1/ How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020 - 2023

zachxbt.mirror.xyz/B0-UJtxN41cJhp… 2/ Traced 25+ connected hacks across multiple blockchains and through mixers to centralized exchanges.

1/ An investigation into the alleged $11.1M @PrismaFi exploiter 0x77 (Trung) and the multiple other exploits they are connected to. 2/ On March 28, 2024 the Prisma team observed a series of transactions on the MigrateTroveZap contract which resulted in a loss of 3257 ETH ($11.1M)

Exploiter address
0x7e39e3b3ff7adef2613d5cc49558eab74b9a4202

A comprehensive post-morten of the incident can be found below:

https://twitter.com/prismafi/status/1773726224952480049

1/ An investigation into the French dev Jolan Lacroix who recently stole $900K from the TICKER presale on Base before spending the funds on meme coins and Milady NFTs.

2/ TICKER launched a presale on March 16 raising a total of 877 ETH ($3.19M) via Party App on Base.

The token distribution was supposed to be: 24% LP, 71% presale/airdrops, 1% early contributors, 4% reserved for errors.

The team was fully anon.

1/ An investigation into the phishing scammer Ultra (Nicolas) who has stolen millions through Discord compromises such as MetaKey and X/Twitter spam just to spend it all gambling on Stake, rare usernames, and Roblox items.

2/ In Feb 2023 the Dead Army Skeleton Discord was compromised
after an admin was phished.

The attacker spammed phishing links in the announcements channel with funds ending up at offtherip.eth and Monkey Drainer.

https://twitter.com/jadulover23/status/1629928107166814209

1/ Some time has passed but there is now evidence to share how Tyronejkd is connected to the $1M 0xCrystals/0xCube scam and @3PEACEART account.

Let’s jump in.

https://twitter.com/zachxbt/status/1550153291019034624

2/ Last bull run this account popped up engagement farming with fake giveaways, stolen posts, & stolen punk pfp

They launched an NFT project they claimed was free with a limited supply. When people minted the actual price was 0.25 ETH & not free

When called out for the scheme they would delete posts & change usernames

1/ An investigation into how the influencer Crypto Rover ghosted a project he was paid to promote, mislead followers about his trading positions, and also his shills for pump and dump meme coins. 2/ In May 2023 Rover was connected with a project was connected to help promote it.

During negotiations Rover said he can “pump projects from 1/2m to 10m easy”

They agreed on $10K + 1% of the supply for payment

Rover address
0x4472d6969c0750dd7ba8e387d2b007a80794802f

1/ It’s 2024 and we are still seeing far too many teams getting SIM swapped or phished on a regular basis resulting in millions stolen.

So here are some tips EVERY team should follow to secure their X (Twitter) account and what to prioritize if an account becomes compromised.

https://twitter.com/zachxbt/status/1694326221511794706

2/ If you are subscribed or want to purchase X Premium you are required to attach a phone number to receive a check mark.

Once you apply for the check mark you can immediately remove the phone number after.

If you do not remove the phone number YOU WILL likely be SIM swapped at some point and the scammer would be able to gain access to your X account.

(US cell carriers are primarily being targeted but have seen Canada/EU as well)

1/ Throughout this year I have been monitoring someone who has withdrawn 11,200+ ETH ($25M) from Tornado Cash and spent the majority of it on Magic The Gathering (MTG) trading cards.

Here’s my analysis of where the funds went and what the potential source of funds could be. 2/ This person has withdrawn 110 X 100 ETH from Tornado to 11 addresses.

After they would:
1) Wrap the ETH
2) Transfer WETH to new address
3) Unwrap the WETH
4) Transfer USDC to MTG broker

(this is a strategy used to trick KYT at exchanges)

1/ An investigation into the Canadian scammer known as Yahya for their involvement in 17+ SIM swaps which resulted in more than $4.5M stolen.

2/ Yahya’s job was to do lookups on X/Twitter accounts using his panel so the scammer Skenkir could get US targets for SIM swaps.

As compensation for his work Yahya would receive a % of the proceeds stolen from each attack.

EX: Here is screenshots of Yahya showing off tools

1/ What happened to the funds from the @slope_finance $4M hack?

Here’s my analysis tracing the latest movements in 2023 and where the stolen funds ended up going. 2/ TLDR: Slope Wallet (founded by Leal Cheung) was hacked in August 2022. After the hack their entire team disappeared.

Multiple Solana community members I reached out to confirmed this.

