The majority of these accounts all had 2FA on leaving people confused how this might happen.
7/ The hacked Twitter accounts lead to millions of dollars worth of crypto stolen in total.
This table shows a rough estimate for the amount of crypto stolen with each account in the Tweet above.
8/ This lead to a post on the forum marketplace SWAPD by the user “Antihero” advertising a Twitter panel.
The prices to use the panel varied from $30k to $300k paid in crypto.
9/ On Twitter at July 29th 2022 antihero emerged with the name “Cam” on an account inactive for 14 yrs.
On Instagram he obtained the same username too.
10/ On Instagram Redman posted a selfie of himself posing in front of mirror and also outside of a shopping center.
11/ I zoom in and then look up the location of “Sunway Dental”
What do you know it happens to be in Missauga, ON very close to the Hamilton Police station in the city where Redman had been previously arrested in Nov 2021.
12/ If you’re still not convinced here’s more messages of him referencing Canada.
Prior to being charged for the SIM swap Redman had been also known by the aliases “Cream” “4k” “lucky” and for leaking unreleased Juice WRLD songs.
16/ Who bought the Twitter panel access from Redman? Well it was the scammers known as HZ/Chase and Popbob. Here’s HZ flexing panel access to @Serpent (a security researcher)
17/ HZ + Popbob flexing Franklin and Deekay being hacked.
18/ It’s still unclear as to how Redman gained access to the panel to make elevated requests & reset passwords. As of now it appears the method stopped working
It’s wild someone can SIM swap a person for $37m, only return $5.4m, & go back to their old ways w/o serious jail time
19/ Thanks for making it this far. Feel free to share this thread with others.
1/ An investigation into the French dev Jolan Lacroix who recently stole $900K from the TICKER presale on Base before spending the funds on meme coins and Milady NFTs.
2/ TICKER launched a presale on March 16 raising a total of 877 ETH ($3.19M) via Party App on Base.
The token distribution was supposed to be: 24% LP, 71% presale/airdrops, 1% early contributors, 4% reserved for errors.
The team was fully anon.
3/ Immediately after TGE was where things went bad.
15% of the TICKER supply was sent to a dev (Jolan) assisting with the project to distribute the airdrop.
Instead of doing this Jolan sold 13% of the supply for $900K rugging everyone supporting the project.
1/ An investigation into the phishing scammer Ultra (Nicolas) who has stolen millions through Discord compromises such as MetaKey and X/Twitter spam just to spend it all gambling on Stake, rare usernames, and Roblox items.
2/ In Feb 2023 the Dead Army Skeleton Discord was compromised
after an admin was phished.
The attacker spammed phishing links in the announcements channel with funds ending up at offtherip.eth and Monkey Drainer.
1/ An investigation into how the influencer Crypto Rover ghosted a project he was paid to promote, mislead followers about his trading positions, and also his shills for pump and dump meme coins.
2/ In May 2023 Rover was connected with a project was connected to help promote it.
During negotiations Rover said he can “pump projects from 1/2m to 10m easy”
They agreed on $10K + 1% of the supply for payment
2/ If you are subscribed or want to purchase X Premium you are required to attach a phone number to receive a check mark.
Once you apply for the check mark you can immediately remove the phone number after.
If you do not remove the phone number YOU WILL likely be SIM swapped at some point and the scammer would be able to gain access to your X account.
(US cell carriers are primarily being targeted but have seen Canada/EU as well)
3/ Linking a phone number for 2FA is simply not acceptable.
X allows people to add Security Keys or an Authenticator App instead.
I usually tell people to buy Yubico security keys (one primary & one backup) as I have seen instances where people accidentally back their Authenticator App up to the cloud.
Buy directly from their website and not a reseller. Also make sure to write down back up codes in case you ever lose the device.
Keep in mind if you ever deactivate your account 2FA will be removed and will have to be added back.
1/ Throughout this year I have been monitoring someone who has withdrawn 11,200+ ETH ($25M) from Tornado Cash and spent the majority of it on Magic The Gathering (MTG) trading cards.
Here’s my analysis of where the funds went and what the potential source of funds could be.
2/ This person has withdrawn 110 X 100 ETH from Tornado to 11 addresses.
After they would: 1) Wrap the ETH 2) Transfer WETH to new address 3) Unwrap the WETH 4) Transfer USDC to MTG broker
(this is a strategy used to trick KYT at exchanges)
3/ After USDC was sent to a MTG US based broker that accepts crypto
How did I find the broker used?
1) Instagram username was same as on OpenSea
2) Directly contacted a few MTG sellers the broker interacted w/ on-chain