A 23-year-old Brooklyn man, Ronald Spektor, has been indicted for orchestrating a sophisticated phishing scheme that stole approximately $16 million in cryptocurrency from around 100 Coinbase users across the United States. The indictment, unsealed on December 19, 2025, charges Spektor with 31 counts, including first-degree grand larceny, first-degree money laundering, and participating in a scheme to defraud.
Prosecutors allege that Spektor, operating online under the alias "lolimfeelingevil," impersonated Coinbase support staff. He contacted victims, falsely claiming their assets were at imminent risk from hackers, and convinced them to transfer their funds to wallets he controlled. The scheme relied on phishing and social engineering tactics. After stealing the funds, Spektor allegedly attempted to launder the cryptocurrency using mixers, swapping services, and online gambling platforms.
Brooklyn District Attorney Eric Gonzalez stated, "He allegedly tricked many unsuspecting people to transfer their life savings to wallets he controlled, blew their hard-earned money gambling online, and then bragged about his successful thefts." Investigators recovered messages from a Telegram channel called "Blockchain enemies" where Spektor reportedly boasted about the heists and admitted to losing around $6 million of the stolen funds through gambling.
Authorities have seized approximately $105,000 in cash and $400,000 in digital assets so far. The Brooklyn DA's Virtual Currency Unit, which led the year-long investigation, is continuing efforts to recover more of the stolen funds. Coinbase confirmed it worked closely with the DA's office, helping to identify Spektor and victims, and shared on-chain activity to trace the stolen assets.
The case underscores persistent security threats in the cryptocurrency ecosystem. It follows a separate data breach at Coinbase earlier in the year that affected nearly 70,000 users. The DA's office has warned users to adopt robust security practices, including two-factor authentication and verifying the authenticity of support communications before transferring any funds.
