, as the orchestrator of a $2 million scam through Coinbase customer service impersonation. Haby, operating from Abbotsford near Vancouver, allegedly used social engineering tactics to defraud users over the past year. The stolen funds were reportedly used for luxury purchases, parties, and gambling. Haby allegedly bragged about stealing 21,000 XRP, valued at approximately $44,000, and was linked to at least five other thefts from Coinbase users, amounting to over $1.06 million. ZachXBT identified Haby by tracing his Bitcoin address through wallet screenshots and on-chain transactions, also exposing his Telegram and email details.

Coinbase has stated that they are cooperating with law enforcement and are offering a $20 million reward for information on the hackers. The company also clarified that it never requests seed phrases from its users. These incidents highlight the increasing risks faced by cryptocurrency investors and the importance of remaining vigilant against sophisticated phishing scams.