Prominent blockchain investigator ZachXBT has revealed a sophisticated phishing operation that resulted in the theft of at least $6.5 million last month.
The scam, orchestrated by Ronald Spektor, involved impersonating Coinbase support to deceive victims into revealing sensitive information.
One victim, based in the United States, contacted ZachXBT on October 7, 2024, after losing a substantial sum to a phishing site linked to a spoofed customer service call.
The Investigation that Happened
ZachXBT’s investigation traced the stolen funds through multiple blockchain transactions. Initially, the assets flowed to eXch on Ethereum and Bitcoin networks, where they were converted into Litecoin and distributed across various services. This effort to obscure the trail was partially successful until Zach identified further links connecting the funds to Ronald Spektor.
In a post on X (Twitter), ZachXBT detailed his findings, including Spektor’s activities on Discord. Just days after the theft, Spektor reportedly shared a Discord screen displaying $3.1 million received on October 8, 2024, via Ledger Live. This sum was traced back to the stolen funds.
Zach also uncovered a deleted Telegram channel linked to Spektor’s account that contained a wallet address associated with the theft. Additional evidence included funding for Spektor’s TON wallet from multiple exchanges and his Coinbase withdrawal patterns, which suggested additional victims may exist.
Data Breaches and Exposed Information
The investigation revealed Spektor’s personal information through multiple data breaches, including Flipd and OG User leaks, which exposed his email address and IP details linked to New York. These breaches, combined with blockchain timing analyses and wallet connections, further implicated Spektor in the crime.
However, the full scope of the operation remains unclear. While Spektor’s Ledger Live screen showed $3.1 million, the fate of the remaining $3.4 million remains unknown. Investigators suspect Spektor had accomplices but have not yet identified them.
Rising Threat of Social Engineering
This case highlights the growing sophistication of phishing scams targeting crypto users. Despite a decline in overall crypto thefts, social engineering tactics, such as impersonating trusted platforms like Coinbase, have become increasingly prevalent.
The $6.5 million theft underscores the persistent threats facing the crypto industry, even as blockchain technology advances. It serves as a cautionary tale for users to remain vigilant and verify communications from service providers.
Unfortunately, this case ended tragically for the victim, who deleted their X account after losing trust in online communities. The incident serves as a reminder for crypto participants to adopt stringent security measures and rely on credible sources for advice in the wake of such attacks.