Brooklyn man charged with $16M crypto phishing scam targeting Coinbase users

Criptolog » Coins » Brooklyn man charged with $16M crypto phishing scam targeting Coinbase users

Authorities in New York have unveiled a sprawling phishing and social‑engineering operation that allegedly stripped nearly 100 Coinbase users of close to $16 million in cryptocurrency. The case, centered on a young man from Brooklyn, is quickly becoming one of the most high‑profile state‑level prosecutions involving crypto scams in the United States.

According to prosecutors, the suspect carefully impersonated official Coinbase support staff, playing on fear and urgency to get victims to move their coins into wallets that he secretly controlled. What began as a series of suspicious calls, texts and emails has now turned into a 31‑count indictment that could leave the defendant behind bars for many years if convicted.

Who is accused of the $16 million Coinbase scam?

The man at the center of the case is 23‑year‑old Ronald Spektor, a resident of the Sheepshead Bay neighborhood in Brooklyn, who lived with his father at the time of the alleged crimes. The Brooklyn District Attorney’s Office says Spektor orchestrated a sophisticated fraud that ran from April 2023 through December 2024, targeting Coinbase customers scattered across multiple U.S. states.

Spektor was arrested on December 4, 2024 and formally arraigned on December 20, 2024. He now faces an indictment listing 31 separate counts, including first‑degree grand larceny, first‑degree money laundering and conducting a scheme to defraud. Prosecutors describe the operation as one of the largest social‑engineering crypto scams ever brought in a state court.

During his arraignment before New York Supreme Court Justice Danny Chun, Spektor pleaded not guilty to all charges. He is currently being held on a $500,000 cash bail. When his father attempted to post bail, the judge declined to accept the funds because the origin of the money could not be clearly verified, raising concerns that it might have come from the alleged scam.

Brooklyn District Attorney Eric Gonzalez framed the situation in stark terms, saying that the indictment accuses Spektor of running a long‑running digital theft ring targeting ordinary crypto investors across the country. Gonzalez emphasized that, rather than hacking blockchain networks, the alleged scam relied on deceiving people into handing over control of their own assets.

How the phishing and social‑engineering scheme allegedly worked

Investigators say that between spring 2023 and late 2024, Spektor contacted Coinbase users via phone calls, text messages, emails and spoofed two‑factor authentication (2FA) alerts. Posing as a security or support representative from Coinbase or related services, he allegedly told victims their accounts were under immediate threat from hackers.

The strategy hinged on manufacturing a sense of panic and urgency so that targets would skip normal security checks. According to the District Attorney’s Office, Spektor is believed to have used automated bots to send waves of fake 2FA prompts that appeared to come from Coinbase or Google. For confused users, the barrage of alerts made it seem as if someone was indeed attempting to breach their accounts.

Once the victims were sufficiently alarmed, the scammer allegedly offered a convenient solution: moving their coins into supposedly “safe” or “strong” wallets until the danger had passed. Spektor is accused of walking victims through the process step by step, sometimes remaining on the phone with them while they initiated transfers they believed would protect their holdings.

In reality, prosecutors say, those destination wallets were created and controlled by Spektor himself. Because he had generated the seed phrases and private keys in advance, he could access the funds immediately after each transfer. Brooklyn prosecutors summed it up bluntly: the victims thought they were rescuing their crypto, when in fact they were handing it over.

Gonzalez explained at a press conference that what many victims did not realize was that the urgent text messages and security alerts were crafted by the very person who set up the wallets where their assets were going. Once coins landed in those addresses, the funds were at the mercy of the alleged scammer.

Victims across the U.S. and individual losses

The alleged operation did not focus on a single state. Victims have been identified in California, Virginia, Pennsylvania, Maryland and several other jurisdictions. Altogether, authorities estimate that about 100 Coinbase account holders lost a combined total of roughly $15.94 million in various cryptocurrencies.

Among the reported cases, prosecutors highlighted several emblematic losses. One California resident is believed to have lost more than $1 million in crypto, while a victim from Virginia reportedly saw more than $900,000 disappear after following instructions from someone they thought was Coinbase staff.

In another incident, a Pennsylvania man says he lost $53,150 in September 2024 after receiving a phone call from a person identifying himself as “Fred Wilson from Coinbase”. That caller allegedly warned that hackers were actively draining his account, then pressured him to move his coins into a new wallet on the spot.

