Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
ZachXBT Profile picture
@zachxbt
Oct 29, 2021 15 tweets 8 min read Read on X
Scrolly
1/ Let’s discuss @moon_guurl and how she rugged $islainu (a meme coin).

You may be asking why her? Well this tweet last night peaked interest amongst people on CT. I figured why not reach out to the team to see what happened.

Time for a deep dive
👇
2/ Luckily the team responded quickly providing the entire chat history.

Why way this necessary? Rea allegedly dumped 6 figures of a lowcap right after striking a deal. This destroyed the coin
3/ Here is the deal that REA & the team agreed to.

1% of the supply (Ik lol) for a promo Tweet about the project.

Initially the team pushed for vesting w/ presale access but she repeatedly declined and said she wouldn’t sell large amounts
4/ Here was the promo tweet she did. Notice there was ZERO disclosure and instead pretended to have genuine interest
5/ Everything seemed to be going well with the deal other than the undisclosed shill…

After agreeing to the 1% of the supply she was told to not sell a bunch at once since it wasn’t vested

Also clearly trying to hide her address in the second screenshot. Why so scared?
6/ Rea started selling small bits at a time immediately after launch. See the address below.

Attached are additional screenshots that proves it her.

etherscan.io/token/0xe9fba3…
7/ Soon after a large sell happens and a team member preemptively messages Rea since she holds a 1% of the supply. They immediately apologize however.

They ask her to buy back the ones she’s sold but eventually does.

This is where things start to go downhill…
8/ Now the project is up a bunch and the team offers to buy her out for $28k since 1% is now worth a small house (still a lowcap)

The rationale is bc her bag is causing FUD that a team member is selling

Soon after Rea acts distant citing mental health + gender discrimination
9/ The excuses continue and she then sends the tokens to her “friend” who immediately dumps the token (22.8 eth worth) rugging the project.

etherscan.io/tx/0x8e1fa8e2c…
10/ Anyone who spends a few seconds in the space knows you can’t execute large sells like that on a lowcap. Rea avoided vesting for a reason

This plus the hidden shill just is sketchy behavior

Apparently she’s in a deal w/ 3AC but still knowingly shilled a lowcap meme coin?
11/ I would be very careful going forward dealing with someone who has acted like this.

It is not someone you want to work with…

Do you really need an “InFlUeNcEr” that bad?
12/ As always remember this!

Follow for more threads in the future
Another shill today? Hmmm
Based
It was inevitable

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ZachXBT

ZachXBT Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @zachxbt

ZachXBT Profile picture
May 9
1/ In late 2023 a former Yuga Labs security researcher was stopped at the airport after law enforcement mistakenly linked them to a $1.1M phishing theft from a Bored Ape owner.

Here’s an investigation into where the stolen funds went and who’s actually responsible. Image
Image
Image
2/ In Dec 2022, a victim had 14 X BAYC NFTs phished in a social engineering scheme where purchased X accounts were used to convince the victim they wanted to license the IP rights for a film.

The scammer directed the victim to a phishing site where they had them sign a message draining their assets.

Theft address
0x9335da37d37bc5d46850eaee48f8b9ccbe94d9a2Image
Image
Image
3/ In Sep 2023, Sam Curry a well known whitehat and former Yuga Labs security engineer was detained at the airport by law enforcement for questioning and was served with a grand jury subpoena (later dropped).

In reality as part of his security work at Yuga, he had been investigating the theft and used a private key put in the JavaScript of the website by the threat actor.

LE then had mistakenly reviewed logs from OpenSea which included his home IP address and used this to incorrectly link him as the suspect.Image
Image
Read 10 tweets
ZachXBT Profile picture
Mar 20
1/ An investigation into the alleged identity of the mysterious Hyperliquid whale tied to illicit activity that profited ~$20M via highly leveraged positions over the past couple weeks. Image
Image
Image
2/ A trader opened multiple highly leveraged positions on Hyperliquid and GMX from Jan - Mar 2025.

They gained lots of attention this month after two onchain trades:

-Large ETH & BTC long position on 50X leverage just before Trump’s crypto reserve announcement by 0xe4d3 ($10M profit)

-Large BTC short position on 40X leverage by 0xf3F4 ($9M profit)Image
Image
Image
3/ I went and identified the main counterparties of 0xf3f:

0x7ab8c59db7b959bb8c3481d5b9836dfbc939af21
0x312f8282f68e17e33b8edde9b52909a77c75d950
0xab3067c58811ade7aa17b58808db3b4c2e86f603
0xe4d31c2541a9ce596419879b1a46ffc7cd202c62

This cluster is to tied to Roobet, Binance, Gamdom, ChangeNOW, Shuffle, Alphapo, BC Game, & Metawin accounts.Image
Read 11 tweets
ZachXBT Profile picture
Feb 3
1/ Over the past few months I imagine you have seen many Coinbase users complain on X about their accounts suddenly being restricted.

