Community Alert: A number of large accounts on X currently have their account compromised and are posting the same meme coin scam.
Would imagine these accounts all connected to a site/app and gave permissions to post.
Reminder to always go to X settings and revoke connected apps you do not use.
Settings -> Security and account access -> Apps and Sessions or Connected apps then periodically revoke inactive ones.
Would imagine these accounts all connected to a site/app and gave permissions to post.
Reminder to always go to X settings and revoke connected apps you do not use.
Settings -> Security and account access -> Apps and Sessions or Connected apps then periodically revoke inactive ones.
π€£187π66π39π«‘22π€9π₯΄5π4π₯°3π3π3π³2
Imagine compromising this many large acounts on X/Twitter and only making $8.5K off the scam from pulling the LPβ¦
π€£454π48π45β€19π₯15πΎ14π13πΏ12π€ͺ10π9π±6
My new post sharing an investigation on a $243M theft from last month which lead to multiple arrests and $9M+ frozen
https://x.com/zachxbt/status/1836752923830702392?
https://x.com/zachxbt/status/1836752923830702392?
π«‘237π₯71β€47π39π€―18π¨βπ»10π€£9π¦8β€βπ₯7π7π―6
Investigations by ZachXBT
My new post sharing an investigation on a $243M theft from last month which lead to multiple arrests and $9M+ frozen https://x.com/zachxbt/status/1836752923830702392?
Update: Malone (Greavys) and Box (Jeandiel) were just indicted
https://www.justice.gov/usao-dc/pr/indictment-charges-two-230-million-cryptocurrency-scam
https://www.justice.gov/usao-dc/pr/indictment-charges-two-230-million-cryptocurrency-scam
π₯287β€72π€£51π37πΎ30π«‘19π18π₯°6β€βπ₯4π€3π2
The project Truflation was hacked a few hours ago for $5M+ on multiple chains from the treasury multisig and personal wallets
EVM theft address
0x53d2094b31429a13e739358b16354d8e0826b25a
0x2122a76213b23daf633b850cb659750db0cac801
0x4ec10144f1a96eed9b04d324d0997b5325c56472
0x7ea07c76328fc789435fc77a2a4d527c5bbc333e
0x3f8e5cc8abd032dd6ad652423e951ab06f833126
SOL theft address
6v4R3z5ahHqx3pbxMpYQMu26cuQoonLX2Rqq7WF35yzp
EVM theft address
0x53d2094b31429a13e739358b16354d8e0826b25a
0x2122a76213b23daf633b850cb659750db0cac801
0x4ec10144f1a96eed9b04d324d0997b5325c56472
0x7ea07c76328fc789435fc77a2a4d527c5bbc333e
0x3f8e5cc8abd032dd6ad652423e951ab06f833126
SOL theft address
6v4R3z5ahHqx3pbxMpYQMu26cuQoonLX2Rqq7WF35yzp
π±141π38π29π’24β€15π€―10π8π₯6π6πΏ6β‘5
Have seen an uptick in irl robberies targeting crypto traders located in Western Europe over the past few months.
The cases all involve known people in the crypto community where they were held at gunpoint.
As the rest of the cycle continues be extra mindful of who you share your wins with and meet up with irl.
The cases all involve known people in the crypto community where they were held at gunpoint.
As the rest of the cycle continues be extra mindful of who you share your wins with and meet up with irl.
π429π―120π87β€56π±42π«‘27π’21π19π₯°12π11π10
In the past hour a victim was drained for 12K spWETH ($32.4M)
Theft txn hash
0xf7c00f18175cdea49f8fdad6a1d45edeb318f18f3009f51ab9f4675171c1d8fb
Theft address
0x471c725Bd1F29850CBb8eeA4cdf6c9Ce3caC5607
h/t ScamSniffer
Theft txn hash
0xf7c00f18175cdea49f8fdad6a1d45edeb318f18f3009f51ab9f4675171c1d8fb
Theft address
0x471c725Bd1F29850CBb8eeA4cdf6c9Ce3caC5607
h/t ScamSniffer
π±203π113π€£28β€27π14π«‘8π7π€―6π5π₯°4π¦4
I went and attributed 15 exchange hot wallets on Starknet so they would be publicly tagged on block explorers as I noticed none were previously tagged anywhere (sharing them below).
Which ecosystem should I do next?
Any interested teams send me a message on X/Twitter.
