A crypto scammer named Ronald Spektor deactivated his social media pages after ZachXBT alleged he aided a $6.5 million theft from a Coinbase user.
According to the web3 sleuth, Ronaldd, as he’s known online, participated in a social engineering attack sometime in October. The victim narrated being contacted by a supposed Coinbase support agent and losing their life savings after clicking a malicious link.
Threat actors shuffled the ill-gotten gains to trading venue eXch on Bitcoin (BTC) and Ethereum (ETH). Following the attempt to cover track, Ronald allegedly flexed his Ledger Live wallet balance showing $3.1 on Discord days later and doxxed an address tied to the theft.
A now-deleted Telegram channel exposed one of Spektor’s on-chain wallets connected to several Coinbase withdrawals. ZachXBT said the data traced back to multiple potential impersonation scam victims.
Also, Spektor likely was one of many bad actors involved in the phishing campaigns. His wallet balance suggests other individuals got a cut, and leaked data placed his whereabouts in New York per info shared on Nov. 20.
Spektor swiftly deleted his Telegram account roughly two hours after the blockchain investigator published his findings. The victim also deactivated their X page, though it was unclear why.
Rampant social engineering attacks reminded industry participants of growing security threats despite blockchain advancement and adoption.
Impersonating Coinbase support has also become a trademark for scammers in recent months. In August, ZachXBT revealed a single Genesis creditor lost $238 million in Bitcoin to criminals mimicking exchange employees. Miami police arrested suspects named by ZachXBT and other crypto analysts shortly after.