ZachXBT

@zachxbt

112 Following

75961 Followers

ZachXBT pfp

The Blockchain Bandit attacker woke up after being dormant for multiple years and consolidated 51,000 ETH ($172.2M) to a single multisig. Multisig address 0xC45C36017b0B7708f493534Ca4f0930964C1D542

27 replies

280 recasts

790 reactions

ZachXBT pfp

A few hours ago a victim was drained on Solana for $2.2M+ worth of meme coins ($1.43M PNUT, $400K ZEREBRO, $130K ALCH, etc) Theft address 7DQZQzydMPhFdhQnFYkwwNkykqeYADcj14JxYLAgVbBm 2CJ5d3o6MaCsgmZNZRrDE9fHuWRZ3Gpc5MBdMkz6HUxy 8qRK51ghCidRvwpYNRiu9hdUsg6UA7ZQF71HCAeUnBDZ

15 replies

111 recasts

337 reactions

ZachXBT pfp

A few hours ago wallets tied to crypto influencer JRNY saw ~$4M worth of crypto assets suspiciously transferred out and sold indicating a potential private key compromise. Theft address 0xc467150582cfc8eec4132a483c76101d3636f598 0x6fd6c8fd64c7efdb8eec902161d3bbc035430456 0xa2dd5e2ab84240cbecc7beaca9946afef97ae74a

7 replies

35 recasts

146 reactions

ZachXBT pfp

Multisig exploiter just transferred 9980 ETH ($31.4M) to the crypto exchange exchange eXch, swapping from Ethereum to Bitcoin in 7 orders. Source address 0x2d146Aa23645950FDefBb23f636A5d1674FE1047 Destination address bc1qffvx38hplm6ym5el5yakxmntezv7tg6yurghnq bc1qut035lpe0k6yklcrkaquhvg4x65lkg5n3uvnel bc1qe6yk9rnae0l96775gu99zvjdy496j3rrfc5sm0 bc1q4cwvw5x89pjaquq5e25ghjgffevmz6rtz043tx bc1qpj24paw8hunju2z6fharwej82rfjywexsz629a bc1qrzzdx82jv4t4tlkfc0gsqjpjp2r9r6ptq7rtuf bc1qyht95cksxh2un0elgdaq0up874s99kj80ev97d

3 replies

45 recasts

233 reactions

ZachXBT pfp

1 reply

0 recast

1 reaction

ZachXBT pfp

Looks like the crypto casino Metawin was exploited for $4M+ on Ethereum and Solana earlier today. See 115+ theft addresses tied to the exploiter below. So far stolen funds have been transferred to Kucoin and a HitBTC nested service. https://www.chainabuse.com/report/094193aa-aba7-4af8-b7e6-84f0a6b608db

8 replies

129 recasts

273 reactions

ZachXBT pfp

The crypto exchange M2 was hacked for ~$13M from hot wallets on multiple chains yesterday. Theft addresses ETH: 0x968b6984cba14444f23ee51be90652408155e142 BTC: bc1qu4kh7wa38xpkrp8frgxl4sak88wx0jug8n3vfj SOL: EKko14NvgqdvNttUb8JjXkVGuUs6BTikjfN3hqW4LQoL

2 replies

26 recasts

138 reactions

ZachXBT pfp

Looks like $20M of seized funds tied to the US Government was likely stolen in the past hour. Theft address 0x3486ee700ccaf3e2f9c5ec9730a2e916a4740a9f 0xbf6f7c503e858aded4e18ce2bcf93846fd726c15 0x15d0a31ed5050ed8decd3c101aaee0b2ad2e6441

16 replies

55 recasts

210 reactions

ZachXBT pfp

Definitely has to be this Lazarus Group investigation since it has so many different layers to it. https://zachxbt.mirror.xyz/B0-UJtxN41cJhpPtKv0v2LZ8u-0PwZ4ecMPEdX4l8vE

0 reply

1 recast

3 reactions

ZachXBT pfp

I recently spoke with Andy Greenberg from WIRED, who did a profile that dives into my journey over the past few years. It was a great experience to reflect on the evolution of my investigations. https://www.wired.com/story/meet-zachxbt-243-million-crypto-theft/