Binance 0x0213c67ed78bc280887234fe5ed5e77272465317978ae86c25a71531d9332a2d
OKX 0x0269ea391a9c99cb6cee43ff589169f547cbc48d7554fdfbbfa7f97f516da700
Bybit 0x076601136372fcdbbd914eea797082f7504f828e122288ad45748b0c8b0c9696
Kraken 0x620102ea610be8518125cf2de850d0c4f5d0c5d81f969cff666fb53b05042d2
Kucoin 0x0566ec9d06c79b1ca32970519715a27f066e76fac8971bbd21b96a50db826d90
HTX 0x03fd14213a96e9d90563ebe1b224f357c6481a755ee6f046c8ce9acd9b8654a7
MEXC 0x069a7818562b608ce8c5d0039e7f6d1c6ee55f36978f633b151858d85c022d2f
Gate 0x00e91830f84747f37692127b20d4e4f9b96482b1007592fee1d7c0136ee60e6d
Bitget 0x0299b9008e2d3fa88de6d06781fc9f32f601b2626cb0efa8e8c19f2b17837ed1
HitBTC 0x04b555a99b585adf082754e5ea36e4202f13efa649e6ac16dfe8c0e217c454bc
CoinEX 0x00fb108ed29e1b5d82bb61a39a15bbab410543818bf7df9be3c0f5dd0d612cf3
ChangeNow 0x062b6edccf9d86aff918634e53f3fac9545a8bcf84bcb59a0a09f9194d18282d
XT 0x0786c463590ca32345e0118a0303a8f66af10882d7315ce282840feb5d6817f9
Bitrue 0x01a103074e6ea2f988b427c77e671207c20d6005d407a685eeee2e1f61028392
Bitmart 0x04de639e634c071c3ce8b1c69fac0500aab5ddb25a08fd0f757176243e4c0467
Which ecosystem should I do next?
Any interested teams send me a message on X/Twitter.
Binance 0x0213c67ed78bc280887234fe5ed5e77272465317978ae86c25a71531d9332a2d
OKX 0x0269ea391a9c99cb6cee43ff589169f547cbc48d7554fdfbbfa7f97f516da700
Bybit 0x076601136372fcdbbd914eea797082f7504f828e122288ad45748b0c8b0c9696
Kraken 0x620102ea610be8518125cf2de850d0c4f5d0c5d81f969cff666fb53b05042d2
Kucoin 0x0566ec9d06c79b1ca32970519715a27f066e76fac8971bbd21b96a50db826d90
HTX 0x03fd14213a96e9d90563ebe1b224f357c6481a755ee6f046c8ce9acd9b8654a7
MEXC 0x069a7818562b608ce8c5d0039e7f6d1c6ee55f36978f633b151858d85c022d2f
Gate 0x00e91830f84747f37692127b20d4e4f9b96482b1007592fee1d7c0136ee60e6d
Bitget 0x0299b9008e2d3fa88de6d06781fc9f32f601b2626cb0efa8e8c19f2b17837ed1
HitBTC 0x04b555a99b585adf082754e5ea36e4202f13efa649e6ac16dfe8c0e217c454bc
CoinEX 0x00fb108ed29e1b5d82bb61a39a15bbab410543818bf7df9be3c0f5dd0d612cf3
ChangeNow 0x062b6edccf9d86aff918634e53f3fac9545a8bcf84bcb59a0a09f9194d18282d
XT 0x0786c463590ca32345e0118a0303a8f66af10882d7315ce282840feb5d6817f9
Bitrue 0x01a103074e6ea2f988b427c77e671207c20d6005d407a685eeee2e1f61028392
Bitmart 0x04de639e634c071c3ce8b1c69fac0500aab5ddb25a08fd0f757176243e4c0467
β€271π83π₯54π«‘23π€£17π16π₯±10π4π2π2π2
Investigations by ZachXBT
I went and attributed 15 exchange hot wallets on Starknet so they would be publicly tagged on block explorers as I noticed none were previously tagged anywhere (sharing them below). Which ecosystem should I do next? Any interested teams send me a messageβ¦
Probably will do Solana, Sui, Base, Arbitrum, or Aptos at some point as the exchange attribution on those chains is awful for anyone who frequently checks the chain.
β€240π52π―37π₯20π«‘13π€£9π6π5π3π€¨3π₯°2
Sharing 13 high confidence wallets with $27.75M tied to MustStopMurad so people can track them. I made a longer post on X/Twitter explaining my rationale behind mapping out this cluster of wallets.
