In October, a client of the cryptocurrency exchange Coinbase in the US fell victim to a hacker who used social engineering to steal $6.5 million. On-chain detective ZachXBT helped the victim track part of the stolen funds.
1/ An investigation into the social engineering scammer Ronaldd (Ronald Spektor) who allegedly helped steal $6.5M last month from a single victim by impersonating Coinbase support. pic.twitter.com/8kmLR5Y3cv
— ZachXBT (@zachxbt) November 20, 2024
The hacker, known by the username Ronaldd (or Ronald Spektor), impersonated Coinbase’s customer support team over the phone and tricked the user into visiting a phishing website.
After gaining access to the victim’s assets, the hacker exchanged them for Bitcoin and Ethereum. He then converted all the assets into Litecoin and distributed them across various platforms.
3/ An initial tracing of the theft saw all of the stolen funds flow to eXch on Ethereum and Bitcoin where funds were converted to Litecoin and transferred to numerous services. pic.twitter.com/4UQRODtW76
— ZachXBT (@zachxbt) November 20, 2024
“Just a few days after the theft, Ronaldd began showing his Ledger Live via Discord, revealing that on October 8, 2024, he had received $3.1 million,” said ZachXBT.
During the investigation, the detective discovered the now-deleted hacker’s Telegram channel, which contained screenshots of the wallet used in the chain of stolen funds.
The wallet linked to the account TON was funded by several exchanges.
6/ When reviewing the TON address which owns Ronald’s Telegram number you can see it was funded from multiple exchanges.
— ZachXBT (@zachxbt) November 20, 2024
You can perform a timing analysis to trace through the exchange and find the funding address.
That address is tied to multiple other Coinbase withdrawals… pic.twitter.com/g8UvG3q7HR
“This address is linked to several other withdrawals from Coinbase, suggesting more potential phishing victims,” added the researcher.
Thanks to numerous data leaks, ZachXBT was able to identify the hacker’s email, IP address from New York, and his alleged name.
However, the investigation has not progressed as the victim deleted the X account they were communicating with the detective from. It was also unclear if Ronaldd had accomplices or where the remaining $3.4 million of the stolen funds had gone.
As a reminder, according to ZachXBT, over the past year, Coinbase users have lost between $100 million and $150 million due to phishing and social engineering scams.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.