A Brooklyn resident has been indicted for allegedly orchestrating a phishing scheme that stole nearly $16 million from Coinbase users across the United States.
Quick Summary – TLDR:
- A 23-year-old Brooklyn man allegedly posed as Coinbase support to steal cryptocurrency from around 100 users.
- The phishing scam ran from April 2023 to December 2024 and involved impersonation, laundering, and online bragging.
- Authorities recovered only a fraction of the stolen funds, with most of it funneled through mixers and gambling sites.
- Coinbase, Flashpoint, and blockchain investigator ZachXBT assisted in identifying the suspect and tracing stolen assets.
What Happened?
Ronald Spektor, a 23-year-old from Sheepshead Bay, Brooklyn, has been indicted on 31 criminal counts for allegedly running a long-term phishing and social engineering scheme targeting Coinbase users. Prosecutors say the scam tricked victims into transferring their cryptocurrency to wallets secretly controlled by Spektor.
The operation led to the theft of around $16 million from roughly 100 individuals across multiple states.
Crypto scams aren’t anon.
— Coinbase 🛡️ (@coinbase) December 19, 2025
Coinbase is committed to working with law enforcement to trace funds, support victims, and pursue accountability.
We’re proud to have helped the Brooklyn DA bring justice in a long-running impersonation scam. And thanks @zachxbt for your contributions. pic.twitter.com/zXRLRSFEEp
How the Scam Worked?
According to the Brooklyn District Attorney’s Office, Spektor impersonated Coinbase customer support through phone calls, text messages, and emails that mimicked official communication. Victims were falsely told their accounts were under threat, prompting them to transfer assets into what appeared to be secure wallets. These wallets, however, were under Spektor’s control.
Once the funds were moved, Spektor allegedly laundered them using a mix of tools:
- Crypto mixers to obscure transaction trails.
- Token-swapping services to convert currencies.
- Online gambling platforms and storefronts to further distance funds from their origins.
Authorities say some victims lost over $1 million each, including residents from California and Virginia. Losses ranged widely, but each case followed the same pattern of deception and manipulation.
Online Identity and Digital Trail
Spektor reportedly operated under the aliases “Ronaldd” and “@lolimfeelingevil”. He also ran a Telegram group called Blockchain enemies, where he is said to have bragged about the thefts and admitted to gambling away $6 million.
Investigators linked Spektor to the crimes through a combination of:
- Blockchain analysis
- Transaction records
- Digital forensic evidence, including use of his home internet
They seized $105,000 in cash and $400,000 in cryptocurrency, though much of the stolen funds remain unrecovered.
Support From Coinbase and Investigators
The case marks a significant collaboration between the Brooklyn DA’s Virtual Currency Unit, Coinbase, Flashpoint, and independent blockchain sleuth ZachXBT.
ZachXBT became involved after a victim who lost $6 million sought his help. His November 2024 investigation played a key role in identifying Spektor, and Coinbase later thanked him publicly for his contribution.
Coinbase CEO Brian Armstrong shared a stern message on X following the indictment, warning that “scammers targeting Coinbase customers will be brought to justice.”
Paul Grewal, Coinbase’s Chief Legal Officer, emphasized the company’s role:
Ongoing Case and Broader Implications
Spektor has pleaded not guilty, and his attorney has called the charges “speculative.” Prosecutors revealed he was planning to flee the country before being caught. His father is now considered an active suspect in connection with the scheme.
This case comes amid a challenging year for Coinbase:
- In February 2024, users lost over $65 million to social engineering scams.
- By May, a data breach impacted nearly 70,000 users, with losses estimated between $180 million and $400 million.
These incidents underscore how phishing and impersonation tactics remain one of the most effective and damaging forms of crypto fraud. Unlike smart contract vulnerabilities or protocol exploits, these attacks depend solely on deceiving users through off-platform communication.
SQ Magazine Takeaway
I think what shocks me most here is just how far these scammers will go. This wasn’t some sloppy hack or lucky guess. It was a long con, built on trust, urgency, and fear. And it worked. The fact that a single person can steal millions from regular investors by pretending to be support staff shows how fragile crypto security really is when humans are the weak link. It’s a wake-up call for the entire industry to focus not just on code, but on customer education, too.
Hover or focus to see the definition of the term.