ETH
0x6b411100c72ba2445e50ffd20839c28b3546de7c
0xcbd0dee0c3eed152c3398b062361becc4a15522b
0x13fc38ec99a8217a06d1dc6db8c0bf0ee97ebf7f
0x71b4fd11eef705ba60176e7c034cd1a4f97ae02d
0x30b46a659761b576a00028b44d1e37fdc64b034d
0x5b1569db234a0f2884814a3f7184f01cf641b0c6
0x464e0a666734ba93e231d929ace538eaf05ff424
0xdb47714727cba70f0408ba30dc4ea0b5ac436055
0x52ba2171d6d0aaf6e817769b9d54576e79a98d1a
SOL
7QZGS7MQ4S6hRmE8iXoFTXgQ2hXVUCho2ZhgeWvLNPZT
GyBkVYkHBPMapyQeueQ6d44YthwqYiX4ajgnGLqq9P7r
2xn57hPD2v6ighJFPXNPSoiGUXkW4KKo8Hb3NpXmHZvZ
D38TJXnQuqAapH7uqhrHVj3AixHjtkB8DWT78m29WdPc
ETH
0x6b411100c72ba2445e50ffd20839c28b3546de7c
0xcbd0dee0c3eed152c3398b062361becc4a15522b
0x13fc38ec99a8217a06d1dc6db8c0bf0ee97ebf7f
0x71b4fd11eef705ba60176e7c034cd1a4f97ae02d
0x30b46a659761b576a00028b44d1e37fdc64b034d
0x5b1569db234a0f2884814a3f7184f01cf641b0c6
0x464e0a666734ba93e231d929ace538eaf05ff424
0xdb47714727cba70f0408ba30dc4ea0b5ac436055
0x52ba2171d6d0aaf6e817769b9d54576e79a98d1a
SOL
7QZGS7MQ4S6hRmE8iXoFTXgQ2hXVUCho2ZhgeWvLNPZT
GyBkVYkHBPMapyQeueQ6d44YthwqYiX4ajgnGLqq9P7r
2xn57hPD2v6ighJFPXNPSoiGUXkW4KKo8Hb3NpXmHZvZ
D38TJXnQuqAapH7uqhrHVj3AixHjtkB8DWT78m29WdPc
π309β€85π₯62π«‘42π32π‘16π€12π9π―8π7π₯±5
Tapioca DAO hack is likely the result of a team member downloading malware as the theft is tied on-chain to other recent hacks such as Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, MurAll, etc I have previously covered which were the result of fake job scams (contagious interview)
Stolen funds from this incident were bridged from Arbitrum to BSC where ~$4.7M currently sits.
0x69d91e56ca80f2a4d7b808b59053ea5c5505ffe2
Stolen funds from this incident were bridged from Arbitrum to BSC where ~$4.7M currently sits.
0x69d91e56ca80f2a4d7b808b59053ea5c5505ffe2
π96π±48β€28π17π€―11π₯9π‘7πΏ4π2π€1π€¬1
Investigations by ZachXBT
Tapioca DAO hack is likely the result of a team member downloading malware as the theft is tied on-chain to other recent hacks such as Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, MurAll, etc I have previously covered which were the resultβ¦
It also looks like Masa never disclosed their hack to the community for six figures on September 20, 2024.
Here are the theft addresses below and a screenshot of outflows from the Masa deployer
0x4c16506f257a3782dee8d245f9504439c21314f8
0x6483c58f4fd3c07ddad4c9b9b2756dc963d5dc0b
Here are the theft addresses below and a screenshot of outflows from the Masa deployer
0x4c16506f257a3782dee8d245f9504439c21314f8
0x6483c58f4fd3c07ddad4c9b9b2756dc963d5dc0b
π€£135π€38π±27β€19π15π5π4πΏ4πΎ4π‘4π€¬2
Looks like the crypto payments provider Transak was recently breached by a ransomware group who claims responsibility.
Transak in a blog post earlier today stated it is limited to names and basic identity info for a small portion of users while the ransomware group alleges it also includes PII and is a larger set of users.
According to Transak's website it has been integrated by Metamask, Trust Wallet, Coinbase, Ledger, etc for fiat to crypto on/off ramps
Transak in a blog post earlier today stated it is limited to names and basic identity info for a small portion of users while the ransomware group alleges it also includes PII and is a larger set of users.