A woman in Maryland reported losing $38,750 under similar circumstances, after being told her crypto was moments away from being stolen. These examples, while substantial, represent only a fraction of the overall losses linked to the alleged scheme.

Over the course of the investigation, law enforcement interviewed more than 70 impacted customers. Many described the same pattern: alarming messages or calls, warnings of imminent compromise, and instructions to transfer funds rapidly to new addresses set up in the name of security.

From wallets to wagers: how the stolen funds were allegedly laundered

Once coins were under his control, Spektor allegedly moved quickly to disguise their origin and cash out. Prosecutors say he routed funds through a patchwork of crypto exchanges, token‑swapping services, online gambling platforms and so‑called mixers designed to obfuscate transaction trails.

According to the Brooklyn District Attorney’s Office, stolen assets were repeatedly transferred between different wallets, trading venues and services to make forensic analysis more difficult. Some funds were reportedly converted into other cryptocurrencies, while others were eventually turned into fiat currency, gift cards or additional digital assets.

Recovered messages suggest that the alleged scammer also spent heavily on online betting. In conversations obtained from chat platforms, he is said to have boasted about losing roughly $6 million in crypto through gambling, money that prosecutors believe was originally taken from victims.

Law enforcement officials have dubbed part of their effort “Operation Phish Net”. During searches and seizures tied to the case, they say they confiscated about $105,000 in cash and roughly $400,000 worth of cryptocurrency directly connected to the scheme. In total, more than $500,000 in suspected stolen funds have been secured so far, though this still represents only a small fraction of the alleged haul.

Investigators stress that tracing coins across the blockchain is only one piece of the puzzle. Actually clawing back assets can be very difficult once they move through mixers, offshore services and multiple jurisdictions, which is why the recovered amount remains limited compared to the overall losses.

Online persona, bragging rights and recruitment

The technical trail was accompanied by a visible digital footprint. Court filings and public statements indicate that Spektor operated under the online handle “@lolimfeelingevil”, using that identity across platforms like Telegram and Discord.

In those spaces, he allegedly ran or participated in a chat channel known as “Blockchain Enemies”, where he is said to have bragged about successful thefts, discussed gambling losses and shared advice on manipulating targets. According to prosecutors, he also used these forums to recruit other would‑be social engineers, effectively turning the operation into a loose network.

Some of the recovered communications suggest a casual attitude toward both the law and victims. Messages reportedly show him boasting about his ability to bypass skepticism, describing how fear‑based tactics could push even cautious users into moving large sums without taking time to verify requests.

Prosecutors also say that after independent blockchain researcher ZachXBT published an investigation about him in November 2024, Spektor became increasingly concerned about potential criminal charges. He allegedly spent months traveling around the United States on Greyhound buses to stay under the radar, while discussing possible plans to head to Mexico or Canada.

In one thread cited by law enforcement, Spektor purportedly sent around $600,000 in crypto to a contact in the country of Georgia, a move prosecutors view as part of a broader attempt to relocate assets and potentially facilitate flight.

The investigation: blockchain forensics and Coinbase cooperation

The case was led by the Brooklyn District Attorney’s Virtual Currency Unit, a specialized team focused on crimes involving digital assets. Over roughly a year, investigators combined blockchain analytics, digital forensics and traditional police work to build their case.

A key breakthrough came when they linked IP addresses associated with the alleged phishing activity and target wallets back to the residence where Spektor lived with his father in Sheepshead Bay. Search warrants yielded additional electronic evidence, including chat logs, wallet data and records of exchange activity.

Coinbase, the exchange whose customers were targeted, worked closely with law enforcement. The company assisted in identifying affected accounts, tying together related transactions and providing internal data where appropriate. Prosecutors say that cooperation was instrumental in mapping out how funds moved and in determining the full scope of the alleged scheme.

Paul Grewal, Coinbase’s chief legal officer, publicly thanked the Brooklyn District Attorney’s Office and partner agencies. He reiterated that Coinbase is committed to supporting criminal investigations and improving protections for its users, stressing that fraudsters who exploit trust in the platform will be pursued.

The Virtual Currency Unit did not work alone. According to officials, outside threat‑intelligence firm Flashpoint and various digital‑forensics teams also contributed to the investigation, helping to trace coins, analyze infrastructure and connect scattered data points into a coherent picture.

