Canadian Scammer Haby Behind $2M Coinbase Crypto Theft Exposed by ZachXBT

A Canadian fraudster known as Haby or Havard has been caught red-handed after stealing over $2 million in cryptocurrency from Coinbase users in 2025, thanks to the dogged detective work of blockchain investigator ZachXBT. This jaw-dropping heist, fueled by cunning social engineering and a massive data breach at Coinbase, lays bare the ugly vulnerabilities of centralized exchanges and the ruthless ingenuity of crypto criminals.

• Staggering Theft: Haby swindled over $2 million in crypto from Coinbase users through impersonation scams in 2025.
• Sleuthing Success: ZachXBT used blockchain tracing and social media clues to tie Haby to multiple crimes.
• Systemic Failure: A Coinbase data breach in May 2025 turbocharged a wave of scams, with law enforcement finally cracking down by year-end.

Haby’s Heist: A $2 Million Scandal

Think your crypto is safe on a big-name exchange like Coinbase? Think again. Haby, operating out of Abbotsford near Vancouver, British Columbia, pulled off a $2 million crypto theft with chilling ease. His weapon of choice wasn’t a hack or malware but good old-fashioned deception—social engineering. For those new to the term, social engineering is the art of manipulating people into giving up sensitive info or funds, often by pretending to be someone trustworthy. Haby posed as Coinbase support, likely starting with a fake email or call claiming there was an urgent issue with a user’s account. Step by step, he’d convince victims to “secure” their funds by transferring them to a wallet address—his own, of course.

The scam came to light on December 30, 2024, when Haby, in a moment of sheer arrogance, posted a screenshot online showing a theft of 21,000 XRP, worth about $44,000, from a Coinbase user. That was just the appetizer. ZachXBT, a renowned blockchain investigator, dug into the public ledgers where transactions are recorded for coins like XRP and Bitcoin. Every move leaves a digital footprint, and Haby wasn’t exactly covering his tracks. ZachXBT linked him to additional thefts worth $500,000, then another $560,000, through wallet address analysis. Haby swapped stolen XRP for Bitcoin using instant exchanges, with one of his wallets showing a balance of $237,000 by February 2025.

Here’s where it gets almost laughable—Haby’s operational security, or “opsec” (the practice of hiding your tracks), was downright pathetic. Instead of staying under the radar, he flaunted his stolen wealth on social media, leaking personal details like his location in Abbotsford. One Instagram story post even read “From Harvi’s MacBook Air,” practically begging to be caught. As ZachXBT pointed out on Twitter on December 29, 2025:

“9/ Additional screenshots taken from his IG show off more social engineering thefts. One story post leaked ‘From Harvi’s MacBook Air’. A person from their chat even advised him to stop flexing so often.”

Haby’s amateur mistakes made him an easy mark for investigators, but his crimes were enabled by a much larger failure—one that cuts to the core of how centralized exchanges operate.

Coinbase Breach: The Root of the Problem

Here’s the ugly truth: centralized platforms like Coinbase are sitting ducks for hackers and crooked insiders. Haby’s scams didn’t happen in a vacuum—they were part of a broader wave of Coinbase impersonation frauds that exploded in 2025, largely due to a catastrophic data breach in May of that year. Insiders based in Hyderabad, India, were bribed to leak sensitive user information, including names, emails, and account balances. This wasn’t a random hit; it targeted roughly 1% of Coinbase’s user base—about 70,000 high-value clients. These are often users with hefty crypto holdings, sometimes worth tens of thousands or more, making them prime targets for thieves chasing a big payday.

With this leaked data, scammers like Haby could craft hyper-personalized attacks. Imagine getting an email that knows your name, your account details, and even your balance—suddenly, a fake “support agent” sounds a lot more convincing. This marks a dangerous shift from the obvious phishing emails of the past to something far sneakier. With 70,000 users exposed, many likely faced relentless phishing attempts for months—some may have lost their life savings with a single misguided click.

The attackers behind the breach demanded a $20 million ransom for the stolen data. Coinbase refused to pay, which is gutsy, but don’t throw a parade just yet—users still got burned while the exchange played hardball. Instead, Coinbase offered a matching $20 million bounty for info leading to the culprits and promised to refund affected victims. That’s a rare show of accountability in an industry often slammed for dodging responsibility, but it doesn’t undo the damage. The Coinbase crypto theft wave of 2025 shows how centralized platforms, despite their slick interfaces and easy fiat on-ramps (ways to convert traditional money like dollars into crypto), are single points of failure waiting to be exploited.

Law Enforcement Strikes Back

By December 2025, the long arm of the law finally caught up with some of these crooks, delivering a small but satisfying dose of justice. Ronald Spektor from Brooklyn, New York, was charged with stealing a staggering $16 million from 100 Coinbase users through similar impersonation tactics. Closer to the source of the leak, a former Coinbase support agent in India was arrested on December 29, 2025, directly tied to the May data breach. These busts signal a ramped-up crackdown on crypto crime, driven by the sheer scale of losses—tens of millions in this case alone—and the public outrage that follows.