In May 2023 whoever ran the account fell for a prank and accidentally made a tweet.

https://twitter.com/slope_finance/status/1559581264813780994

1/ Part 2 of a breakdown into how @trader1sz @Trader_XO @TraderNJ1 @PetaByteCapital pump and dumped 6 figures of PAAL on their followers.

https://twitter.com/zachxbt/status/1700892764911624578

2/ While XO & SZ both made PR statements placing all the blame on PetaByte & NJ for CBOT while both were actively involved with another one of their promotions for PAAL

Thankfully NJ/PB connected their wallet addresses from CBOT & BABYSHIB shills to PAAL making it easy to find

1/ Part 1 of an breakdown into how @TraderNJ1 @PetaByteCapital have deceived multiple projects by leveraging the names of other influencer to obtain free tokens from CBOT and BABYSHIB to dump on followers undisclosed.

2/ Recently this audio clip of Trader NJ surfaced asking for a % of CBOT token supply to shill with Peta, and others saying they will make tweets saying a project is the next 10-20X.

https://twitter.com/gregcryptoegg/status/1698318363221532984

1/6 BREAKING: Scammers have stolen Italian Government emails in order to access the Twitter Legal Request portal to ban accounts, lookup info, and remove posts from forging fake subpoenas.





2/6 Here is an example with one of the alleged Italian law enforcement email addresses used to make a request

1/6 My issues with WorldCoin 2/6 Most alarming to me is how the WorldCoin team has boasted about how many users they have.

When in reality they have been exploiting people in developing countries.

https://t.co/b9smMB4yqatechnologyreview.com/2022/04/06/104…

1/ Here is my analysis of the $60M Anubis DAO rug pull.

I noticed a clear trend in 2023 of funds being withdrawn from Tornado Cash and bridged to Polygon before consolidating to two exchange accounts. 2/ Here are the two exchange deposit addresses which have exposure to all of the Tornado Cash funds.

0x51da686c7a2f973ad11fafed6ce9a3ffc020349f
0x253d7ba533b7d13720fb5ec5a7d1e64d4ff3f58b

Interestingly Beerus (bsl.eth) has sent 95 ETH to the 0x51d address

1/ An investigation into the Canadian phishing scammer known as Soup (Dan) who has helped steal millions in assets by attacking the Discord servers of projects like @Orbiter_Finance @PikaProtocol

2/ Soup creates fake @decryptmedia websites and poses as Luke Hamilton (a real Decrypt employee)

He works with other scammers to approach team members of crypto projects to trick them into joining a fake Decrypt Discord server in an elaborate attempt to steal their Discord token

1/ An investigation into the YouTuber turned phishing scammer Blue (Jack) who has worked with Monkey Drainer and other drainer services to steal more than $1.5m



2/ Before Blue (Jack) began scamming in 2021 he amassed an audience of more than 122k subscribers by uploading gaming and trolling videos to YT.

1/ It’s unfortunate I have to make this thread but I am being sued by MachiBigBrother for an article I published in June 2022.

Today Machi filed the defamation lawsuit. The lawsuit is baseless and an attempt to chill free speech. I intend to fight back & defend free speech. 2/ This is a classic David & Goliath story. My understanding is that Machi is very wealthy. I am not. He is using his money to try silence me. I’m asking for your help so this doesn’t happen & the truth survives.

If you actually think that the owner of the successful JaredFromSubway MEV bot is on CT larping as a BAYC with a checkmark saying GM you are exit liquidity.

I keep seeing way too many people fall for this basic scam. EX 1: People blindly send $28k

Another day another influencer @DannyCrypt dumping on their followers undisclosed

He received 2% of the supply to assist with marketing but within 15 minutes of receiving the tokens market dumped the majority of them for $57k (31 ETH)

Meanwhile he tweeted “hodling my HODL coin” Also in his Telegram channel with 26k subscribers he said “I’m buying HOLDR here I think the price has stabilized” before then dumping the tokens immediately.

Here is the wallet address he received the tokens to and dumped them from:

0x600ee4164bf7718998ce084d146c9c062561fc42

Nakamigos has just flipped BAYC as the collection with the most 0 iq holders

-over 20 Nakamigos holders blindly send $$$ to private address for meme coin presale
-project kept increasing presale hard cap
-dev teaches a valuable lesson by rugging 60 ETH ($110k) & deletes twitter Getting very tired of constantly seeing influencers shilling coins with <$100k liquidity.

If you buy a meme coin you need assume someone will dump on you with insider info or that it’s a scam.