Blockchain investigator ZachXBT has revealed how a New York-based scammer stole over $4 million from Coinbase users through a sophisticated social engineering scheme.
As cybersecurity experts work to harden Web3 software, crypto scammers are increasingly targeting the human element. On Monday, June 23, ZachXBT shared a detailed breakdown, including call recordings, exposing how one scammer manipulated victims into giving up access to their wallets.
1/ An investigation into how the New York based social engineering scammer Daytwo/PawsOnHips (Christian Nieves) stole $4M+ from Coinbase users by impersonating customer support, bought luxury goods, and lost most of the funds gambling at casinos. pic.twitter.com/7PsP8ymPtO
— ZachXBT (@zachxbt) June 23, 2025
The individual, identified as Christian Nieves, known online as “Daytwo” or “PawsOnHips”, allegedly used stolen funds to purchase luxury goods, flaunting them openly on social media. According to ZachXBT, Nieves was able to afford this lifestyle by operating a targeted phone-based scam.
ZachXBT reported that Nieves ran a fake support call center and even made calls himself, posing as Coinbase representatives. His group targeted users and convinced them to set up Coinbase wallets using seed phrases provided by the scammers. Once users deposited funds, the wallets, already compromised, were drained by the attackers.
Scammer stole $240K from an elderly man, bets it on Roobet
One such case was an elderly victim who lost $240K to the scam, which was recorded on Discord. Daytwo deposited some of the assets on a betting site, Roobet, and converted the rest into the privacy coin Monero (XMR).
ZachXBT identified the Roobet username “pawsonhips” as belonging to Nieves, noting that the associated deposit address has links to over 30 suspected thefts totaling approximately $4 million. He also stated that Nieves frequently placed bets with friends during Discord calls using the same account.
What makes this case especially notable is the scammers’ openness. Unlike more covert operations, Daytwo and his associates regularly showed their faces during calls and openly discussed laundering strategies, behavior that ultimately helped investigators trace them.
While blockchain technology itself continues to mature, crypto remains a soft target for bad actors due to its open-access nature and lack of traditional banking safeguards. As ZachXBT noted, cases like this often involve unsophisticated scammers whose carelessness leads to their eventual exposure.
