Post

How to get URL link on X (Twitter) App

On the Twitter thread, click on or icon on the bottom
Click again on or Share Via icon
Click on Copy Link to Tweet
Paste it above and click "Unroll Thread"!
More info at Twitter Help

ZachXBT

@zachxbt

Dec 9, 2021 • 8 tweets • 4 min read • Read on X

Scrolly

@lemiscate

1/ Here’s an interesting one. A short story about how @lemiscate (angel investor) dumped all of his XDEFI immediately at launch for a $418k profit on his public ENS.

@lemiscate

2/ On 3/24/21 XDEFI announced they concluded their $1.2m seed round. Among those was @lemiscate

Tokenomics wise seed round participants received 25% at TGE (Token Generation Event) with the rest vested linearly over a 3 yr period.

3/ XDEFI trading went live after their IDO on 11/18.

From aavechan.ens we see he received 240k XDEFI on 11/18 (25% on TGE) so during the seed round we see he bought 960k XDEFI tokens for $25.9k ($0.027/token)

etherscan.io/token/0x72b886…

4/ However that same day he added liquidity (USDC/XDEFI) with all 240k tokens on Uni V3 and proceeded to dump it all hours later for a nice $418k profit.

Adds liq:
etherscan.io/tx/0x7555a4249…

Removes liq:
etherscan.io/tx/0xaca6a3cbe…

5/ That’s not very (3,3) for someone supporting a project as an Angel investor and using the community for exit liquidity.

Obviously he has every right to sell all 25% at TGE but when your cost basis was only $25.9k why would you dump your entire stack ($418k) like that?

6/ As an Angel investor you should be supporting the project and not doing the complete opposite on day 1

From a tokenomics standpoint the project shouldn’t have distributed 25% of the the seed round at TGE. That’s messy in itself.

You still should expect better from angels

7/ Since then aavechan.eth was removed from his Twitter. Luckily it is still linked on his Foundation profile (for now)

foundation.app/@Lemiscate

It’s clear from the comments there’s two sides to this topic.

Yes the project shouldn’t have done 25% at TGE but VCs/angels still help shape up the tokenomics a decent bit.

Noob founders then get mislead and VCs/angels get the free pass.

• • •

Missing some Tweet in this thread? You can try to force a refresh

This Thread may be Removed Anytime!

Twitter may remove this content at anytime! Save it as PDF for later use!

More from @zachxbt

ZachXBT

@zachxbt

Dec 29, 2025

1/ Meet Haby (Havard), a Canadian threat actor who has stolen $2M+ via Coinbase support impersonation social engineering scams in the past year blowing the funds on rare social media usernames, bottle service, & gambling.

2/ On Dec 30, 2024 Haby posted a screenshot in a group chat showing off a 21K XRP ($44K) theft from a Coinbase user.

rN7ddvk4DrGHZUrBfNARJEEAbPkky9Mwcz

3/ On Jan 3, 2025 Haby posted a screenshot from his Exodus wallet showing his Telegram & IG accounts.

I matched up the historical balances to the screenshot and found the XRP address linked to two other Coinbase user thefts for ~$500K total.

rfA8MiWkRb6xjveQGKfJpdr8h1Kb4c83Rb

Read 12 tweets

ZachXBT

@zachxbt

Oct 19, 2025

1/ A video went viral on YT this week after a US based victim lost $3.05M (1.2M XRP) from their Ellipal wallet.

Here’s the tracing of where the stolen funds ended up and the biggest takeaways for similar thefts.

2/ Although the victim did not directly share the theft address after watching the video I found it by reviewing the date and amount.

r3cf5mgj5qEcj9n4Th28Es7NVRnXGJjkzc

The victim seems inexperienced and does not provide enough details to determine how the Ellipal wallet became compromised besides it being user error.

3/ The attacker created 120+ Ripple -> Tron orders via Bridgers on Oct 12, 2025.

