Ronald Spektor, a 23-year-old Brooklyn resident, was arraigned Friday on 31 charges including first-degree grand larceny after prosecutors say he stole $16 million in cryptocurrency from approximately 100 Coinbase users. The scheme involved impersonating Coinbase representatives to trick victims into sending crypto to accounts he controlled, then bragging about his exploits on Telegram before allegedly losing $6 million through gambling.
Brooklyn District Attorney Eric Gonzalez announced the charges following a year-long investigation that resulted in seizures of roughly $105,000 in cash and $400,000 in digital assets.
Authorities are still working to recover more stolen funds from the elaborate phishing operation that ran from April 2023 through December 2024.
Spektor, who used the online handle “@lolimfeelingevil,” faces charges including first-degree money laundering and participating in a scheme to defraud. A judge set bail at $500,000 but rejected an offer from Spektor’s father to post bond, citing the inability to determine the source of the funds. Spektor has been held at Rikers Island since his December 4 arrest and pleaded not guilty.
Prosecutors allege Spektor convinced victims their digital assets were at risk from hackers, positioning himself as a helpful Coinbase representative who could protect their funds.
Once victims believed the threat was real, he’d guide them through transferring cryptocurrency to wallets he controlled ostensibly for safekeeping.
The scam relied on creating urgency and panic. Victims who believed their accounts were under active attack by malicious hackers would be more likely to follow instructions quickly without verifying the legitimacy of the person claiming to help them. That psychological manipulation proved devastatingly effective across dozens of targets.
According to recovered messages, Spektor used bots to send fake two-factor authentication texts that appeared to come from Coinbase. The fake 2FA messages added legitimacy to his impersonation, making victims more likely to believe they were actually communicating with the exchange’s security team.
He also recruited helpers online to assist with the operation, suggesting a coordinated effort rather than a lone actor. That network would have expanded his capacity to target multiple victims simultaneously while maintaining the pretense of being legitimate Coinbase support staff.
Spektor “openly bragged about his heists” in a Telegram channel called “Blockchain enemies,” according to prosecutors. In recovered messages, he allegedly admitted to losing $6 million in cryptocurrency through gambling, a staggering portion of his ill-gotten gains squandered on what appears to be compulsive betting.
The Telegram bragging proved useful for investigators building their case. Digital evidence showing Spektor discussing specific thefts, laundering techniques, and victim details provided prosecutors with direct admissions that would be difficult to explain away at trial. Criminals who can’t resist bragging about their exploits often provide law enforcement with their best evidence.
Beyond the gambling losses, messages revealed Spektor’s awareness that authorities were closing in. Prosecutors say he plotted to flee to Mexico or Canada, sent $600,000 in cryptocurrency to an associate in Georgia (the country, not the U.S. state), and traveled on Greyhound buses across the country, presumably trying to avoid detection through air travel that requires ID verification.
When police arrested him on December 4, they found 12 cryptocurrency wallets on his iPhone. Those wallets likely contained some portion of the stolen funds, though tracking crypto through mixers, swap services, and gambling platforms makes recovery extremely difficult.
The Victims’ Stories
One California victim lost $6.5 million in October 2024 after Spektor convinced him his Coinbase account was under attack. That massive loss prompted the victim to contact blockchain investigator ZachXBT, who published a detailed investigation in November 2024 identifying “@lolimfeelingevil” as the likely perpetrator.
ZachXBT’s investigation traced transactions, analyzed on-chain activity, and connected multiple thefts to the same individual. The report provided crucial evidence that helped authorities identify Spektor and understand the scope of his operation. Pseudonymous blockchain detectives like ZachXBT often move faster than traditional law enforcement because they’re not constrained by jurisdiction or formal evidence-gathering requirements.
A Pennsylvania man lost $53,150 in September 2024 after receiving a call from someone claiming to be “Fred Wilson” from Coinbase security. The caller convinced him that his account had been compromised and guided him through transferring funds to a “secure” wallet that Spektor controlled.
Another victim, a woman, lost $38,750 through similar tactics. Across approximately 100 victims, the losses ranged from tens of thousands to millions, with the total reaching $16 million before Spektor’s arrest halted the scheme.
Coinbase’s Role and Response
Coinbase said in a statement that it worked closely with the Brooklyn District Attorney’s Virtual Currency Unit throughout the investigation. The exchange helped identify Spektor and victims, shared associated on-chain activity, and also assisted with efforts to trace stolen funds.
However, the case intersects with some other security problems at Coinbase. The exchange disclosed a data breach in May 2025 affecting nearly 70,000 users, with estimated damages of $400 million. However, it was separate from Spektor’s phishing scheme, that breached exposed user information that could facilitate social engineering attacks like the ones prosecutors describe.
