ZachXBT Profile picture
Aug 24, 2022 22 tweets 15 min read Read on X
1/ Cameron Redman is the alleged person responsible for the hacked NFT Twitter accounts over the past few months

Does the name ring any bells? Well it should bc in February 2020 he SIM swapped a single person for $37 million worth of Bitcoin & Bitcoin Cash

Time for a thread ImageImageImage
2/ On February 22, 2020 Josh Jones was sim swapped for ~60k BCH & 1547 BTC

BCH victim address
qzumak2rvxksjgkjuxe2fe5jxatktlsnhy5sthr5p7

BTC victim address 1
bc1qd0hveqwqu9h3x8flfq560hlyk9mptf3j2p89gg

BTC victim address 2
bc1qrwhh74sv88gzq6qgpz5u55u00w2lqprw30ke94 ImageImage
3/ Immediately following the attack the Redman laundered the 60k BCH with hundreds of transactions in small amounts to centralized exchanges (CEX).

This chart visualizes the movement of the 60k BCH with the majority ending up at two exchanges. Image
4/ With the 1547 BTC stolen, a small portion was sent to CEXs but the majority was deposited into both Chip Mixer and Crypto Mixer. Image
5/ On Nov 17 2021 Hamilton Police (Ontario, CA) formally charged Redman for the attack after working with FBI & US Secret Service

They seized $5.4m worth of crypto. The rest of the $31.5m still remains missing to this day

(he was underage at the time)
hamiltonpolice.on.ca/news/arrest-ma…
6/ Since May 2022 we’ve seen popular NFT Twitter accounts hacked such as @beeple @jenkinsthevalet @nounsdao @deekaymotion @Zeneca_33 @frankdegods @KeyboardMonkey3 @franklinisbored & more

The majority of these accounts all had 2FA on leaving people confused how this might happen. ImageImageImage
7/ The hacked Twitter accounts lead to millions of dollars worth of crypto stolen in total.

This table shows a rough estimate for the amount of crypto stolen with each account in the Tweet above. Image
8/ This lead to a post on the forum marketplace SWAPD by the user “Antihero” advertising a Twitter panel.

The prices to use the panel varied from $30k to $300k paid in crypto. ImageImageImage
9/ On Twitter at July 29th 2022 antihero emerged with the name “Cam” on an account inactive for 14 yrs.

On Instagram he obtained the same username too. ImageImageImageImage
10/ On Instagram Redman posted a selfie of himself posing in front of mirror and also outside of a shopping center. ImageImage
11/ I zoom in and then look up the location of “Sunway Dental”

What do you know it happens to be in Missauga, ON very close to the Hamilton Police station in the city where Redman had been previously arrested in Nov 2021. ImageImageImage
12/ If you’re still not convinced here’s more messages of him referencing Canada.

Prior to being charged for the SIM swap Redman had been also known by the aliases “Cream” “4k” “lucky” and for leaking unreleased Juice WRLD songs. ImageImageImage
13/ Here’s two more posts Cam/Antihero made on SWAPD. Another person refers to the seller for the panel as Cam.

Archive:
archive.ph/ABvZy ImageImageImageImage
14/ Remember in Tweet 9 Redman began to eventually resell access to the panel.

On June 26 2022 Cam received a 230 ETH + 20 ETH payment for lifetime access to the Twitter panel.

0x0214ee97e9d828e1e6aa49a85b89982a7dceacc7 ImageImage
15/ Just a few hours after the payment @nounsdao Twitter was hacked.

The scammers address had direct exposure to the JRNY club Twitter hacker, Nansen discord attack, and other Discord attacks.

Source:
chainabuse.com/search/address… ImageImage
16/ Who bought the Twitter panel access from Redman? Well it was the scammers known as HZ/Chase and Popbob. Here’s HZ flexing panel access to @Serpent (a security researcher) ImageImageImage
17/ HZ + Popbob flexing Franklin and Deekay being hacked. ImageImageImageImage
18/ It’s still unclear as to how Redman gained access to the panel to make elevated requests & reset passwords. As of now it appears the method stopped working

It’s wild someone can SIM swap a person for $37m, only return $5.4m, & go back to their old ways w/o serious jail time
19/ Thanks for making it this far. Feel free to share this thread with others.
Update: seems they’re upset with this thread ImageImage
If you appreciate my research/work please consider donating to my ENS or Gitcoin.

ZachXBT.ETH

0x9D727911B54C455B0071A7B682FcF4Bc444B5596

bc1qrshu8d42ffq3jtrmzmujmmlh6swpw22a0qqt07l5u60n5efgazhqm5e4nk

gitcoin.co/grants/5039/za…
Update: Cam deleted his SWAPD account and went private with the username on a fresh Instagram account. ImageImage

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ZachXBT

ZachXBT Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @zachxbt

Mar 21
1/ An investigation into the French dev Jolan Lacroix who recently stole $900K from the TICKER presale on Base before spending the funds on meme coins and Milady NFTs.
Image
Image
2/ TICKER launched a presale on March 16 raising a total of 877 ETH ($3.19M) via Party App on Base.