On block explorers the transactions show as Binance since Bridgers (formerly SWFT) uses them for liquidity.

Read 9 tweets

ZachXBT

@zachxbt

Oct 15, 2025

1/ An investigation into how I identified one of suspects tied to the $28M Bittensor hack from 2024 by identifying anime NFT wash trades linked to a former employee and earned a whitehat bounty for my efforts.

2/ 32 $TAO holders experienced unauthorized transfers in excess of $28M from May to July 2024 and the Bittensor network was temporarily halted on July 2, 2024.

A post-mortem published by the team revealed the thefts were the result of a supply chain attack after a malicious PyPi package was uploaded in late May 2024

Victims who downloaded the package and performed specific operations accidentally compromised private keys.

3/ I began tracing the stolen funds from two initial theft addresses, TAO was bridged to Ethereum via Bittensor native bridge, and then transferred to instant exchanges where the attackers swapped to XMR.

Victims:
$400K: 5ENiTXL63DRMKytjaDRBLnorwd6qURKcCVgsgpu8UQxgptQN
$13M: 5DnXm2tBGAD57ySJv5SfpTfLcsQbSKKp6xZKFWABw3cYUgqg

Read 12 tweets

ZachXBT

@zachxbt

Aug 13, 2025

1/ An unnamed source recently compromised a DPRK IT worker device which provided insights into how a small team of five ITWs operated 30+ fake identities with government IDs and purchased Upwork/LinkedIn accounts to obtain developer jobs at projects.

2/ An export of their Google Drive, Chrome profiles, and screenshots from their devices was obtained.

Google products were extensively used by them to organize their team’s schedules, tasks, and budgets with communications primarily in English.

3/ Another spreadsheet shows weekly reports for team members from 2025 which provides insight into how they operate and what they think about.

“I can't understand job requirement, and don't know what I need to do”

“Solution / fix: Put enough efforts in heart”

Read 11 tweets

ZachXBT

@zachxbt

Jul 22, 2025

1/ An investigation into how @cryptobeastreal scammed followers by lying they were not behind the $190M -> $3M $ALT market cap crash where 45+ connected insider wallets sold $11M+ on July 14, 2025.

2/ Earlier this month Crypto Beast began aggressively promoting $ALT on X and TG.

On July 14, 2025 ALT crashed from 0.19 to 0.003 after insiders sold a large percent of the total supply.

All of these posts promoting the token. have since been deleted.

3/ Crypto Beast previously shared a public wallet on X & TG in now deleted posts.

Ledzo5cdS1RYfX4h391fYC8TF6xkwAC8U77F2pCaH4L

Read 12 tweets

ZachXBT

@zachxbt

Jul 2, 2025

1/ My recent investigation uncovered more than $16.58M in payments since January 1, 2025 or $2.76M per month has been sent to North Korean IT workers hired as developers at various projects & companies.

To put this in perspective payments range from $3K-8K per month meaning they have infiltrated 345 jobs on the low end or 920 jobs on the high end.

2/ Here’s a look into one of the six clusters I have been monitoring and was able to attribute 8 different DPRK ITWs that obtained roles at 12+ projects.

I traced out the payment addresses from the table to two consolidation addresses.

0x58225fed0714e5b9b235642eba7dae3714090a2d
0xa7f9555c34626eb81b64774356a40ca1a6a794ca

3/ Sandy Nguyen (@bullishgopher) a DPRK ITW from this cluster was spotted via OSINT next to the North Korea flag at an event in Russia.

A small group of people still believe North Korean devs are just a conspiracy despite all of the IOCs, research, etc widely available.

Read 10 tweets

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Share this page!

Enter URL or ID to Unroll

ZachXBT

Try unrolling a thread yourself!

More from @zachxbt

ZachXBT

ZachXBT

ZachXBT

ZachXBT

ZachXBT

ZachXBT

Did Thread Reader help you today?

Don't want to be a Premium member but still want to support us?

Send Email!