ZachXBT

@zachxbt

111 Following

72280 Followers

ZachXBT pfp

Multisig exploiter just transferred 9980 ETH ($31.4M) to the crypto exchange exchange eXch, swapping from Ethereum to Bitcoin in 7 orders. Source address 0x2d146Aa23645950FDefBb23f636A5d1674FE1047 Destination address bc1qffvx38hplm6ym5el5yakxmntezv7tg6yurghnq bc1qut035lpe0k6yklcrkaquhvg4x65lkg5n3uvnel bc1qe6yk9rnae0l96775gu99zvjdy496j3rrfc5sm0 bc1q4cwvw5x89pjaquq5e25ghjgffevmz6rtz043tx bc1qpj24paw8hunju2z6fharwej82rfjywexsz629a bc1qrzzdx82jv4t4tlkfc0gsqjpjp2r9r6ptq7rtuf bc1qyht95cksxh2un0elgdaq0up874s99kj80ev97d

3 replies

71 recasts

386 reactions

ZachXBT pfp

Looks like the crypto casino Metawin was exploited for $4M+ on Ethereum and Solana earlier today. See 115+ theft addresses tied to the exploiter below. So far stolen funds have been transferred to Kucoin and a HitBTC nested service. https://www.chainabuse.com/report/094193aa-aba7-4af8-b7e6-84f0a6b608db

8 replies

129 recasts

329 reactions

ZachXBT pfp

The crypto exchange M2 was hacked for ~$13M from hot wallets on multiple chains yesterday. Theft addresses ETH: 0x968b6984cba14444f23ee51be90652408155e142 BTC: bc1qu4kh7wa38xpkrp8frgxl4sak88wx0jug8n3vfj SOL: EKko14NvgqdvNttUb8JjXkVGuUs6BTikjfN3hqW4LQoL

2 replies

16 recasts

185 reactions

ZachXBT pfp

Looks like $20M of seized funds tied to the US Government was likely stolen in the past hour. Theft address 0x3486ee700ccaf3e2f9c5ec9730a2e916a4740a9f 0xbf6f7c503e858aded4e18ce2bcf93846fd726c15 0x15d0a31ed5050ed8decd3c101aaee0b2ad2e6441

16 replies

16 recasts

371 reactions

ZachXBT pfp

I recently spoke with Andy Greenberg from WIRED, who did a profile that dives into my journey over the past few years. It was a great experience to reflect on the evolution of my investigations. https://www.wired.com/story/meet-zachxbt-243-million-crypto-theft/

15 replies

43 recasts

567 reactions

ZachXBT pfp

My new research detailing a Chinese OTC trader named Yicong Wang who Lazarus Group has used since 2022 to off-ramp tens of millions from crypto hacks. https://x.com/zachxbt/status/1849071080180240751

7 replies

19 recasts

296 reactions

ZachXBT pfp

Tapioca DAO hack is likely the result of a team member downloading malware as the theft is tied on-chain to other recent hacks such as Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, MurAll, etc I have previously covered which were the result of fake job scams (contagious interview). Stolen funds from this incident were bridged from Arbitrum to BSC where ~$4.7M currently sits. 0x69d91e56ca80f2a4d7b808b59053ea5c5505ffe2

3 replies

18 recasts

216 reactions

ZachXBT pfp

I went and attributed 16 exchange hot wallets on Starknet so they would be publicly tagged on block explorers as I noticed none were previously tagged anywhere. Binance 0x0213c67ed78bc280887234fe5ed5e77272465317978ae86c25a71531d9332a2d OKX 0x0269ea391a9c99cb6cee43ff589169f547cbc48d7554fdfbbfa7f97f516da700 Bybit 0x076601136372fcdbbd914eea797082f7504f828e122288ad45748b0c8b0c9696 Kraken 0x620102ea610be8518125cf2de850d0c4f5d0c5d81f969cff666fb53b05042d2 Kucoin 0x0566ec9d06c79b1ca32970519715a27f066e76fac8971bbd21b96a50db826d90 HTX 0x03fd14213a96e9d90563ebe1b224f357c6481a755ee6f046c8ce9acd9b8654a7 MEXC 0x069a7818562b608ce8c5d0039e7f6d1c6ee55f36978f633b151858d85c022d2f Gate 0x00e91830f84747f37692127b20d4e4f9b96482b1007592fee1d7c0136ee60e6d Bitget 0x0299b9008e2d3fa88de6d06781fc9f32f601b2626cb0efa8e8c19f2b17837ed1 HitBTC 0x04b555a99b585adf082754e5ea36e4202f13efa649e6ac16dfe8c0e217c454bc CoinEX 0x00fb108ed29e1b5d82bb61a39a15bbab410543818bf7df9be3c0f5dd0d612cf3

