Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
ZachXBT Profile picture
@zachxbt
Sep 28, 2021 31 tweets 15 min read Read on X
Scrolly
1/ Time for a thread on CryptoGodJohn & his paid group Walsh Wealth Group (WWG).

By the end you will see all the shady tactics they’ve employed and how they’re no different from the rest.

Many on CT turn a blind eye on CT since they’re “friends”
2/ First let’s start with John. At first he just appears like your typical influencer. Let’s examine his alleged BSC wallet:

SuperWaifu:

a) Bought at 6:31 PM UTC
b) Shilled on Twitter at 6:39 UTC
c) Sold entire stack a few hours after

bscscan.com/token/0x626dec…
3/ Perhaps you thought it was a one time off incident and I am making assumptions that it’s his wallet. Let’s examine some undisclosed $EULER shilling.

a) Received 78,610 EULER on 5/3
b) Shilled on Twitter on 5/4
4/ Let’s look at $SAVE which which was a BSC coin advertised as a “charity coin”

From BSC scan you see he received coins for promoting which wasn’t disclosed.

He sold $350k worth all while tweeting about it.

Later he tried to pull the sympathy card.

bscscan.com/token/0x159802…
5/ Let’s examine two more IDO shills if you’re not convinced $BOSON & $STAK.

These were shilled most frequent by him. He never disclosed his vested interest in either project.

Here’s stolen TA as well:

6/ Now let’s move over to his paid group WWG so we can examine if it’s any different.

They have thousands of paying members with a monthly membership fee of ~$175

I would hope you’re not taking advantage of people with your “signals”
7/ Let’s examine this TRB signal by CryptoEliz.

a) Call made at 11:28 pm
b) Exits 3 minutes later & posts screenshot
c) Significant volume & price surge immediately after the signal from 11:28 pm to 11:31 pm

Perhaps this was a one off incident!
8/ Here’s another TRB call made by CryptoEliz

a) Entry signal made at 3:04 pm
b) Exits 5 minutes later and posts screenshot
c) Significant volume & price surge immediately after the signal from 3:04 pm to 3:09 pm

Not so much of a coincidence now anon?
9/ Let’s look at one more for good measure. Here’s a LIT signal given.

a) Entry signal made at 11:32 am
b) Exits for a “scalp” 8 minutes later
c) See chart for evidence.

Imagine paying this much monthly just to get dumped on.
10/ Lastly here’s the WWG analyst BullChain calling out anyone promoting the token $LEGS

Hours later CryptoEliZ tweets about $LEGS pretending to have genuine interest. Another shill not disclosed…

Another WWG fail
11/ Another sketchy tactic used by the group is their marketing & branding.

By using wealth/warren buffet memes they look to attract as many newbies as possible.

Avoid anyone with “god” in their username.
12/ For a while during spring when it was up only I did follow him for a bit thinking he was legit but little did I know.

These people do not want to help you and are not your friend.

I’m sure his army will come attacking but they are naive and it’s hard to continue to watch
13/ Well that concludes this thread!

Follow for more in the future.
Oops
From the WWG Discord
“Why do you spend all this time”
So John claims he “reimbursed” everyone in the Discord.
Rip
“Lost money”

Get ready they’re coming…

At least one person came to their senses.
Kek
Big oof

@SECGov @GaryGensler @FBI Instead of going after legit projects trying to innovate when can we go after bad actors like the ones displayed in this thread that investors keep getting wrecked by.

This is where protection should be given.
Further evidence this is Johns wallet.
More like EliZ losing money from less people to dump on
I’m not too well versed in this area but everyone involved is under US jurisdiction.

Would be happy to formally file a complaint or take legal action granted someone can help guide through the process.

Most of CT will forget within the next 24 hrs.
Progress
Someone else sent this too.

sec.gov/tcr
Very believable from a very trustworthy group of people
Oops

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ZachXBT

ZachXBT Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @zachxbt

ZachXBT Profile picture
Feb 26
1/ Meet @WheresBroox (Broox Bauer), one of the multiple @AxiomExchange employees allegedly abusing the lack of access controls for internal tools to lookup sensitive user details to insider trade by tracking private wallet activity since early 2025. Image
Image
Image
2/ Axiom is a crypto trading platform founded by Mist & Cal in 2024. After going through Y-Combinator's Winter 2025 batch, it quickly became one of the most profitable companies in the space, generating $390M+ in revenue to date.

