Breaking News

Home / Crime / Unmasked: How Christian Nieves Stole $4 Million from Coinbase Users Through Elaborate Call Center Scam

Unmasked: How Christian Nieves Stole $4 Million from Coinbase Users Through Elaborate Call Center Scam

June 23, 2025
😂 ZachXBT exposed a scammer from New York who stole more than $4,000,000 from Coinbase users by posing as customer support and forcing them to create wallets with malicious seed phrases. He spent the money on casinos and expensive purchases, including a Corvette, on which he put a sticker with his Instagram name daytw00000. The scammer did not hide and openly bragged on social media, which allowed him to be linked to more than 30 theft episodes.

A comprehensive blockchain investigation has revealed the identity and methods of a brazen cryptocurrency scammer who operated under the aliases "Daytwo" and "PawsOnHips." Christian Nieves, a New York-based criminal, orchestrated a sophisticated social engineering operation that defrauded Coinbase users of over $4 million through fake customer support calls before squandering the majority of the stolen funds through compulsive gambling.



The Call Center Criminal Enterprise

Unlike lone-wolf cryptocurrency scammers, Nieves operated what investigators describe as a small call center group, functioning both as an organizer and active participant in fraudulent calls. The operation employed multiple accomplices, including an individual identified as "Paranoia" (Justin), who worked alongside Nieves to target unsuspecting cryptocurrency users.

The scam's sophistication lay in its systematic approach to social engineering. The group maintained professional-sounding call scripts and utilized technical infrastructure designed to appear legitimate to victims. Evidence obtained during the investigation includes recordings of actual theft calls, providing rare insight into how these operations function in real-time.

The Phishing Infrastructure

Central to the operation was a network of phishing websites designed to mimic legitimate Coinbase wallet creation processes. Victims were directed to these fraudulent sites during fake customer support calls, where they were instructed to create new wallets using seed phrases that appeared randomly generated but were actually pre-compromised.

Investigation materials reveal the control panel used by Nieves' group to manage their phishing operations. This dashboard allowed the scammers to monitor victim interactions with their fake websites and coordinate the timing of fund transfers once victims had moved their cryptocurrency to the compromised wallets.

The technical setup demonstrates a level of preparation that goes beyond opportunistic fraud, indicating a planned and ongoing criminal enterprise designed to systematically target cryptocurrency users over extended periods.

Case Study: The $240,000 Elderly Victim

A particularly egregious example of the group's activities occurred in November 2024, when Nieves and his accomplice Justin successfully stole $240,000 from an elderly victim. The crime was captured in a private recording that provides chilling evidence of how the scammers manipulated their victim through what appeared to be a legitimate customer support interaction.

The stolen funds were initially consolidated at the Bitcoin address bc1q35tw4f5qrfxrjy2v8g8d3majtujv28audm6yvp and the Solana address AJU5yh4kDahLak4uq5n4ehJDVs2w2Lbhw9UHoseaBwV7. Blockchain analysis revealed that the $240,000 was subsequently divided three ways, with portions flowing to the Roobet gambling platform while other funds were converted to Monero (XMR) to obscure their trail.

This case exemplifies how scammers specifically target vulnerable populations, with elderly cryptocurrency users being particularly susceptible to authority-based social engineering attacks.

The Gambling Addiction Connection

What sets this case apart from typical cryptocurrency fraud is the extensive documentation of how stolen funds were immediately squandered through compulsive gambling. Nieves exhibited a severe gambling addiction that drove both his criminal activities and the rapid dissipation of stolen funds.

During Discord calls with friends, Nieves would openly gamble while sharing his screen, inadvertently revealing crucial evidence. In one recorded session, his Roobet username "pawsonhips" became visible in a browser tab, along with his deposit address 0x940970549037634c517deb741b16112b52e0ced1. This single piece of evidence became the key to unraveling his entire criminal operation.

Blockchain analysis of this gambling deposit address revealed connections to over 30 suspected theft incidents, demonstrating the scope of Nieves' criminal activities. The investigation suggests many additional victims exist who cannot be directly linked due to the complex nature of cryptocurrency mixing and the conversion of funds to privacy coins.

Escalating Desperation and Internal Theft

As Nieves' gambling losses mounted, his behavior became increasingly desperate and erratic. Blockchain evidence shows a clear pattern of decreasing casino deposits over time, indicating mounting losses that eventually led to a particularly troubling escalation: stealing from his own accomplices.

Recent analysis of casino deposit addresses, including 0x42442a16300c78288ee8ba5c9da611089fcc42bc, 0x55153e2826e93e4fda0245ac8af296b41abcf05b, and 0x359ef3aa8b757e9c63e90dc1783531e58ef91ed5, reveals that Nieves began keeping larger portions of stolen funds for himself rather than sharing with his criminal partners as previously agreed.

This internal theft among criminals demonstrates how gambling addiction can drive individuals to betray even their closest criminal associates, potentially creating additional legal vulnerabilities as disgruntled accomplices might cooperate with law enforcement.

Brazen Public Display of Criminal Proceeds

Perhaps most remarkably, Nieves made virtually no effort to conceal his criminal activities or the proceeds from his thefts. During Discord calls with friends, the group openly discussed money laundering techniques while showing their faces on camera, creating a comprehensive record of their criminal conspiracy.

Nieves used stolen funds to purchase a Chevrolet Corvette, which he then customized with a sticker displaying his Instagram username "daytw00000." This decision effectively created a mobile billboard linking his real-world identity to his online criminal persona, providing law enforcement with perhaps the most obvious piece of evidence in the entire case.

