Here's How Crypto Scammer Hunter Hacked Coinbase - Impersonating Criminals

By Leakd.com Authors

April 14, 2025

crypto scammer — The location in Delhi where an alleged scammer was found. Source: @NanoBaiter

Scamming cryptoasset users is not a one-way street, as criminals sometimes get caught or even hacked themselves, as multiple examples have already demonstrated.

Most recently, scammers faced at least some justice when a scammer-hunter known as NanoBaiter on the X platform said they hacked a group of criminals impersonating the support team of major crypto exchange Coinbase.

According to the hunter, they stumbled across a new group that was spamming fake Coinbase Wallet extension reviews on the Chrome Web Store, posting fake Coinbase support phone numbers.

NanoBaiter said he called the number from the reviews and was connected to someone with an Indian-sounding accent who introduced himself as a "Coinbase support representative." Next, the hunter asked the scammer for help installing the Coinbase Wallet on their laptop, and this is where the criminals proceeded to trick the "potential victim" into giving their funds away.

First, the "Coinbase support representative" asked for NanoBaiter's balance on Coinbase and claimed that these accounts were compromised and it was now necessary to connect to a "Coinbase secure server." According to the hunter, this "server" was just "remote screenshare software like Anydesk."

After some more back and forth, the scammer tried to use a now-popular technique by urging their potential victim to write a "new seed phrase," which refers to a combination of usually 12–24 words that give access to a cryptoasset wallet. By using this theft method, also known as 'seed planting,’ criminals are stealing the funds once their victims transfer them into "a new wallet" that is supposed to protect their assets.

However, this is where NanoBaiter turned the tables.

"While the scammer was trying to convince me to transfer the funds to his 'new secure wallet,' I was secretly reversing the remote connection back to his computer," the hunter said, adding that after they'd gotten full access to the scammer's computer, it was storing spreadsheets with personal details of over 100,000 victims, including full names, phone numbers, and personal email addresses. Also, a list with previous scam calls was found on the same computer, according to the hunter.

Next, NanoBaiter said that by using data about Wi-Fi networks in the area, they'd managed to triangulate the scammer's exact location in Delhi, tagging both Coinbase and Delhi Police for further investigation.

While the hunter hasn't revealed how they managed to reverse the remote connection, NanoBaiter’s work was also noticed by Coinbase CEO Brian Armstrong, who chimed into the thread with "Nicely done."