5 hours ago
13
A social engineering scheme has led to the theft of more than $4,000,000 from Coinbase users, according to a report by blockchain investigator ZachXBT.
The alleged perpetrator, a New York-based individual named Christian Nieves, reportedly ran a fake Coinbase support centre and manipulated unsuspecting users into giving up access to their crypto wallets.
The scam, which involved impersonating Coinbase staff during phone calls, used pre-compromised wallets and convincing support scripts to deceive users.
On 23 June, ZachXBT published call recordings, address links, and Discord evidence that revealed the scope and method of the operation.
1/ An investigation into how the New York based social engineering scammer Daytwo/PawsOnHips (Christian Nieves) stole $4M+ from Coinbase users by impersonating customer support, bought luxury goods, and lost most of the funds gambling at casinos.
The scam was designed to prey on user trust in legitimate crypto exchanges, and it highlights the growing role of social engineering in crypto-related crimes.
Daytwo ran a fake support centre
Operating under the aliases “Daytwo” and “PawsOnHips”, Nieves allegedly built a fake support ecosystem that mimicked Coinbase’s user assistance platform.
The fraudulent operation directed victims to create wallets using seed phrases provided over the phone.
These wallets were already under the scammers’ control, allowing funds to be instantly transferred once users deposited them.
ZachXBT’s analysis suggests that Nieves not only coordinated the calls but also personally interacted with some of the victims.
The scam targeted multiple users, including vulnerable individuals such as an elderly man who lost $240,000.
3/ In Nov 2024 $240K was stolen from an elderly victim with Daytwo’s worker Paranoia (Justin). A private recording of the theft exists and was obtained (see part 1 below) Theft address bc1q35tw4f5qrfxrjy2v8g8d3majtujv28audm6yvp AJU5yh4kDahLak4uq5n4ehJDVs2w2Lbhw9UHoseaBwV7
Audio logs from Discord reveal that Nieves converted some of the stolen assets into Monero (XMR), a privacy-focused cryptocurrency, while also gambling funds on Roobet, a crypto betting site.
One of the key identifiers in the investigation was the Roobet username “pawsonhips”, which was traced back to Nieves.
This account was linked to wallet addresses involved in more than 30 suspected crypto thefts.
Funds moved via Roobet and Monero
According to blockchain data, the address used by Nieves received funds from multiple compromised Coinbase accounts.
Some of the assets were used directly on Roobet, with deposits made under the “pawsonhips” handle.
Discord conversations show Nieves and his associates placing wagers during live calls.
The remainder of the funds was obfuscated using Monero’s anonymity features.
This behaviour, combined with his open presence in online forums and visible gambling activity, gave investigators a clear trail.
Unlike typical scams that rely on anonymity and encryption, this case involved overt behaviour that eventually exposed the group.
ZachXBT confirmed that Nieves was not operating alone.
The wider network involved accomplices who helped set up the infrastructure for the call centre scripted the dialogues, and tracked wallet inflows in real time.
This group’s level of coordination, while not technically sophisticated, leveraged psychological tactics and real-time social pressure to extract credentials from users.
Web3 user risks highlighted
The incident underscores the vulnerabilities in the human layer of cryptocurrency systems.
While smart contracts and decentralised ledgers may be secure, attackers continue to exploit user behaviour, particularly trust in branded communication.
Crypto platforms like Coinbase, despite security updates, remain susceptible when users are manipulated into self-compromising actions.
This case has reignited debate over customer protection mechanisms in decentralised finance.
ZachXBT’s findings suggest that while blockchain technology offers transparency, there remains a significant gap in user education and fraud prevention.
As of now, law enforcement has not announced formal charges against Nieves, but blockchain forensics and public records could play a role in future proceedings.
ZachXBT’s report provides detailed information that may support criminal investigations or civil asset recovery.
The post New York scammer steals $4 million from Coinbase users through social engineering appeared first on Invezz
English (US) ·