Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
ZachXBT Profile picture
@zachxbt
Apr 29 6 tweets 2 min read Read on X
1/ How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020 - 2023

zachxbt.mirror.xyz/B0-UJtxN41cJhp…
2/ Traced 25+ connected hacks across multiple blockchains and through mixers to centralized exchanges.
Image
Image
3/ Identified accounts at Noones and Paxful (P2P marketplaces) that received funds from the hacks and were used to convert crypto to fiat.
Image
Image
4/ 374K USDT was frozen in November 2023 and an undisclosed amount was frozen at centralized exchanges in Q4 2023.

An additional $3.4M was frozen by 3 of 4 stablecoin issuers sitting in a group of addresses.

This post will be updated once the 4th follows suit.
5/ Link to the free Zora mint to own a digital collectible of this 15 month long investigation.

zora.co/collect/base:0…
6/ Thousands of people in the space have been impacted directly and indirectly by Lazarus Group attacks and it seems that number will only continue to increase.

This investigation would not have been possible without the contributions of:
@tayvano_ from @MetaMask
@symbiotic_bnb from @binance
@bax1337 from 5IS
@NickCarlsen1 from @trmlabs

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ZachXBT

ZachXBT Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @zachxbt

ZachXBT Profile picture
Apr 16
1/ An investigation into the alleged $11.1M @PrismaFi exploiter 0x77 (Trung) and the multiple other exploits they are connected to. Image
2/ On March 28, 2024 the Prisma team observed a series of transactions on the MigrateTroveZap contract which resulted in a loss of 3257 ETH ($11.1M)

Exploiter address
0x7e39e3b3ff7adef2613d5cc49558eab74b9a4202

A comprehensive post-morten of the incident can be found below:
Image
3/ At first the attacker communicated with the Prisma deployer the attack was whitehat.

Later that day all of the funds were deposited to Tornado Cash contradicting that statement.

The exploiter began making outrageous demands and asked for a $3.8M (34%) whitehat bounty

This amount is significantly higher than the industry standard 10% essentially extorting the team as the treasury does not have sufficient assets to reimburse users.Image
Image
Image
Read 9 tweets
ZachXBT Profile picture
Mar 21
1/ An investigation into the French dev Jolan Lacroix who recently stole $900K from the TICKER presale on Base before spending the funds on meme coins and Milady NFTs.
Image
Image
2/ TICKER launched a presale on March 16 raising a total of 877 ETH ($3.19M) via Party App on Base.

The token distribution was supposed to be: 24% LP, 71% presale/airdrops, 1% early contributors, 4% reserved for errors.

The team was fully anon.
Image
Image
3/ Immediately after TGE was where things went bad.

15% of the TICKER supply was sent to a dev (Jolan) assisting with the project to distribute the airdrop.

Instead of doing this Jolan sold 13% of the supply for $900K rugging everyone supporting the project.

0x3122445f0240df9530c8a360fb7631ad5aca4e24503e8856b9aedae05dab830cImage
Image
Image
Read 8 tweets
ZachXBT Profile picture
Feb 28
1/ An investigation into the phishing scammer Ultra (Nicolas) who has stolen millions through Discord compromises such as MetaKey and X/Twitter spam just to spend it all gambling on Stake, rare usernames, and Roblox items.
Image
Image
2/ In Feb 2023 the Dead Army Skeleton Discord was compromised
after an admin was phished.

The attacker spammed phishing links in the announcements channel with funds ending up at offtherip.eth and Monkey Drainer.

Image
Image
3/ A few days later Ultra thought it would be funny to flex $200K of the funds he had stolen by sending it to his “friend” Death.

Shortly after Death then steals the funds from Ultra for himself.

Then after Ultra starts crying.

Read 8 tweets
ZachXBT Profile picture
Feb 22
1/ Some time has passed but there is now evidence to share how Tyronejkd is connected to the $1M 0xCrystals/0xCube scam and @3PEACEART account.

Let’s jump in.
Image
2/ Last bull run this account popped up engagement farming with fake giveaways, stolen posts, & stolen punk pfp

They launched an NFT project they claimed was free with a limited supply. When people minted the actual price was 0.25 ETH & not free

When called out for the scheme they would delete posts & change usernamesImage
Image
Image
3/ Let’s go through some of the evidence that ties TyroneJKD to the project.

Here is TyroneJKD funding the 0xcube.eth address (ENS which is contract owner of the project)

0x396e5eb16248fa5e4e78a39bf856227534d4553156c68318b47bb043add108ba
Image
Image
Read 8 tweets
ZachXBT Profile picture
Feb 20
1/ An investigation into how the influencer Crypto Rover ghosted a project he was paid to promote, mislead followers about his trading positions, and also his shills for pump and dump meme coins. Image
2/ In May 2023 Rover was connected with a project was connected to help promote it.

During negotiations Rover said he can “pump projects from 1/2m to 10m easy”

They agreed on $10K + 1% of the supply for payment

Rover address
0x4472d6969c0750dd7ba8e387d2b007a80794802f
Image
Image
3/ After the payment was sent to Rover was where things started to go poorly.

On multiple occasions Rover agreed he was going to start promoting the project with posts but never did.
Image
Image
Read 10 tweets
ZachXBT Profile picture
Jan 31
1/ It’s 2024 and we are still seeing far too many teams getting SIM swapped or phished on a regular basis resulting in millions stolen.

So here are some tips EVERY team should follow to secure their X (Twitter) account and what to prioritize if an account becomes compromised.



Image
Image
Image
Image
2/ If you are subscribed or want to purchase X Premium you are required to attach a phone number to receive a check mark.

Once you apply for the check mark you can immediately remove the phone number after.

If you do not remove the phone number YOU WILL likely be SIM swapped at some point and the scammer would be able to gain access to your X account.

(US cell carriers are primarily being targeted but have seen Canada/EU as well)Image
3/ Linking a phone number for 2FA is simply not acceptable.

X allows people to add Security Keys or an Authenticator App instead.

I usually tell people to buy Yubico security keys (one primary & one backup) as I have seen instances where people accidentally back their Authenticator App up to the cloud.

Buy directly from their website and not a reseller. Also make sure to write down back up codes in case you ever lose the device.

Keep in mind if you ever deactivate your account 2FA will be removed and will have to be added back.Image
Image
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(