The Instagram account associated with this username contained numerous posts showcasing expensive purchases, luxury lifestyle content, and other displays of wealth that directly correlated with the timing of major cryptocurrency thefts tracked through blockchain analysis.

Direct Confrontation with Investigators

In an unprecedented move that further demonstrates his reckless disregard for operational security, Nieves began directly taunting the blockchain investigator who was exposing his activities. He posted a photograph of himself making an obscene gesture toward the investigator's social media account, then used this image as a cover photo for an Instagram memory.

This direct confrontation behavior is highly unusual among cryptocurrency criminals, who typically prioritize anonymity and avoid any actions that might draw additional attention to their activities. Nieves' decision to personally engage with his investigator suggests either extreme confidence in avoiding consequences or a fundamental misunderstanding of how law enforcement uses social media evidence.

The Scope of Victimization

While the investigation has definitively linked Nieves to over 30 theft incidents totaling more than $4 million, the true scope of victimization likely extends far beyond these confirmed cases. The systematic nature of the operation, combined with the professional infrastructure employed, suggests the group may have been active for extended periods and potentially targeted hundreds of victims.

The conversion of significant portions of stolen funds to privacy-focused cryptocurrencies like Monero makes comprehensive victim identification challenging. However, the patterns revealed through blockchain analysis suggest a consistent methodology that was applied across numerous incidents over an extended timeframe.

Law Enforcement Implications

This case presents what investigators describe as an unusually straightforward prosecution opportunity. Unlike many cryptocurrency crimes that involve sophisticated privacy techniques and anonymous actors, Nieves has provided law enforcement with extensive evidence of his criminal activities, real-world identity, and direct connections to stolen funds.

The combination of recorded theft calls, blockchain evidence linking stolen funds to gambling deposits, social media posts displaying criminal proceeds, and direct photographic evidence of Nieves' identity creates what legal experts would consider an overwhelming case for prosecution.

However, the investigation also highlights a tragic reality for victims: the prospect of fund recovery remains minimal. The rapid conversion of stolen cryptocurrency to gambling losses means that even successful prosecution is unlikely to result in meaningful restitution for the individuals who lost their life savings to this scheme.

Technical Analysis and Methodology

The investigation employed advanced blockchain analysis techniques to trace fund flows across multiple cryptocurrency networks. By correlating on-chain transaction data with social media posts, gambling platform deposits, and other digital footprints, investigators were able to build a comprehensive picture of the criminal operation.

Key technical findings include the identification of specific wallet addresses used for fund consolidation, the tracing of stolen cryptocurrency through various mixing services and exchanges, and the correlation of gambling deposits with theft timelines. This technical analysis provides a roadmap for how similar investigations might be conducted in the future.

Impact on Cryptocurrency Security

This case serves as a stark reminder that sophisticated technical security measures cannot protect against social engineering attacks that exploit human psychology. The victims in this case were not targeted due to technical vulnerabilities in their wallets or exchanges, but rather through manipulation tactics that convinced them to voluntarily provide access to their funds.

The success of Nieves' operation underscores the critical importance of user education about cryptocurrency security fundamentals. No legitimate cryptocurrency service will ever ask users to input seed phrases provided by customer support, yet this basic security principle remains poorly understood among many cryptocurrency users.

Lessons for the Community

Several crucial lessons emerge from this investigation that should inform cryptocurrency security practices going forward. First, the importance of verifying customer support interactions through official channels cannot be overstated. Users should never trust unsolicited contact claiming to be from cryptocurrency exchanges or wallet providers.

Second, the case demonstrates how social media activity can provide crucial evidence in cryptocurrency crime investigations. Criminals who flaunt their proceeds online create digital trails that can be correlated with blockchain analysis to build comprehensive cases.

Finally, the investigation highlights the value of community-driven security research. Independent blockchain investigators like ZachXBT provide essential services by exposing criminal operations and educating the public about emerging threats in the cryptocurrency ecosystem.

The Broader Context

While the brazen nature of Nieves' criminal behavior may be exceptional, the underlying techniques he employed remain common across many cryptocurrency fraud operations. Social engineering attacks targeting cryptocurrency users continue to evolve, with criminals adapting their methods to exploit new platforms and user behaviors.

The case also illustrates how cryptocurrency crime has become increasingly organized and systematic. Rather than opportunistic individual attacks, operations like Nieves' represent ongoing criminal enterprises with dedicated infrastructure, multiple participants, and refined methodologies developed over time.

Moving Forward

As law enforcement agencies continue to develop their cryptocurrency investigation capabilities, cases like this one provide valuable insights into criminal methodologies and the evidence needed for successful prosecutions. The extensive digital trail left by Nieves may serve as a template for how future investigations can combine blockchain analysis with traditional investigative techniques.

For the cryptocurrency community, this case reinforces the ongoing need for user education and security awareness. While the technology underlying cryptocurrencies continues to evolve and improve, the human element remains the most vulnerable point in the security chain.

The investigation into Christian Nieves and his criminal operation represents both a success story in cryptocurrency crime detection and a sobering reminder of the ongoing challenges facing users in the digital asset ecosystem. As the industry continues to mature, the lessons learned from cases like this will be crucial for building more secure and trustworthy cryptocurrency infrastructure for all users.

No comments

Subscribe to: Post Comments ( Atom )