Court proceedings, defense strategy and potential penalties

As of now, Spektor remains in custody on Rikers Island awaiting trial. If convicted on the top counts of first‑degree grand larceny and first‑degree money laundering, he could face a lengthy state prison sentence stretching into decades, given both the size of the alleged losses and the number of victims.

His attorney, Todd Spodek, has pushed back strongly against the prosecution’s narrative. Spodek argues that all transfers in question were initiated by the customers themselves, and that there are safeguards in place at exchanges that would have prevented the defendant from moving anyone’s funds without authorization.

In public comments, the defense has signaled its intention to challenge the chain of evidence and the characterization of key communications. Spodek has suggested that the case hinges on how much responsibility lies with users who approved transactions through their own accounts, even if they later came to regret those decisions.

Prosecutors, meanwhile, contend that this line of argument misses the core issue: if victims were deceived through impersonation, false security alerts and fabricated threats, their consent to initiate transfers cannot be considered informed or voluntary.

Court documents also indicate that authorities believed Spektor might attempt to flee the United States, citing the alleged discussions about leaving the country and efforts to move large amounts of crypto offshore. Those concerns played into the decision to set a high cash bail and to scrutinize the source of any funds offered for his release.

Broader security concerns for Coinbase and the crypto industry

This case arrives at a time when security issues around major exchanges and wallet providers are under intense scrutiny. While the alleged scheme did not involve direct hacking of Coinbase’s infrastructure, it exploited users’ trust in the brand and their dependence on customer support when things appear to go wrong.

Regulators and analysts have increasingly warned that social engineering – tricking people, not systems – is often the weakest link in crypto security. Sophisticated scammers can convincingly mimic official communication channels, hijack familiar logos and jargon, and weaponize technical jargon that many users only partially understand.

The Brooklyn case also unfolds against the backdrop of other incidents affecting Coinbase. In a separate episode, the exchange previously experienced a data‑related breach tied to external customer‑support contractors who were allegedly bribed for access to user information. That event, while unrelated to Spektor, reportedly impacted nearly 70,000 accounts and led to estimated losses in the hundreds of millions of dollars.

These developments, taken together, illustrate how attackers are increasingly focusing on people, processes and third‑party vendors rather than pure on‑chain exploits. For end users, this blurring of lines between platform security and personal security can make it harder to know where official responsibility begins and ends.

For Coinbase and other large exchanges, the case underscores pressure to continue strengthening identity‑verification procedures for support contacts, warning systems for suspicious withdrawals and user‑education campaigns that highlight common scam patterns.

How users can protect themselves from crypto phishing schemes

In announcing the charges, Brooklyn prosecutors paired the legal action with a set of practical safety tips aimed at crypto holders. Their guidance echoes advice from many security professionals but takes on added urgency in light of the alleged $16 million loss.

First, they stress that users should never rely on unsolicited calls, emails or text messages as proof that something is wrong with their account. If someone reaches out claiming to be from Coinbase support – particularly with a demand for immediate action – the safest move is to hang up or ignore the message and instead contact the company directly through the app or official website.

Authorities also highlight a firm rule: legitimate platforms will not ask for your password, full 2FA codes, seed phrases or private keys, nor will they instruct you to move funds into a “temporary safe wallet” controlled by a third party. Any such request should be treated as an immediate red flag.

Another recurring recommendation is to slow down when confronted with urgent security warnings. Scammers deliberately create pressure so that people feel they must act before they have time to think. Taking a few minutes to verify the situation through official channels can prevent catastrophic losses.

On the technical side, prosecutors and security experts encourage users to enable robust protections such as hardware‑based 2FA keys where possible, and to use withdrawal whitelists that restrict transfers to pre‑approved wallet addresses. While no single measure is foolproof, multiple layers of defense can make social‑engineering attacks harder to pull off.

Lastly, there is a growing call for ongoing education for both new and experienced crypto users. As attackers refine their methods – from more realistic phishing pages to deepfake voice calls – staying informed about emerging scams is becoming part of basic digital hygiene for anyone holding significant value in crypto.

The unfolding case against Ronald Spektor offers a stark snapshot of how modern crypto crime increasingly revolves around deception, impersonation and psychological pressure rather than complex code exploits. With nearly $16 million in alleged losses, dozens of victims and only a fraction of the stolen funds recovered so far, the prosecution in Brooklyn is likely to be watched closely by law‑enforcement agencies, exchanges and investors alike as they wrestle with how to curb similar scams without undermining the open, global nature of digital assets.