1/ So I began tracing the $230M+ WazirX hack back from the original exploiter address and was able to make some interesting observations.

https://twitter.com/wazirxindia/status/1813843289940058446

2/ The theft address I will start from is 0x6ee which was doing test transactions on July 10th from 0x09b multisig with SHIB and was funded with 6 X 0.1 ETH from Tornado.

0x6eedf92fb92dd68a270c3205e96dccc527728066

A technical breakdown of the attack by Mudit can be found below

https://twitter.com/mudit__gupta/status/1813881385800913327

For those who are confused and need additional context.

Earlier today Arkham announced a $150K bounty for the identity of the DJT creator

11:49 pm UTC I reply to Arkham saying I submitted for the bounty
11:57 pm UTC Martin Shkreli panic DM’s me
12:27 am UTC Martin Shkreli creates a spaces and announces he is the creator of DJT

One of the large DJT insiders verso.sol dumping $832K worth of DJT and then depositing USDC to CEX ~1 hr ago

Coincidentally also a large holder on Martin’s other project Shoggoth

5cPzLzLQjt2oc8X6rGannrh7HmVJNAMFJKq21DdZRuHP

https://twitter.com/zachxbt/status/1803231125734826382

1/ Here is an overview of one of the better executed scams I have seen in recent times so I figured I would share with the community as a cautionary tale.

A few weeks ago I received a DM from a follower who lost $245K after accidentally downloading malware onto their computer.

2/ It started as an account purporting to be Peter Lauten from a16z, messaging a team to inquire about a potential podcast partnership.

1/ An investigation into how the @sol ($CAT) meme coin team is connected to the @GCRClassic hack from last night.

Minutes before the hack an address tied to them opened $2.3M ORDI & $1M ETHFI longs on Hyperliquid.

Let’s dive in.

2/ The @sol team sniped their own launch to control 63% of the supply selling $5M+ of $CAT before transferring the profits to multiple wallets.

https://twitter.com/lookonchain/status/1794231282454626615

1/ How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020 - 2023

zachxbt.mirror.xyz/B0-UJtxN41cJhp… 2/ Traced 25+ connected hacks across multiple blockchains and through mixers to centralized exchanges.

1/ An investigation into the alleged $11.1M @PrismaFi exploiter 0x77 (Trung) and the multiple other exploits they are connected to. 2/ On March 28, 2024 the Prisma team observed a series of transactions on the MigrateTroveZap contract which resulted in a loss of 3257 ETH ($11.1M)

Exploiter address
0x7e39e3b3ff7adef2613d5cc49558eab74b9a4202

A comprehensive post-morten of the incident can be found below:

https://twitter.com/prismafi/status/1773726224952480049

1/ An investigation into the French dev Jolan Lacroix who recently stole $900K from the TICKER presale on Base before spending the funds on meme coins and Milady NFTs.

2/ TICKER launched a presale on March 16 raising a total of 877 ETH ($3.19M) via Party App on Base.

The token distribution was supposed to be: 24% LP, 71% presale/airdrops, 1% early contributors, 4% reserved for errors.

The team was fully anon.

1/ An investigation into the phishing scammer Ultra (Nicolas) who has stolen millions through Discord compromises such as MetaKey and X/Twitter spam just to spend it all gambling on Stake, rare usernames, and Roblox items.

2/ In Feb 2023 the Dead Army Skeleton Discord was compromised
after an admin was phished.

The attacker spammed phishing links in the announcements channel with funds ending up at offtherip.eth and Monkey Drainer.

https://twitter.com/jadulover23/status/1629928107166814209

1/ Some time has passed but there is now evidence to share how Tyronejkd is connected to the $1M 0xCrystals/0xCube scam and @3PEACEART account.

Let’s jump in.

https://twitter.com/zachxbt/status/1550153291019034624

2/ Last bull run this account popped up engagement farming with fake giveaways, stolen posts, & stolen punk pfp

They launched an NFT project they claimed was free with a limited supply. When people minted the actual price was 0.25 ETH & not free

When called out for the scheme they would delete posts & change usernames

1/ An investigation into how the influencer Crypto Rover ghosted a project he was paid to promote, mislead followers about his trading positions, and also his shills for pump and dump meme coins. 2/ In May 2023 Rover was connected with a project was connected to help promote it.

During negotiations Rover said he can “pump projects from 1/2m to 10m easy”

They agreed on $10K + 1% of the supply for payment

Rover address
0x4472d6969c0750dd7ba8e387d2b007a80794802f

1/ It’s 2024 and we are still seeing far too many teams getting SIM swapped or phished on a regular basis resulting in millions stolen.

