In a nightclub on the outskirts of Vancouver, champagne bubbles shimmer under the lights, and rare Telegram usernames are being sold for sky-high prices. But behind this revelry, a young man named Haby living in Abbotsford, British Columbia, used the most old-fashioned method—impersonating an exchange customer service representative—to siphon over $2 million from global investors' pockets in just one year.

On December 29, on-chain detective ZachXBT revealed the investigation results. The most heartbreaking part is: this isn’t a system vulnerability in the exchange, but someone deliberately exploiting trust’s soft spot. Social engineering is that effective.

How was this guy found? ZachXBT used open-source intelligence techniques—tracking on-chain transfers, analyzing social media posts, and examining mobile screenshots. The most critical clue came from a leaked screen recording: Haby was on a scam call, and the camera accidentally captured his personal email and Telegram-linked phone number. Just this insignificant detail completed the puzzle.

The lesson from this case is simple yet painful—official exchanges will never proactively ask for your password, and customer service will never privately message you on Telegram to verify your identity. Yet, people still fall for it every day. What should investors do? Don’t rely on exchanges to protect you 100%. The principle of zero trust is the bottom line for survival: verify all information sources first, ask multiple times for all requests, and manually type all links instead of clicking.

This case also exposed another problem—the vacuum in cross-border law enforcement. Since scams happen globally and funds are transferred through various channels, recovering stolen money is extremely difficult. How did internal exchange data leak? Who is reselling user information in the middle? These questions remain unresolved to this day.