11 replies

8 recasts

245 reactions

ZachXBT pfp

45 minutes ago a victim was drained for 12K spWETH ($32.4M) Theft address 0x471c725Bd1F29850CBb8eeA4cdf6c9Ce3caC5607 Theft txn hash https://etherscan.io/tx/0xf7c00f18175cdea49f8fdad6a1d45edeb318f18f3009f51ab9f4675171c1d8fb

17 replies

20 recasts

181 reactions

ZachXBT pfp

The project Truflation was hacked a few hours ago for $5M+ on multiple chains from the treasury multisig and personal wallets EVM theft address 0x53d2094b31429a13e739358b16354d8e0826b25a 0x2122a76213b23daf633b850cb659750db0cac801 0x4ec10144f1a96eed9b04d324d0997b5325c56472 0x7ea07c76328fc789435fc77a2a4d527c5bbc333e 0x3f8e5cc8abd032dd6ad652423e951ab06f833126 SOL theft address 6v4R3z5ahHqx3pbxMpYQMu26cuQoonLX2Rqq7WF35yzp

6 replies

40 recasts

158 reactions

ZachXBT pfp

My new post sharing an investigation on a $243M theft from last month which lead to multiple arrests and $9M+ frozen https://x.com/zachxbt/status/1836752923830702392

21 replies

21 recasts

350 reactions

ZachXBT pfp

https://zora.co/collect/base:0xb445b5c8deadb38458b857a96cb8b74305a903cd/2

7 replies

8 recasts

112 reactions

ZachXBT pfp

A number of large accounts on X currently have their account compromised and all are promoting the same meme coin scam. https://x.com/zachxbt/status/1836473279479189916

11 replies

29 recasts

72 reactions

ZachXBT pfp

Cencora, a top 50 publicly traded company in the US made a $75M ransomware payment earlier this year but did not share the BTC transactions so I decided to do it for them. https://x.com/zachxbt/status/1836403999030788570

8 replies

13 recasts

279 reactions

ZachXBT pfp

Happy to have played a part in freezing $7M as a direct result of my Lazarus Group investigation. https://x.com/zachxbt/status/1834881201326178808?

7 replies

42 recasts

486 reactions

ZachXBT pfp

A threat actor hacked the McDonald’s Instagram account and began promoting a meme coin scam.

11 replies

5 recasts

37 reactions

ZachXBT pfp

A few hours ago a victim was drained for 55.4M DAI Transaction hash 0xf70042bf3ae7c22f0680f8afa078c38989ed475dfbe5c8d8f30a50d4d2f45dc4 Theft address 0x5D4b2A02c59197eB2cAe95A6Df9fE27af60459d4

6 replies

22 recasts

373 reactions

ZachXBT pfp

Seven hours ago a suspicious transfer was made from a potential victim for 4064 BTC ($238M) Transaction hash 4b277ba298830ea538086114803b9487558bb093b5083e383e94db687fbe9090 Funds were quickly transferred to ThorChain, eXch, Kucoin, ChangeNow, Railgun, Avalanche Bridge.

24 replies

104 recasts

901 reactions

ZachXBT pfp

Nexera (NXRA) was exploited for ~$1.5M a few hours ago. Attacker is connected on-chain to other recent private key compromise incidents such as SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, Reach, and many more. Stolen funds sit 0xe697949817a45446776376db203c04d31b580a10 0x6bd33c8256f7a37336b2b8fe967321e25540337b

3 replies

6 recasts

216 reactions

ZachXBT pfp

On-chain clown of the day: The Pancake Bunny exploiter accidentally transferred $3.6M to the DAI contract address 8 hrs ago 0x72df3d8b97b92188eb7516277836fd07e994b276c858052815a398cc52c91bc1

17 replies

17 recasts

433 reactions