According to Transak's website it has been integrated by Metamask, Trust Wallet, Coinbase, Ledger, etc for fiat to crypto on/off ramps
π135π€£39π38π€¬29β€15πΏ13π±10π₯5π₯°4π4π2
Investigations by ZachXBT
Looks like the crypto payments provider Transak was recently breached by a ransomware group who claims responsibility. Transak in a blog post earlier today stated it is limited to names and basic identity info for a small portion of users while the ransomwareβ¦
Update: Looks like Transak corrected the blog after my post to say the breach also included ID documents (passport, driver license, etc) and user selfies unlike what they previously said.
π240π€£86π56π€¬33πΏ14π13π₯12π’10π8π¦7π€·ββ2
Investigations by ZachXBT
Looks like $20M of seized funds tied to the US Government was likely stolen in the past hour. Theft address 0x3486ee700ccaf3e2f9c5ec9730a2e916a4740a9f 0xbf6f7c503e858aded4e18ce2bcf93846fd726c15 0x15d0a31ed5050ed8decd3c101aaee0b2ad2e6441
Update: The threat actor just transferred $19.2M back to the compromised US government address in the last 30 minutes.
This amount does not include the funds already transferred to instant exchanges (Switchain, HitBTC, N Exchange).
This amount does not include the funds already transferred to instant exchanges (Switchain, HitBTC, N Exchange).
π€£517π43π€39π28β€13π€ͺ12πΎ11π₯9π9πΏ6π6
The crypto exchange M2 was hacked for ~$13M from hot wallets on multiple chains yesterday.
Theft addresses
ETH: 0x968b6984cba14444f23ee51be90652408155e142
BTC: bc1qu4kh7wa38xpkrp8frgxl4sak88wx0jug8n3vfj
SOL: EKko14NvgqdvNttUb8JjXkVGuUs6BTikjfN3hqW4LQoL
Theft addresses
ETH: 0x968b6984cba14444f23ee51be90652408155e142
BTC: bc1qu4kh7wa38xpkrp8frgxl4sak88wx0jug8n3vfj
SOL: EKko14NvgqdvNttUb8JjXkVGuUs6BTikjfN3hqW4LQoL
π»74π24π23π±23π₯18π11π₯΄10π€£10πΎ6π€©4πΏ4
I did some initial tracing for the Andy Ayrey (Truth Terminal creator) hack this week which lead to $1.5M+ stolen from deploying multiple bundled meme coins and found one of the people involved in the incident appears to be a FWOG whale.
Theft consolidation address
0xcd27994d2a460e3f7bdee75974188040d7fe723e
6haUPtErdx5g88G6Rv4itwB37XzqvRjaCuJnn4J85Pro
Apc3eA9ScQksuZvfURQswZwVkusEYRaqeKEv4eXXbRZm
CAwocNV1VaEmXoi2XPnfcYZSxnJ3fBTiWNgtPtF3nriH
Holder address
AtdSsizerZZMVuStX4Ji5kAY1bPnNi9LdymfQ4DWuLcr
Theft consolidation address
0xcd27994d2a460e3f7bdee75974188040d7fe723e
6haUPtErdx5g88G6Rv4itwB37XzqvRjaCuJnn4J85Pro
Apc3eA9ScQksuZvfURQswZwVkusEYRaqeKEv4eXXbRZm
CAwocNV1VaEmXoi2XPnfcYZSxnJ3fBTiWNgtPtF3nriH
Holder address
AtdSsizerZZMVuStX4Ji5kAY1bPnNi9LdymfQ4DWuLcr
π217π57β€38π³18π₯΄16β€βπ₯13π«‘13π₯8π€6π4π2
Looks like the crypto casino Metawin was exploited for $4M+ on Ethereum and Solana earlier today.
See 115+ theft addresses tied to the exploiter here.
So far stolen funds have been transferred to Kucoin and a HitBTC nested service.
See 115+ theft addresses tied to the exploiter here.
So far stolen funds have been transferred to Kucoin and a HitBTC nested service.
π92π€£58π’22π14β€12π₯11π9π€9π6π4π4
Investigations by ZachXBT
I did some initial tracing for the Andy Ayrey (Truth Terminal creator) hack this week which lead to $1.5M+ stolen from deploying multiple bundled meme coins and found one of the people involved in the incident appears to be a FWOG whale. Theft consolidationβ¦
Do not buy the Wiz Khalifa Pump Fun it's the same hacker who compromised Andy Ayrey (Truth Terminal creator) the other day.
π€£324π142π«‘66β€36π±7π6πΏ6π4π¦4π₯3π2