A dark and atmospheric setting with neon lights in the background. A person wearing a hoodie, their face partially hidden, is focused on a laptop. The environment has a digital, cyberpunk aesthetic, with a glow of purple and blue hues in the air. Surrounding the individual are scattered cryptocurrency coins, creating a mysterious and high-tech vibe. The image conveys the feeling of someone engaged in a digital operation, with a futuristic and covert undertone.
A crypto scammer, Ronald Spektor, went offline, deactivating his social media accounts after ZachXBT accused him of facilitating a $6.5 million theft from a Coinbase user.
Web3 investigator ZachXBT revealed that Ronaldd, an online alias, was involved in a social engineering attack in October. The victim recounted being approached by someone posing as a Coinbase support agent and losing their life savings after clicking on a fraudulent link.
Threat actors moved the stolen funds through the trading platform eXch, utilizing both Bitcoin (BTC) and Ethereum (ETH) to obscure their tracks. Shortly after, Ronald allegedly flaunted a $3.1 million Ledger Live wallet balance on Discord and unintentionally exposed an address linked to the theft.
A now-deleted Telegram channel revealed one of Spektor’s on-chain wallets, connected to multiple Coinbase withdrawals. According to ZachXBT, the wallet data tied back to numerous impersonation scam victims.
Multiple Actors Involved in the Scheme
ZachXBT noted that Spektor was likely one of several bad actors behind the phishing campaigns. His wallet activity suggests that others received a share of the stolen funds. Leaked information also placed Spektor in New York, as revealed on November 20.
Immediate Deletions Following the Investigation
Spektor deleted his Telegram account within two hours of ZachXBT publishing the findings. The victim also deactivated their X (formerly Twitter) account, though the reason remains unclear.
The rise in social engineering attacks highlights the persistent security challenges in the crypto industry, even as blockchain technology continues to advance and gain adoption.
Scammers impersonating Coinbase support have become increasingly common in recent months. In August, ZachXBT uncovered a case where a single Genesis creditor lost $238 million worth of Bitcoin to fraudsters posing as exchange employees. Following the revelation, Miami police arrested suspects identified by ZachXBT and other crypto investigators.