The token distribution was supposed to be: 24% LP, 71% presale/airdrops, 1% early contributors, 4% reserved for errors.

The team was fully anon.
Image
Image
3/ Immediately after TGE was where things went bad.

15% of the TICKER supply was sent to a dev (Jolan) assisting with the project to distribute the airdrop.

Instead of doing this Jolan sold 13% of the supply for $900K rugging everyone supporting the project.

0x3122445f0240df9530c8a360fb7631ad5aca4e24503e8856b9aedae05dab830cImage
Image
Image
Read 8 tweets
Feb 28
1/ An investigation into the phishing scammer Ultra (Nicolas) who has stolen millions through Discord compromises such as MetaKey and X/Twitter spam just to spend it all gambling on Stake, rare usernames, and Roblox items.
Image
Image
2/ In Feb 2023 the Dead Army Skeleton Discord was compromised
after an admin was phished.

The attacker spammed phishing links in the announcements channel with funds ending up at offtherip.eth and Monkey Drainer.

Image
Image
3/ A few days later Ultra thought it would be funny to flex $200K of the funds he had stolen by sending it to his “friend” Death.

Shortly after Death then steals the funds from Ultra for himself.

Then after Ultra starts crying.

Read 8 tweets
Feb 22
1/ Some time has passed but there is now evidence to share how Tyronejkd is connected to the $1M 0xCrystals/0xCube scam and @3PEACEART account.

Let’s jump in.
Image
2/ Last bull run this account popped up engagement farming with fake giveaways, stolen posts, & stolen punk pfp

They launched an NFT project they claimed was free with a limited supply. When people minted the actual price was 0.25 ETH & not free

When called out for the scheme they would delete posts & change usernamesImage
Image
Image
3/ Let’s go through some of the evidence that ties TyroneJKD to the project.

Here is TyroneJKD funding the 0xcube.eth address (ENS which is contract owner of the project)

0x396e5eb16248fa5e4e78a39bf856227534d4553156c68318b47bb043add108ba
Image
Image
Read 8 tweets
Feb 20
1/ An investigation into how the influencer Crypto Rover ghosted a project he was paid to promote, mislead followers about his trading positions, and also his shills for pump and dump meme coins. Image
2/ In May 2023 Rover was connected with a project was connected to help promote it.

During negotiations Rover said he can “pump projects from 1/2m to 10m easy”

They agreed on $10K + 1% of the supply for payment

Rover address
0x4472d6969c0750dd7ba8e387d2b007a80794802f
Image
Image
3/ After the payment was sent to Rover was where things started to go poorly.

On multiple occasions Rover agreed he was going to start promoting the project with posts but never did.
Image
Image
Read 10 tweets
Jan 31
1/ It’s 2024 and we are still seeing far too many teams getting SIM swapped or phished on a regular basis resulting in millions stolen.

So here are some tips EVERY team should follow to secure their X (Twitter) account and what to prioritize if an account becomes compromised.



Image
Image
Image
Image
2/ If you are subscribed or want to purchase X Premium you are required to attach a phone number to receive a check mark.

Once you apply for the check mark you can immediately remove the phone number after.

If you do not remove the phone number YOU WILL likely be SIM swapped at some point and the scammer would be able to gain access to your X account.

(US cell carriers are primarily being targeted but have seen Canada/EU as well)Image
3/ Linking a phone number for 2FA is simply not acceptable.

X allows people to add Security Keys or an Authenticator App instead.

I usually tell people to buy Yubico security keys (one primary & one backup) as I have seen instances where people accidentally back their Authenticator App up to the cloud.

Buy directly from their website and not a reseller. Also make sure to write down back up codes in case you ever lose the device.

Keep in mind if you ever deactivate your account 2FA will be removed and will have to be added back.Image
Image
Read 9 tweets
Dec 7, 2023
1/ Throughout this year I have been monitoring someone who has withdrawn 11,200+ ETH ($25M) from Tornado Cash and spent the majority of it on Magic The Gathering (MTG) trading cards.

Here’s my analysis of where the funds went and what the potential source of funds could be.
2/ This person has withdrawn 110 X 100 ETH from Tornado to 11 addresses.

After they would:
1) Wrap the ETH
2) Transfer WETH to new address
3) Unwrap the WETH
4) Transfer USDC to MTG broker

(this is a strategy used to trick KYT at exchanges) Image
3/ After USDC was sent to a MTG US based broker that accepts crypto

How did I find the broker used?

1) Instagram username was same as on OpenSea

2) Directly contacted a few MTG sellers the broker interacted w/ on-chain

Broker address
0x80462101b56cb4125c645ff299d3e20c1d908c02
Image
Image
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(