Yup, an obvious accident in the human genepool somehow slipped past Darwin's checks.
Joel_Jantsen has the right idea, but maybe I can add a little zing to it.

- Get a cheap .com domain, say "exm0.com" (purely an example, make it something the fool won't recognize to soon) and set up a site that looks like Exmo.com.
- Make sure that he can use the fake info to log in on it.
- Also make sure you have a script that logs his IP and other info for you (browser/user agent, system language, all the good stuff).
If it's a really good script, it can even check if he's on a proxy/vpn or not (though they won't always show, but a lot of them still do show).
Take all that info to law enforcement (unless you got your doge/other coins by more nefarious means, in which case, try to find out yourself where this idiot bumbag is really operating from).

And whatever you do, don't go the route of using the fake site to put any nasty stuff on his computer.
For starters, you don't know his actual system (android? Windows? Mac? Linux? Atari 2600?) so you can't be sure any worm/trojan/other digital herpes would work.
Secondly, you can't be certain if he uses his own computer or if he tricked someone into letting them use theirs.