Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
ZachXBT Profile picture
@zachxbt
Jun 30, 2021 15 tweets 7 min read Read on X
Scrolly
1/ Welcome to the bull run of 2020/2021. It’s up only (was), valuations are at ATH, and your favorite influencer can be a VC.

New funds pop up on a weekly basis yet at the same time invest/incubate a billion projects at once. How are they so efficient you might ask?

👇👇👇
2/ Let me introduce you to Moonrock Capital.

In 2018 Johnathon Habicht & Simon Dedic founded Blockfyre; a blockchain advisory firm based in Germany. In 2020 this was acquired by Tixl. In between that period in 2019 Moonrock Capital was formed by them.
3/ After the Scott Melker incident someone close to the team at Moonrock & Blockfyre messaged me about the firm and all that went on.

Let’s dive into two of the projects ($POLK & $PMON) incubated by Moon Rock Capital a bit deeper to see if they did set the “standard”.
4/ Polkamon ($PMON)

As one of the largest marketing failures this bull run the chart exemplified suspicious activity.

In doing so I reviewed the entire transaction history from launch to June. Below is a brief summary of my findings.
5/ It’s clear the only thing that MoonRock helped them succeed with was pump investors/insiders funds and dump on retail.

Below is the typical lifecycle of the “Moon Rock incubation standard”.
6/ Polkamarkets ($POLK)

As another incubation you might think $PMON was a one time event.

Below is a graph with all of the largest (cumulative) sells in the first 4 weeks. Many of the wallets received tokens from other IDO’s as well.
7/ Now you’re starting to see the pattern? If you’re still not convinced here are some other projects that they invested in.

I’ve included the investment announcement date, token launch date, and ATH date in the chart.

($KYL, $DAFI, $LKR, $CGG)
8/ All your favorite CT influencers work with the VC’s and Marketing firms for a collective shilling campaign. Many do not disclose they were compensated in some capacity. They are placed into groupchats organized by people like Danny Les (for $PMON & $POLK)
9/

Perhaps you think that the teams at $PMON & $POLK were taken advantage of. A couple of the founders on the $POLK & $PMON team worked at Tixl which Blockfyre was acquired by. All of who Moon Rock worked closely with previously.
10/ Other VC’s have sprung up and do the exact same thing.

The larping VC model includes: little to no vesting period, shilling campaign, use noob friendly buzzwords, ponzi tokenomics designed to benefit VC’s at launch.
11/ Here are possible solutions that hopefully more VC’s should follow.

⁃Dont share the cap table with larping VC’s that dump instantly
⁃Make transparency status quo
⁃Regulation

This will help wash out the bad actors that give the crypto space a bad name.
12/ Follow for more threads in the future!
13/
A huge thanks to the team at @LedgerQL for providing me with the entire history of DEX trades for $POLK & $PMON. Can’t wait for the fully functioning site to be live.

Also a thanks to @mathieu_ouioui for helping give me a second eye by reviewing my analysis .
14/ Sources:

Refer to the files below for data dumps for Polychain Monster (Polkamon) & Polkamarkets.

drive.google.com/file/d/1MfinJ9…

drive.google.com/file/d/1tB8GTr…
There goes one of them…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ZachXBT

ZachXBT Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @zachxbt

ZachXBT Profile picture
Nov 20
1/ An investigation into the social engineering scammer Ronaldd (Ronald Spektor) who allegedly helped steal $6.5M last month from a single victim by impersonating Coinbase support. Image
Image
Image
2/ A US based victim sent me a DM on Oct 7, 2024 after receiving a call from a spoofed number impersonating Coinbase support where they were coerced in to using a phishing site.

Theft address
bc1qra7s4wl8z2el335k40sdnaka04c2sdwjx5hs6q
0x730082b1847e1cef889ea6dce57641c96c104f2d

Phishing site: https(:)//19960018-coinbase(.)comImage
3/ An initial tracing of the theft saw all of the stolen funds flow to eXch on Ethereum and Bitcoin where funds were converted to Litecoin and transferred to numerous services. Image
Read 9 tweets
ZachXBT Profile picture
Nov 3
1/ Time to share how SCALE, NTD, TPU, & OPSEC projects were all tied to the same person Zopp0 to farm naive traders using numerous influencers shown in leaked messages. Image
Image
2/ While paying others to be the face of OPSEC behind the scenes he was involved with key decisions as the owner in private Telegram chats.