Catching Haby and his ilk feels good, sure, but it’s like swatting flies while the dumpster’s still wide open. Centralized exchanges need to clean house, and law enforcement is playing catch-up in a game where the bad guys often have a head start. For every scammer nabbed, how many more are out there, armed with stolen data and a silver tongue? The arrests are a win, but they’re bandaids on a wound that’s been festering for years in the crypto space.

Systemic Risks: Centralized Exchanges Under Fire

No sugarcoating here: this mess exposes the dark underbelly of centralized exchanges like Coinbase. They’re crucial for onboarding new users, offering user-friendly platforms and fiat-to-crypto gateways that Bitcoin’s raw, decentralized nature can’t always match. But they’re also massive honeypots, hoarding user data like a dragon guarding gold, just waiting for the next insider to turn traitor or hacker to strike. Bitcoin maximalists might smirk and chant, “Not your keys, not your crypto,” and they’ve got a damn good point. Self-custody—storing your crypto in a personal wallet like a hardware device where you control the private keys—is like keeping cash in your own safe instead of a bank. It sidesteps a lot of this nonsense.

That said, face it: not everyone’s ready to manage private keys, and altcoins like XRP or Ethereum often rely on these platforms for liquidity—how easily an asset can be bought or sold without wild price swings. While Bitcoin can thrive in a fully decentralized setup, altcoins need trading volume and accessibility that exchanges provide. Until decentralized exchanges (DEXs) mature, users are stuck in this risky middle ground. The tradeoff for convenience is vulnerability, and Haby exploited that with ruthless precision.

Let’s play devil’s advocate for a second. Sure, Coinbase dropped the ball, but users also need to step up—handing over funds to a random “support agent” without double-checking is like leaving your front door unlocked in a rough neighborhood. Still, when a breach hands scammers your personal info on a silver platter, even the savviest users can get tripped up. Emerging protocols on Ethereum are experimenting with decentralized identity systems that could make impersonation scams harder by verifying identities without exposing personal data. Blockchain tech itself might be the long-term fix, but we’re not there yet.

Lessons for Crypto Users

Crypto theft has exploded as digital assets go mainstream, with social engineering becoming the weapon of choice for crooks who’d rather trick than hack. So, what can you do to avoid being the next victim of a Haby-style Coinbase crypto theft? First, be skeptical of unsolicited messages—whether it’s an email, call, or text claiming to be from Coinbase, assume it’s a scam until proven otherwise. Always verify through official channels, like logging directly into your account via the official website or app, never through links in messages.

Next, beef up your security. Enable two-factor authentication (2FA) with a hardware authenticator like a YubiKey, not just a text message that can be intercepted. Never click links in unsolicited emails, and consider using separate email addresses for crypto accounts to limit exposure if one gets leaked. If you can, explore self-custody options—move your Bitcoin or altcoins to a personal wallet where you hold the keys. It’s a bit more hassle, but it cuts out the middleman risks of platforms like Coinbase. The dangers of centralized crypto exchanges aren’t going away overnight, so protecting your crypto on Coinbase or elsewhere starts with you.

Key Takeaways: Unpacking the Haby Crypto Scam

• How did Haby steal over $2 million from Coinbase users?
  Haby posed as Coinbase support, using social engineering to trick users into transferring funds to his wallets, exploiting leaked data for terrifyingly personal and convincing attacks.
• Why was ZachXBT’s investigation crucial in exposing this scam?
  ZachXBT traced stolen funds through blockchain records and connected Haby to the crimes via damning social media posts, proving the power of on-chain sleuthing in busting crypto fraud.
• What fueled the explosion of Coinbase impersonation scams in 2025?
  A May 2025 data breach, enabled by insider bribery in Hyderabad, exposed details of 70,000 high-value users, arming scammers with the tools for precision social engineering strikes.
• How did Coinbase and authorities respond to this crisis?
  Coinbase rejected a $20 million ransom, offered a matching bounty, and refunded victims, while law enforcement arrested key players like Ronald Spektor and an insider in India by December 2025.
• What can crypto users learn from the Coinbase data breach of 2025?
  Stay wary of unsolicited messages, verify contacts through official channels, enable robust 2FA, and consider self-custody to minimize reliance on vulnerable centralized platforms.

The Road to Decentralization

This isn’t just about one moron scammer who couldn’t keep his mouth shut online. It’s a glaring wake-up call about the systemic flaws baked into today’s crypto infrastructure. Decentralization is the endgame—Bitcoin’s core promise of cutting out middlemen and their weak points remains the north star. But the reality? We’re far from there. Users are caught between the convenience of centralized platforms and the predation of criminals like Haby. Arrests are a start, but they’re reactive fixes to a proactive problem.

The real solution lies in smarter personal security, harsher crackdowns on insider threats, and a relentless push toward systems that don’t require blind trust. Bitcoin self-custody benefits are clear, but the industry must innovate—whether through DEXs or new blockchain tools—to make decentralization accessible to all, not just the tech-savvy. Until then, every scam like this chips away at trust in crypto’s potential. So, here’s the question hanging over us: Is decentralization the silver bullet we dream of, or are we just swapping one set of risks for another?