$13M Canadian Crypto Impersonation Scam Ends at a Traffic Stop

A Canadian crypto impersonation scam that allegedly drained more than $13 million is drawing fresh attention to a threat that often looks ordinary from the outside: fraudsters talking victims into handing over access to their wallets.

Trenton Richard Johnston, now 20, pleaded guilty to conspiracy to commit money laundering after federal prosecutors in the United States accused him and several co-conspirators of posing as employees of Google, Trezor and other companies to reach victims’ cryptocurrency holdings. The scheme began around January 2024 and, according to prosecutors, kept unfolding until authorities stopped Johnston during a traffic stop while he was driving a Rolls-Royce.

The case underscores a simple but unsettling point. In crypto theft, the most dangerous tool is not always malware. Sometimes, it is a convincing phone call.

Canadian crypto impersonation scam centered on social engineering

How the fraud operation worked

The operation was, in practice, almost disarmingly direct. Rather than breaking into exchange systems or exploiting software flaws, the group relied on social engineering. Victims were told their accounts were already under attack, and the scammers then presented themselves as the fix.

In one documented instance, Johnston allegedly contacted a victim and claimed the person’s Google email and Coinbase accounts had been compromised. That panic helped make the victim cooperative, and prosecutors said about $41,000 in Ether was stolen.

Weeks later, the group targeted a much larger victim in California. This time, the scammers impersonated both Google and hardware wallet provider Trezor and warned that someone was trying to access the victim’s wallet. After they gained enough trust, prosecutors said they drained about $13 million in Bitcoin in a single operation.

That speed matters because crypto transactions are largely irreversible. Once funds move, the chance to stop them can disappear quickly.

What prosecutors say happened to the stolen funds

The money did not stay idle for long. Court records show Johnston spent lavishly within two months, with about $1.2 million going toward luxury vehicles, private jet travel, jewelry, high-end rentals in Miami and Los Angeles, and travel expenses for guests.

Prosecutors alleged that Johnston and co-conspirator Brandon Tardibone, who owned an exotic car rental business, acquired a Lamborghini Aventador SVJ and two BMWs. A rental property in North Miami and private jet bookings also featured in what prosecutors described as a spending pattern that showed little concern for staying hidden.

It was a traffic stop in March that eventually unraveled the case. When investigators pulled Johnston over in a Rolls-Royce, they seized electronic devices and handwritten notes that prosecutors said tied him to the fraud operation.

As part of the plea deal, Johnston surrendered about 53.16 Bitcoin and 275.23 Ether, valued at roughly $3.7 million at current market prices.

Brandon Tardibone also pleaded guilty

Brandon Tardibone, whose exotic car rental business allegedly helped launder stolen funds, also pleaded guilty to money laundering. His involvement shows how a crypto money laundering case can reach beyond the main scammers and into businesses that appear legitimate on the surface.

Prosecutors have recommended prison sentences of 51 to 63 months for Johnston and 27 to 33 months for Tardibone.

The gap reflects their different roles. Even so, both defendants face meaningful prison time for what prosecutors described as a coordinated scheme that caused serious financial harm.

Why social engineering keeps beating technical defenses

The Johnston case stands out not just because of the dollar amount, but because of what it says about modern crypto fraud social engineering. Prosecutors were clear that the operation did not rely on technical exploits. No exchange was breached, and no wallet firmware was compromised. Victims were persuaded to hand over access.

That matters because it exposes a weakness that strong passwords and hardware wallets do not always solve. If the attacker never tries to break in and instead convinces the victim to open the door, traditional defenses can fail fast.

The broader pattern is already visible. According to findings from blockchain investigator ZachXBT, social engineering scams targeting Coinbase users alone led to at least $65 million in losses between December 2024 and January 2025. In another December investigation, ZachXBT identified a Canadian scammer who allegedly stole more than $2 million by posing as a Coinbase support representative and later spent the proceeds on gambling, luxury purchases and rare social media usernames.

ZachXBT also documented a New York-based scammer accused of stealing more than $4 million from Coinbase customers using similar impersonation tactics.

What experts say the industry still needs

Deddy Lavid, chief executive and co-founder of the crypto security firm Cyvers, said many of the sector’s largest thefts now come from human manipulation rather than code-based attacks. He noted that crypto transactions are irreversible, which gives attackers an advantage as soon as they win a victim’s trust.

In his view, the industry cannot rely only on post-theft investigations. Exchanges, wallet providers, custodians and financial institutions need systems that can spot suspicious activity and laundering patterns in real time, before funds leave customer accounts.

Education helps, but it does not scale well against organized networks that can tailor their stories to thousands of users. For now, the Canadian crypto impersonation scam involving Johnston is another reminder that the industry’s most effective defenses need to account for human behavior, not just software security.