So here are some tips EVERY team should follow to secure their X (Twitter) account and what to prioritize if an account becomes compromised.

https://twitter.com/zachxbt/status/1694326221511794706

2/ If you are subscribed or want to purchase X Premium you are required to attach a phone number to receive a check mark.

Once you apply for the check mark you can immediately remove the phone number after.

If you do not remove the phone number YOU WILL likely be SIM swapped at some point and the scammer would be able to gain access to your X account.

(US cell carriers are primarily being targeted but have seen Canada/EU as well)

1/ Throughout this year I have been monitoring someone who has withdrawn 11,200+ ETH ($25M) from Tornado Cash and spent the majority of it on Magic The Gathering (MTG) trading cards.

Here’s my analysis of where the funds went and what the potential source of funds could be. 2/ This person has withdrawn 110 X 100 ETH from Tornado to 11 addresses.

After they would:
1) Wrap the ETH
2) Transfer WETH to new address
3) Unwrap the WETH
4) Transfer USDC to MTG broker

(this is a strategy used to trick KYT at exchanges)

1/ An investigation into the Canadian scammer known as Yahya for their involvement in 17+ SIM swaps which resulted in more than $4.5M stolen.

2/ Yahya’s job was to do lookups on X/Twitter accounts using his panel so the scammer Skenkir could get US targets for SIM swaps.

As compensation for his work Yahya would receive a % of the proceeds stolen from each attack.

EX: Here is screenshots of Yahya showing off tools

1/ What happened to the funds from the @slope_finance $4M hack?

Here’s my analysis tracing the latest movements in 2023 and where the stolen funds ended up going. 2/ TLDR: Slope Wallet (founded by Leal Cheung) was hacked in August 2022. After the hack their entire team disappeared.

Multiple Solana community members I reached out to confirmed this.

In May 2023 whoever ran the account fell for a prank and accidentally made a tweet.

https://twitter.com/slope_finance/status/1559581264813780994

1/ Part 2 of a breakdown into how @trader1sz @Trader_XO @TraderNJ1 @PetaByteCapital pump and dumped 6 figures of PAAL on their followers.

https://twitter.com/zachxbt/status/1700892764911624578

2/ While XO & SZ both made PR statements placing all the blame on PetaByte & NJ for CBOT while both were actively involved with another one of their promotions for PAAL

Thankfully NJ/PB connected their wallet addresses from CBOT & BABYSHIB shills to PAAL making it easy to find

1/ Part 1 of an breakdown into how @TraderNJ1 @PetaByteCapital have deceived multiple projects by leveraging the names of other influencer to obtain free tokens from CBOT and BABYSHIB to dump on followers undisclosed.

2/ Recently this audio clip of Trader NJ surfaced asking for a % of CBOT token supply to shill with Peta, and others saying they will make tweets saying a project is the next 10-20X.

https://twitter.com/gregcryptoegg/status/1698318363221532984

1/6 BREAKING: Scammers have stolen Italian Government emails in order to access the Twitter Legal Request portal to ban accounts, lookup info, and remove posts from forging fake subpoenas.





2/6 Here is an example with one of the alleged Italian law enforcement email addresses used to make a request

1/6 My issues with WorldCoin 2/6 Most alarming to me is how the WorldCoin team has boasted about how many users they have.

When in reality they have been exploiting people in developing countries.

https://t.co/b9smMB4yqatechnologyreview.com/2022/04/06/104…

1/ Here is my analysis of the $60M Anubis DAO rug pull.

I noticed a clear trend in 2023 of funds being withdrawn from Tornado Cash and bridged to Polygon before consolidating to two exchange accounts. 2/ Here are the two exchange deposit addresses which have exposure to all of the Tornado Cash funds.

0x51da686c7a2f973ad11fafed6ce9a3ffc020349f
0x253d7ba533b7d13720fb5ec5a7d1e64d4ff3f58b

Interestingly Beerus (bsl.eth) has sent 95 ETH to the 0x51d address

1/ An investigation into the Canadian phishing scammer known as Soup (Dan) who has helped steal millions in assets by attacking the Discord servers of projects like @Orbiter_Finance @PikaProtocol

2/ Soup creates fake @decryptmedia websites and poses as Luke Hamilton (a real Decrypt employee)

He works with other scammers to approach team members of crypto projects to trick them into joining a fake Decrypt Discord server in an elaborate attempt to steal their Discord token

1/ An investigation into the YouTuber turned phishing scammer Blue (Jack) who has worked with Monkey Drainer and other drainer services to steal more than $1.5m



2/ Before Blue (Jack) began scamming in 2021 he amassed an audience of more than 122k subscribers by uploading gaming and trolling videos to YT.