Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Cryptocurrency researcher ZachXBT has claimed that a “Canadian threat actor” stole more than $2 million in cryptocurrencies through social engineering scams that overwhelmed Coinbase support.
This case highlights a worrying trend: attacks targeting human behavior are now a major threat in the Web 3 ecosystem, resulting in significant losses throughout 2025.
Sponsored
Sponsored
Inside the $2 Million Cryptocurrency Scam
In a detailed thread posted on X (formerly Twitter), ZachXBT shared Telegram screenshots, social media posts, and wallet transactions to support his claims about the person identified as Happy (Havard).
“Meet Happy (Harvard), a Canadian threat actor who stole $2 million+ via social engineering scams powered by Coinbase last year, adding money to rare usernames on social media, bottle service and gambling.
ZachXBT’s investigation traced the alleged activities of the scammers back to late 2024. The researcher shared a screenshot Posted by Happy in December 2024, it indicates that 21,000 XRP, worth about $44,000, was stolen from a Coinbase user.
Additional wallet analysis linked the Bitcoin address attributed to the alleged fraud to additional thefts of more than $560,000. Group chats reviewed by ZachXBT showed advantages over portfolio balances, including about $237,000 in February 2025.
A leaked video has also surfaced, showing the alleged person running Active social engineering call. The video revealed an email address and Telegram addresses linked to the same online identity.
“Additional screenshots taken from Instagram show more social engineering thefts. A story post from ‘Harvey’s MacBook’ was leaked. A person from his chat also advised to stop browsing so much,” the post added.
Sponsored
Sponsored
Despite the large scale of the theft, HAPPY demonstrated poor operational security. The investigator documented how the fraudster posted selfies and posts showing his lifestyle. Finally, ZachXBT urged the Canadian authorities to intervene.
“Canadian security forces may already be aware of Happy because there have been several hit attempts related to his personal data locally. Unfortunately, Canada is a state that rarely prosecutes stalkers. I hope that the Canadian police rule that Happy shows no remorse for the victims, and that the case is relatively easy due to the large amount of evidence available,” he wrote.
Web 3 security is under pressure with the rise of social engineering scams
This case reflects a broader security crisis throughout the cryptocurrency industry. Threat actors increasingly rely on social engineering rather than purely technical exploits, using brand spoofing to gain credibility and lure victims. In a recent phishing campaign, attackers falsely pretended to be Booking.com to promote it Fake cryptocurrency exchange in Dubai.
Earlier this month, BeInCrypto reported North Korean threat actors impersonated trusted industry figures in fake Zoom and Microsoft Teams meetings to steal more than $300 million.
Separately, in December 2025, Authorities in India have raided 21 locations in Karnataka, Maharashtra and Delhi, and dismantled a decades-old digital Ponzi scheme. The multi-state operation developed About fraudulent platformsreferral-based incentives, and aggressive social marketing tactics have been used to attract victims since 2015.
These incidents reveal a critical reality: with technical vulnerabilities, human psychology has become a major target of attack. Instead of exploiting code, attackers are increasingly manipulating trust, power, and haste.
reflects this transformation In a 2025 report issued by Kerberosa security company specializing in Web 3, revealed that human behavior now represents the primary risk factor in the Web 3 ecosystem.
