Cryptocurrency scams accelerate: Blockchain investigation reveals a large-scale $2 million impersonation incident

Thanks to blockchain analysis, a fraud network based in Canada that impersonated customer support of a certain exchange and stole assets worth over $2 million (approximately 320 million yen) has been dismantled. By combining on-chain data and screenshot analysis, investigators uncovered the full scope of this organized scam activity spanning over a year.

The Reality of Large-Scale Fraud Using Social Engineering Tactics

The method used to deceive victims was not an advanced technical exploit but a classic social engineering trick. The fraudsters created a sense of urgency with fake security alerts, tricking users into entering login credentials and two-factor authentication codes.

From online traces, the suspects used multiple handles such as “Haby” and “Havard.” Bragging in Telegram groups and showing off funds in private chats ultimately led to identifying their real identities. They attempted to evade detection by purchasing high-value Telegram usernames and deleting old accounts, but repeated online activities made investigation easier.

Tracking the Fraud Network Through Chain Analysis

According to the investigation, in a case at the end of December 2024, the fraudsters boasted via screenshots about illegally acquiring 21,000 XRP (worth about $44,000 at the time; XRP’s current price is approximately $2.10). Further detailed analysis revealed that this particular XRP address was linked to an additional theft totaling around $500,000.

The stolen XRP was quickly exchanged for Bitcoin, a tactic intended to obfuscate transaction history. By analyzing wallet balances and transaction timing, investigators identified an address holding about $237,000 worth of Bitcoin (current BTC price approximately $90.49K) as of February 2025. Further retrospective investigation uncovered three additional thefts valued at over $560,000.

Footage of the leaked screen recordings shows the fraudster impersonating support staff during calls with victims, inadvertently revealing email addresses and Telegram accounts.

Growing Threats Facing Cryptocurrency Users

This crackdown indicates that similar large-scale incidents are occurring overseas. In India, a former support staff member of a certain exchange was arrested, involved in a data breach affecting about 70,000 users.

In the US, a similar impersonation case is ongoing, with a 23-year-old in Brooklyn charged with defrauding approximately 16 million dollars from around 100 users. Blockchain analysis played a crucial role in this case as well, leading to asset confiscation and recovery efforts.

Industry data shows that cryptocurrency theft remains severe, with over $3.4 billion lost across the sector from early 2025 to early December.

Practical Measures to Protect Users

Experts strongly recommend the following preventive measures:

• Never respond to messages (calls, texts, emails) from unknown sources
• Never share passwords, recovery phrases, or two-factor authentication codes under any circumstances
• Always access support through official websites or apps
• If you receive suspicious activity notifications, verify through other contact methods whether it is truly from the exchange

Social engineering scams can cause significant damage even without technical skills, making individual user vigilance the strongest line of defense.