13 replies

155 recasts

361 reactions

ZachXBT pfp

0 reply

0 recast

2 reactions

ZachXBT pfp

My new research detailing a Chinese OTC trader named Yicong Wang who Lazarus Group has used since 2022 to off-ramp tens of millions from crypto hacks. https://x.com/zachxbt/status/1849071080180240751

7 replies

63 recasts

220 reactions

ZachXBT pfp

Tapioca DAO hack is likely the result of a team member downloading malware as the theft is tied on-chain to other recent hacks such as Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, MurAll, etc I have previously covered which were the result of fake job scams (contagious interview). Stolen funds from this incident were bridged from Arbitrum to BSC where ~$4.7M currently sits. 0x69d91e56ca80f2a4d7b808b59053ea5c5505ffe2

4 replies

35 recasts

150 reactions

ZachXBT pfp

Part 2 ChangeNow 0x062b6edccf9d86aff918634e53f3fac9545a8bcf84bcb59a0a09f9194d18282d XT 0x0786c463590ca32345e0118a0303a8f66af10882d7315ce282840feb5d6817f9 Bitrue 0x01a103074e6ea2f988b427c77e671207c20d6005d407a685eeee2e1f61028392 Bitmart 0x04de639e634c071c3ce8b1c69fac0500aab5ddb25a08fd0f757176243e4c0467

1 reply

1 recast

27 reactions

ZachXBT pfp

I went and attributed 16 exchange hot wallets on Starknet so they would be publicly tagged on block explorers as I noticed none were previously tagged anywhere. Binance 0x0213c67ed78bc280887234fe5ed5e77272465317978ae86c25a71531d9332a2d OKX 0x0269ea391a9c99cb6cee43ff589169f547cbc48d7554fdfbbfa7f97f516da700 Bybit 0x076601136372fcdbbd914eea797082f7504f828e122288ad45748b0c8b0c9696 Kraken 0x620102ea610be8518125cf2de850d0c4f5d0c5d81f969cff666fb53b05042d2 Kucoin 0x0566ec9d06c79b1ca32970519715a27f066e76fac8971bbd21b96a50db826d90 HTX 0x03fd14213a96e9d90563ebe1b224f357c6481a755ee6f046c8ce9acd9b8654a7 MEXC 0x069a7818562b608ce8c5d0039e7f6d1c6ee55f36978f633b151858d85c022d2f Gate 0x00e91830f84747f37692127b20d4e4f9b96482b1007592fee1d7c0136ee60e6d Bitget 0x0299b9008e2d3fa88de6d06781fc9f32f601b2626cb0efa8e8c19f2b17837ed1 HitBTC 0x04b555a99b585adf082754e5ea36e4202f13efa649e6ac16dfe8c0e217c454bc CoinEX 0x00fb108ed29e1b5d82bb61a39a15bbab410543818bf7df9be3c0f5dd0d612cf3

12 replies

59 recasts

175 reactions

ZachXBT pfp

0 reply

0 recast

3 reactions

ZachXBT pfp

no it’s all converted to ETH 1:1

0 reply

0 recast

1 reaction

ZachXBT pfp

45 minutes ago a victim was drained for 12K spWETH ($32.4M) Theft address 0x471c725Bd1F29850CBb8eeA4cdf6c9Ce3caC5607 Theft txn hash https://etherscan.io/tx/0xf7c00f18175cdea49f8fdad6a1d45edeb318f18f3009f51ab9f4675171c1d8fb

17 replies

20 recasts

123 reactions

ZachXBT pfp

The project Truflation was hacked a few hours ago for $5M+ on multiple chains from the treasury multisig and personal wallets EVM theft address 0x53d2094b31429a13e739358b16354d8e0826b25a 0x2122a76213b23daf633b850cb659750db0cac801 0x4ec10144f1a96eed9b04d324d0997b5325c56472 0x7ea07c76328fc789435fc77a2a4d527c5bbc333e 0x3f8e5cc8abd032dd6ad652423e951ab06f833126 SOL theft address 6v4R3z5ahHqx3pbxMpYQMu26cuQoonLX2Rqq7WF35yzp

6 replies

39 recasts

108 reactions

ZachXBT pfp

It’s hard to justify the extra time needed to make a long form post to Warpcast using paragraph as overall reach is much smaller than X or Telegram. If this ever changes in the next few years I am happy to adapt and invest the time.

0 reply

0 recast

0 reaction