Here is him talking about the lack of technical research.

I then confronted him over DM about this in March 2024 which he downplayed.

Then in a leaked private chat here is him chatting about me obtaining this screenshot.Image
Image
Image
Image
3/ Zopp0 and his friend SZB discuss how they messed up bundling for NTD/TPU and worry it will trace back to them.

No posts have been made from @NTensorDynamics @tensorspace_ai since April. Image
Image
Image
Image
Read 7 tweets
ZachXBT Profile picture
Oct 23
1/ Meet Yicong Wang (王逸聪), a Chinese OTC trader who has helped Lazarus Group convert tens of millions of stolen crypto to cash from various hacks via bank transfers since 2022. Image
Image
Image
2/ A follower reached out to me a few months ago after having their exchange account frozen after completing a P2P transaction with Yicong Wang an OTC who has used pseudonyms like Seawang, Greatdtrader, & BestRhea977 Image
3/ They then shared one of Yicong Wang’s Tron wallet addresses with me from a screenshot of their WeChat conversation.

THsSCBGazjjho7u2BQQsmrpbDv1Q237FL4 Image
Read 11 tweets
ZachXBT Profile picture
Oct 20
1/ A short story about how the influencer @0xjaypeg got caught lying to the community three times this weekend about an allocation for a project all for $2.2K. Image
2/ A project reached out to Jaypeg who agreed to promote a meme coin for 2% of the supply.

8jpz1pDotD7NVBWuYQgfSNX2CAVTp6wyD5Jgg7d5515B

After sending his wallet address in the chat Jaypeg deleted his message and lied saying he never received tokens and claimed it was not his wallet.Image
Image
Image
3/ 8jpz1p sold the tokens for ~$2.2K

3XwAA6GpNH6jzpqm6ztbDSixnre3iuB6JXYigdZN1T8EdTUK8qqjoJNf9dp9DpNR2rQHsWzsDHFRvut47p2Zy7zk
5GiGcgtkHPkvHVXCvqqxVzBZD2cLE7nvQMHmkWFnqUtsvcKEJQUuLSmVxVU7G2f8pCWHtnJocSfHRQud5TkK1GZg

The team followed up with him multiple times on it but he shifted the blame to them and did not resolve the mistake.Image
Image
Image
Read 7 tweets
ZachXBT Profile picture
Sep 19
1/ An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen. Image
Image
2/ Incident Summary: On August 19, 2024 the threat actors targeted a single Genesis creditor by:

1) Calling as Google Support via spoofed number to compromise personal accounts
2) Calling after as Gemini support claiming account is hacked
3) Social engineered victim into resetting 2FA and sending Gemini funds to compromised wallet
4) Got victim to use AnyDesk to share screen and leaked private keys from Bitcoin core.

Gemini txn hash
59.34 BTC - Aug 19 at 1:48 am UTC
e747b963a463334c164b0a8fff844f73693272bb2b331adbe2147d70ec196360
14.88 BTC - Aug 19 at 2:30 am UTC
7c7ebed785f0b4d4335d559b14b8215862fbe29db329e3ee0f2a7e64a16ce9e3Image
Image
Image
3/ Here is a private video recording showing the live reaction by multiple of the threat actors to receiving $238M.

Theft txn hash
4064 BTC - Aug 19 at 4:05 am UTC
4b277ba298830ea538086114803b9487558bb093b5083e383e94db687fbe9090
Read 15 tweets
ZachXBT Profile picture
Aug 15
1/ Recently a team reached out to me for assistance after $1.3M was stolen from the treasury after malicious code had been pushed.

Unbeknownst to the team they had hired multiple DPRK IT workers as devs who were using fake identities.

I then uncovered 25+ crypto projects with related devs that have been active since June 2024.Image
Image
2/ The laundering path for the incident can be described as:

1) Transfer $1.3M to theft address
2) Bridge $1.3M from Solana to Etheruem via deBridge
3) Deposit 50.2 ETH to Tornado
4) Transfer 16.5 ETH to two exchanges

Theft address
6USfQ9BX33LNvuR44TXr8XKzyEgervPcF4QtZZfWMnet Image
3/ Using multiple payment addresses for 21 devs I was able to map out a cluster with the most recent batch of payments for ~$375K over the last month.

0xb721adfc3d9fe01e9b3332183665a503447b1d35

In the past week you may have seen me tagging projects telling them to DM me. Image
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(