The majority of these accounts all had 2FA on leaving people confused how this might happen.
7/ The hacked Twitter accounts lead to millions of dollars worth of crypto stolen in total.
This table shows a rough estimate for the amount of crypto stolen with each account in the Tweet above.
8/ This lead to a post on the forum marketplace SWAPD by the user “Antihero” advertising a Twitter panel.
The prices to use the panel varied from $30k to $300k paid in crypto.
9/ On Twitter at July 29th 2022 antihero emerged with the name “Cam” on an account inactive for 14 yrs.
On Instagram he obtained the same username too.
10/ On Instagram Redman posted a selfie of himself posing in front of mirror and also outside of a shopping center.
11/ I zoom in and then look up the location of “Sunway Dental”
What do you know it happens to be in Missauga, ON very close to the Hamilton Police station in the city where Redman had been previously arrested in Nov 2021.
12/ If you’re still not convinced here’s more messages of him referencing Canada.
Prior to being charged for the SIM swap Redman had been also known by the aliases “Cream” “4k” “lucky” and for leaking unreleased Juice WRLD songs.
16/ Who bought the Twitter panel access from Redman? Well it was the scammers known as HZ/Chase and Popbob. Here’s HZ flexing panel access to @Serpent (a security researcher)
17/ HZ + Popbob flexing Franklin and Deekay being hacked.
18/ It’s still unclear as to how Redman gained access to the panel to make elevated requests & reset passwords. As of now it appears the method stopped working
It’s wild someone can SIM swap a person for $37m, only return $5.4m, & go back to their old ways w/o serious jail time
19/ Thanks for making it this far. Feel free to share this thread with others.
1/ An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen.
2/ Incident Summary: On August 19, 2024 the threat actors targeted a single Genesis creditor by:
1) Calling as Google Support via spoofed number to compromise personal accounts 2) Calling after as Gemini support claiming account is hacked 3) Social engineered victim into resetting 2FA and sending Gemini funds to compromised wallet 4) Got victim to use AnyDesk to share screen and leaked private keys from Bitcoin core.
Gemini txn hash
59.34 BTC - Aug 19 at 1:48 am UTC
e747b963a463334c164b0a8fff844f73693272bb2b331adbe2147d70ec196360
14.88 BTC - Aug 19 at 2:30 am UTC
7c7ebed785f0b4d4335d559b14b8215862fbe29db329e3ee0f2a7e64a16ce9e3
3/ Here is a private video recording showing the live reaction by multiple of the threat actors to receiving $238M.
Theft txn hash
4064 BTC - Aug 19 at 4:05 am UTC
4b277ba298830ea538086114803b9487558bb093b5083e383e94db687fbe9090
1/ Recently a team reached out to me for assistance after $1.3M was stolen from the treasury after malicious code had been pushed.
Unbeknownst to the team they had hired multiple DPRK IT workers as devs who were using fake identities.
I then uncovered 25+ crypto projects with related devs that have been active since June 2024.
2/ The laundering path for the incident can be described as:
1) Transfer $1.3M to theft address 2) Bridge $1.3M from Solana to Etheruem via deBridge 3) Deposit 50.2 ETH to Tornado 4) Transfer 16.5 ETH to two exchanges
2/ The theft address I will start from is 0x6ee which was doing test transactions on July 10th from 0x09b multisig with SHIB and was funded with 6 X 0.1 ETH from Tornado.
0x6eedf92fb92dd68a270c3205e96dccc527728066
A technical breakdown of the attack by Mudit can be found below
3/ With the 6 X 0.1 ETH withdrawals from Tornado Cash on July 10th I was able to demix this and find 6 X 0.1 ETH matching deposits made the day before.
0xc6873ce725229099caf5ac6078f30f48ec6c7e2e
The demix is accurate as 0xc68 was also doing tests with 0x304 multisig on July 9th with SHIB.
For those who are confused and need additional context.
Earlier today Arkham announced a $150K bounty for the identity of the DJT creator
11:49 pm UTC I reply to Arkham saying I submitted for the bounty
11:57 pm UTC Martin Shkreli panic DM’s me
12:27 am UTC Martin Shkreli creates a spaces and announces he is the creator of DJT
One of the large DJT insiders verso.sol dumping $832K worth of DJT and then depositing USDC to CEX ~1 hr ago
Coincidentally also a large holder on Martin’s other project Shoggoth
1/ Here is an overview of one of the better executed scams I have seen in recent times so I figured I would share with the community as a cautionary tale.
A few weeks ago I received a DM from a follower who lost $245K after accidentally downloading malware onto their computer.
2/ It started as an account purporting to be Peter Lauten from a16z, messaging a team to inquire about a potential podcast partnership.
3/ The attacker noticed that the real Peter Lauten had changed his X (Twitter) username from ‘peter_lauten’
to ‘lauten’ at a point in time and then had claimed his old username.