A 23-year-old Brooklyn resident has been indicted on 31 criminal counts for allegedly stealing nearly $16 million in cryptocurrency from roughly 100 Coinbase users through a prolonged phishing operation, according to the Brooklyn District Attorney’s Office.
The defendant, Ronald Spektor of Sheepshead Bay, was arraigned on charges including first-degree grand larceny, criminal possession of stolen property, and money laundering. Prosecutors say the scheme ran from April 2023 through December 2024 and relied on impersonation, social engineering, and post-theft laundering through crypto-native tools.
Spektor allegedly contacted Coinbase users while posing as a customer support representative, warning them their accounts were at risk. He then persuaded victims to move their assets into new wallets that he secretly controlled. Once funds were transferred, prosecutors say he routed them through crypto mixers, token-swapping services, and online gambling platforms to obscure their origin.
Investor Takeaway
How Was the Scheme Operated?
Court filings allege Spektor operated online under the alias “Ronaldd” and the handle “@lolimfeelingevil.” Prosecutors say he ran a Telegram channel titled Blockchain enemies, where he discussed his activity and claimed to have lost $6 million through gambling.
Investigators identified victims across multiple states. One California resident reportedly lost more than $1 million, while a Virginia-based victim lost over $900,000. Authorities say more than 70 victims have been interviewed so far, with the total victim count estimated at around 100.
Law enforcement has recovered about $105,000 in cash and roughly $400,000 in cryptocurrency. Prosecutors say the remainder was dissipated through mixers, swaps, and gambling services, making recovery more difficult.
What Role Did Coinbase and Onchain Investigators Play?
The Brooklyn District Attorney’s Virtual Currency Unit worked with Coinbase during the investigation, using internal data and blockchain tracing to identify the suspect and track stolen funds. Coinbase publicly acknowledged the cooperation following the indictment.
Independent blockchain investigator ZachXBT also contributed to identifying the suspect after publishing an investigation in November 2024. His involvement began after a victim who lost $6 million reached out for assistance. Coinbase’s official account later thanked him for his contribution.
Coinbase CEO Brian Armstrong commented publicly on the case via X, warning that scammers targeting the exchange’s users would be pursued. The company has increasingly leaned on public messaging to deter impersonation attempts as social engineering scams continue to scale.
Investor Takeaway
Why This Case Matters for Crypto Security
The indictment follows a challenging year for Coinbase on the security front. In February, ZachXBT reported that users lost more than $65 million to social engineering scams in just two months. In May, Coinbase disclosed a data breach affecting nearly 70,000 users after criminals bribed overseas support staff, with estimated costs ranging from $180 million to $400 million.
Unlike protocol exploits or bridge hacks, phishing schemes depend on deception rather than technical flaws. Attackers impersonate support staff, exploit urgency, and rely on victims voluntarily authorizing transactions. Once funds are transferred, recovery becomes difficult, even when wallets are identified.
Prosecutors also revealed that Spektor was planning to flee the country prior to his arrest. Court filings state that his father is now considered an “active suspect” in connection with the case.
Spektor has pleaded not guilty. His attorney described the allegations as “speculative.”
What Comes Next?
The case will move through New York’s criminal courts, where prosecutors will attempt to link onchain activity, communications records, and victim testimony into a single evidentiary trail. While only a fraction of the stolen funds has been recovered, authorities say tracing efforts are ongoing.