I was retained to investigate allegations of misconduct at Axiom after receiving reports.Image
Image
3/ Broox is a current Axiom senior BD employee based in New York.

In the clip Broox states he can track any Axiom user via ref code, wallet, or UID and claims he can "find out anything to do with that person".

He also describe researching 10-20 wallets initially and slowly increasing over time "so it does not look that suspicious"

In a separate clip from the same recording, Broox sets ground rules for how to request lookups from him and then says he'll send the full list of wallets.

The full recording is a private call of the group members strategizing.
Read 10 tweets
ZachXBT Profile picture
Jan 25
In case you are curious how John Daghita (Lick) was able to steal $40M+ from US government seizure addresses.

John’s dad owns CMDSS, which currently has an active IT government contract in Virginia.

CMMDS was awarded a contract to assist the USMS in managing/disposing of seized/forfeited crypto assets.

It still remains unclear at this point how John obtained access from his dad.Image
Image
Image
Update: The CMDSS company X account, website, & LinkedIn were all just deactivated Image
Image
Image
Update: John Daghita (Lick) began trolling again on Telegram shortly after my post Image
Image
Read 4 tweets
ZachXBT Profile picture
Jan 23
1/ Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025. Image
Image
Image
2/ Earlier today John got into a heated argument with another threat actor known as Dritan Kapplani Jr. in a group chat to see who had more funds in crypto wallets.

In 'The Com' this is known as a band for band (b4b).

However the entire interaction was fully recorded.

Image
3/ In part 1 of the recording Dritan mocks John however John screenshares Exodus Wallet which shows the Tron address below with $2.3M:
TMrWCLMS3ibDbKLcnNYhLggohRuLUSoHJg
Read 13 tweets
ZachXBT Profile picture
Dec 29, 2025
1/ Meet Haby (Havard), a Canadian threat actor who has stolen $2M+ via Coinbase support impersonation social engineering scams in the past year blowing the funds on rare social media usernames, bottle service, & gambling. Image
Image
2/ On Dec 30, 2024 Haby posted a screenshot in a group chat showing off a 21K XRP ($44K) theft from a Coinbase user.

rN7ddvk4DrGHZUrBfNARJEEAbPkky9Mwcz Image
Image
3/ On Jan 3, 2025 Haby posted a screenshot from his Exodus wallet showing his Telegram & IG accounts.

I matched up the historical balances to the screenshot and found the XRP address linked to two other Coinbase user thefts for ~$500K total.

rfA8MiWkRb6xjveQGKfJpdr8h1Kb4c83Rb Image
Image
Read 12 tweets
ZachXBT Profile picture
Oct 19, 2025
1/ A video went viral on YT this week after a US based victim lost $3.05M (1.2M XRP) from their Ellipal wallet.

Here’s the tracing of where the stolen funds ended up and the biggest takeaways for similar thefts. Image
2/ Although the victim did not directly share the theft address after watching the video I found it by reviewing the date and amount.

r3cf5mgj5qEcj9n4Th28Es7NVRnXGJjkzc

The victim seems inexperienced and does not provide enough details to determine how the Ellipal wallet became compromised besides it being user error.
3/ The attacker created 120+ Ripple -> Tron orders via Bridgers on Oct 12, 2025.

On block explorers the transactions show as Binance since Bridgers (formerly SWFT) uses them for liquidity. Image
Read 9 tweets
ZachXBT Profile picture
Oct 15, 2025
1/ An investigation into how I identified one of suspects tied to the $28M Bittensor hack from 2024 by identifying anime NFT wash trades linked to a former employee and earned a whitehat bounty for my efforts. Image
Image
2/ 32 $TAO holders experienced unauthorized transfers in excess of $28M from May to July 2024 and the Bittensor network was temporarily halted on July 2, 2024.

A post-mortem published by the team revealed the thefts were the result of a supply chain attack after a malicious PyPi package was uploaded in late May 2024

Victims who downloaded the package and performed specific operations accidentally compromised private keys.Image
3/ I began tracing the stolen funds from two initial theft addresses, TAO was bridged to Ethereum via Bittensor native bridge, and then transferred to instant exchanges where the attackers swapped to XMR.

Victims:
$400K: 5ENiTXL63DRMKytjaDRBLnorwd6qURKcCVgsgpu8UQxgptQN
$13M: 5DnXm2tBGAD57ySJv5SfpTfLcsQbSKKp6xZKFWABw3cYUgqgImage
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(