Coinbase said it acted quickly after discovering the breach, reimbursed users affected by social engineering schemes using stolen information, and tightened vendor and insider controls. The company hasn’t explicitly connected the May breach to Spektor’s activities, but the timeline overlaps with the period when his phishing operation was most active.
After stealing funds, Spektor allegedly laundered the cryptocurrency through mixers, swap services, and crypto gambling websites, three categories of platforms that specialize in obscuring transaction trails. Each serves a different function in the laundering process.
Cryptocurrency mixers combine funds from multiple sources and redistribute them to break the link between sender and recipient addresses. Services like Tornado Cash (now sanctioned) and various centralized mixing platforms make it difficult for blockchain analysis to trace stolen funds to their final destination.
Swap services let users exchange one cryptocurrency for another without going through traditional exchanges that implement know-your-customer requirements. These services often have minimal identification requirements and operate in jurisdictions with light regulatory oversight, making them attractive for laundering.
Crypto gambling websites provide perhaps the most effective laundering mechanism because they offer plausible explanations for fund movement. Someone can deposit stolen crypto, place bets, and withdraw “winnings” that appear legitimate.
See also: Poloniex Hacker Uses Tornado Cash to Launder Millions
When Spektor appeared for his bail hearing, the judge set bond at $500,000 but rejected his father’s attempt to post it. The judge couldn’t determine where the money would come from, raising the possibility that bail funds themselves might be proceeds from the alleged crimes.
Defense attorney Todd A. Spodek represents Spektor, who lives with his father in Sheepshead Bay, Brooklyn. The living arrangement and reliance on family for bail suggest Spektor didn’t maintain the lavish lifestyle that $16 million in theft could theoretically fund, likely because most proceeds went through gambling sites or remain frozen in wallets that authorities have identified.
Currently, Brooklyn District Attorney investigators seized $105,000 in cash and roughly $400,000 in digital assets—a tiny fraction of the $16 million Spektor allegedly stole. Authorities say they’re working to recover more, but the prospects look challenging given how effectively crypto can be laundered through privacy-focused services.
The $6 million Spektor allegedly lost gambling is almost probably unrecoverable. Gambling platforms rarely cooperate with fund recovery efforts, especially when bets were placed with the platform’s native tokens rather than directly with stolen crypto. Even if prosecutors could prove the gambling deposits were stolen funds, getting casinos to return money lost on bets would require unprecedented cooperation.
Cryptocurrency held in mixers or swapped through decentralized exchanges becomes nearly impossible to trace once it moves through multiple hops. By the time investigators identify wallet addresses connected to Spektor, the funds have often already moved to new addresses or different blockchains entirely.
Victims face the grim reality that most of their losses are permanent. The California victim who lost $6.5 million won’t get back more than a small percentage, even if prosecutors recover every dollar they can find. The Pennsylvania man who lost $53,150 might see a proportional distribution if seized assets get divided among victims, but it won’t approach making him whole.
Spektor allegedly operated for 20 months before getting caught, suggesting either extremely careful operational security or slow institutional response to a growing pattern of thefts. Given his Telegram bragging and eventual arrest, operational security seems unlikely as the explanation. More probably, identifying the connection between disparate victim reports took time that allowed Spektor to continue operating.
Spektor faces 31 charges that could result in decades in prison if convicted on all counts. First-degree grand larceny alone carries a maximum sentence of 25 years in New York. Money laundering and fraud charges add additional potential time.
His defense attorney will likely argue that prosecutors can’t prove Spektor personally committed all the thefts attributed to him, that recovered messages might be taken out of context, or that identifying “@lolimfeelingevil” conclusively as Spektor presents challenges. Those are standard defenses in cybercrime cases where attribution relies on digital evidence that defense attorneys can challenge.
Prosecutors counter with ZachXBT’s investigation, Coinbase’s cooperation, recovered Telegram messages, the 12 wallets on Spektor’s phone, and transaction patterns linking thefts to addresses he controlled. That combination of circumstantial and direct evidence presents formidable obstacles for the defense.
A plea deal seems more likely than a trial, given the strength of evidence and the severity of potential sentences. Cooperating with authorities to help recover remaining funds and identify any accomplices could reduce Spektor’s exposure, though 31 charges provide prosecutors with enormous leverage during plea negotiations.
If you’re reading this, you’re already ahead. Stay there by joining Dipprofit’s private Telegram community.
Discover more from Dipprofit
Subscribe to get the latest posts sent to your email.