This is the result of aggressive risk models and Coinbase’s failure to stop its users losing $300M+ per year to social engineering scams. Image
Image
2/ Myself and @tanuki42_ spent time reviewing Coinbase withdrawals and gathering data from my DMs for high confidence thefts on various chains.

Below is a table we created which shows $65M stolen from Coinbase users in Dec 2024 - Jan 2025.

Our number is likely much lower than the actual amount stolen as our data was limited to my DMs and thefts we discovered on-chain which does not account for Coinbase support tickets and police reports we do not have access to.Image
3/ Let’s walk through how these Coinbase social engineering scams work.

A victim reached out to me last month after losing ~$850K.

Graphing out this theft lead to a consolidation address with 25+ other victims tied to ‘coinbase-hold.eth’.

Theft address
0xc8234dda2bc3758eb90224d0025871001e8ee7b9
bc1q4ks5gus8uv88vk8yage4r89kv8uxlgwhemz545Image
Read 13 tweets
ZachXBT Profile picture
Nov 27, 2024
1/ An investigation into how the threat actor Serpent went from a pro Fortnite player to helping steal $3.5M via meme coin scams launched from 9+ account compromises on X & IG and gambling the proceeds away at online casinos. Image
Image
Image
2/ Serpent (SerpentAU) is a former pro Fortnite player from Australia who was released from the esports organization ‘Overtime’ after being caught allegedly cheating in June 2020.

He then co-founded the NFT project DAPE in March 2022 which later rug pulled. Image
Image
3/ In March 2024 Serpent launched another project called ERROR which rug pulled and got him banned from X.

Deployer address
0x8233873ee35547097ccb9098adbab955d7120ee8 Image
Image
Read 10 tweets
ZachXBT Profile picture
Nov 26, 2024
1/ Over the past few months I have been tracking a series of related compromises for McDonald’s, Usher, Kabosu Owner, Andy Ayrey, Wiz Khalifa, SPX 6900, etc on X & IG which has resulted in an estimated $3.5M+ stolen via launching Pump Fun meme coins. Image
2/ On Aug 21, 2024 the McDonald’s IG became compromised and a post was made promoting the bundled meme coin GRIMACE and the hacker began trolling after.

$690K+ from the pump and dump was consolidated to two wallets.

4RiNhTwBxYWgb4MSCtt9vXgVk2yuPhoQR3DR9pMVPU1W
2vjnmxwTYNJvTmFhtqxZkPiuCHkaKZK5rcxTLuoC2dPBImage
Image
Image
3/ On Sep 3, 2024 the McDonalds attacker transferred 101.5 SOL to two addresses which deployed and sniped SCHRADER after the Actor Dean Norris had his X account hacked.

4s9Uz9pTBXcEaEtcjs8eg98r2TVte3rq3JUm3rVTFMudfewGbNKmqNyYs9bSAMDUaTbTcuA1v39sWr7GRqkDJ6EM
1gxo1pjTqjbee7rHW4cGvuNffX1qP4F8fP17g6SSC5EYbQrnktDrKSFB1uh4ju7PxQjprWFin37WUsAe225b9c6Image
Image
Read 15 tweets
ZachXBT Profile picture
Nov 20, 2024
1/ An investigation into the social engineering scammer Ronaldd (Ronald Spektor) who allegedly helped steal $6.5M last month from a single victim by impersonating Coinbase support. Image
Image
Image
2/ A US based victim sent me a DM on Oct 7, 2024 after receiving a call from a spoofed number impersonating Coinbase support where they were coerced in to using a phishing site.

Theft address
bc1qra7s4wl8z2el335k40sdnaka04c2sdwjx5hs6q
0x730082b1847e1cef889ea6dce57641c96c104f2d

Phishing site: https(:)//19960018-coinbase(.)comImage
3/ An initial tracing of the theft saw all of the stolen funds flow to eXch on Ethereum and Bitcoin where funds were converted to Litecoin and transferred to numerous services. Image
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(