46987
Reports, news, & insights shared by ZachXBT Donation address EVM 0x9D727911B54C455B0071A7B682FcF4Bc444B5596 SOL investigations.sol
On-chain clown of the day: The Pancake Bunny exploiter accidentally transferred $3.6M to the DAI contract address 8 hrs ago
0x72df3d8b97b92188eb7516277836fd07e994b276c858052815a398cc52c91bc1
Renzo Discord is currently compromised do not click any links for the moment.
Читать полностью…
Looks like the Indian crypto exchange WazirX was potentially hacked for $230M+
Primary theft address
0x04b21735E93Fa3f8df70e2Da89e6922616891a88
Attacker still has $100M+ worth of SHIB and $4.7M+ FLOKI to sell
Update: My tracing thus far on the incident
Sharing the $25M ransom payment made by CDK on June 21, 2024 to BlackSuit.
Transaction hash
8a41d7a6b75580f34f177628c39bd52ae9c8adc633fb5c874b3a09b253f3d4ef
Address
bc1q0c03s0c80uuxjq4jcyfhs4k8w5wu6ca9xhxsw9
Funds were then transferred to multiple centralized services after.
Someone was just drained an hour ago for 6 X Bored Apes and 40 x Beanz NFTs
Theft address
0x0CDa1f8F94fA4301C6fD0740268cb41e1654D28C
Victim address
0xd7b2879c8922cd704e41e8cc1f18f6994d6b7c36
US government just transferred 3940 BTC ($243M) of funds from the Silk Road hack to Coinbase Prime
Transaction hash
0f3f9a7c01d85c5747a3ae6cc9621cc30360390c4b681c1f95573e6bbcffed4f
Deposit address
3FGcXf5HiPkitjQp4xjGu7Gte6aK7w43su
I conducted a timing analysis and found highly probably BTC withdrawals made shortly after the AVAX deposits at both Coinbase and Binance
587.75 BTC ($38.1M) was withdrawn from Coinbase to:
bc1q7pkc7h8td55s4em7tmlvd42wahjd4hm8lf035n
122.66 BTC ($7.95M) was withdrawn from Binance to:
bc1qezradgkklz3gczk9jjzn922ye7pgj4yd9pnupv
Update: This is likely due to the BTCTurk hack
The crypto exchange Bitforex mysteriously went offline in February 2024 and its crypto assets were transferred out without any communication from the team.
An address tied to the exchange holding $43M of assets just woke up and transferred ETH to a new address.
New address
0x14b0cB518EDF83e49e636047Db8853A4CAC6A1ff
A TAO holder had $11.2M (28.2K TAO) stolen from them on June 1, 2024.
Theft address
5G9Dpkg34SG3is47MzAjBdmV5iosGt1EJypFHzMPokkbymRA
0x09f76d4fc3bce5bf28543f45c4cee9999e0a0aaf
The attacker bridged the stolen funds to Ethereum and has been selling TAO for ETH and USDC. As of now they have 12.4K TAO ($5M) remaining and have been transferring USDC/ETH to Whitebit, HTX, & Binance.
Someone was phished three minutes ago for $2.1M
Theft txn
0xa2aecccebe5fef03ca18dbcf890e3d4ea73bd17361b15df77ac9704b2d12f389
Theft address
0x41671a8219fF70b19e0D523C7d0C711c1AfCBB7e
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
Someone was phished for $6.9M (~1807 Ether.fi-Liquid1) 27 minutes ago
Theft txn hash
0xd66e105f29843bf3766d36c910b85c4a194408a7d20f193b39356a39c73d74c8
Theft address
0xE56978D5F7E728C3AE545b2a0882F8BEeC50a19d
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
Last year this victim was also phished for $638K (2929 BNB)
The admin for the drainware service “Pink Drainer” just announced they will be shutting down after $75M+ stolen.
Читать полностью…
It appears the crypto exchange Rain was likely exploited for $14.8M on April 29, 2024 after their BTC, ETH, SOL, and XRP wallets saw suspicious outflows. Funds were quickly transferred to instant exchanges and swapped for BTC and ETH.
As of now Rain has yet to make any statement about the incident.
Stolen funds currently sit
137.9 BTC
bc1q53aawrkpt5lvk2e30z36unvmhqqdru7q4rprp2
1881 ETH
0x197bc094f990261fd6841342901c451858756c28
Update: The address poisoning scammer who stole $68M last week messaged the victim on-chain asking for their Telegram and has sent $34.7M back so far.
Transaction hash
0xbf38e389b6b584642fffa4ea923637789cbdc667a3e379a8d72e02df087cb8a9
Someone just was phished 10 minutes ago for three bored apes
Theft txn
0x13e193fb79352c5aa5f4617c6b5ec9fe61ed2c02f3c1ee532f3629159845e017
Theft address
0x5Fbb6DD8e2F3732d64f4088e8e0DB24479342A87
Someone was phished for $4.69M worth of PT-ezETH & PT-sz-rsETH an hour ago.
More than $23.2M has been phished from Pendle users since March 2024
Theft transaction hash
0x7357787481b25c99b61912af8159f866d4ff2e7d97039425b529e2890b23c4f6
0x26820ddb9aeb9a74ac757be5e182c83ec20443d2273bbd68d1d1fa86f2b131a0
As a way to reduce spam on X (formerly Twitter) the team will soon be adding a way to disable links in the replies.
Hopefully this will cut down on all of the gold verified phishing scams under the replies of posts we see so frequently.
The Ethena Discord server is currently compromised do not click links for the time being.
Читать полностью…
Community Alert: Compound Finance website seems to potentially be hijacked do not visit the site for the time being.
Currently redirects to a newly registered phishing site.
Update: Compound Team resolved this
Update: Bittensor was halted due to additional thefts earlier today potentially as a result of private key leakage.
New theft address of 32K TAO($8M)
5FbWTraF7jfBe5EvCmSThum85htcrEsCzwuFjG3PukTUQYot
Online casino Sportsbet was likely hacked for $3.5M+ by the same threat actor as BTCTurk two hours before as funds from the thefts comingled.
Theft address
TDgZKxhyFQWCsNK1p7d1tVifeuW2DJTUEo
TQWSmSqns2BLczLEMpy96tNq3MagM66H4b
TJZ8NNxJETGDzGaWwSHwjGrzzz2Zhvexo2
AVAX is down 10% over past few hours likely due to this entity that started moving transferring 1.96M AVAX ($54.2M) to Coinbase, Binance, Gate, and bridging via THORChain.
0x327a81d0d128db8886d265be73c9fdda97194f30
Someone was drained for ~$2M worth of meme coins 16 hours ago
Currently the attacker still holds 4.2B ANDY ($1M).
I would closely monitor this address from the theft in the short term if you hold ANDY
0x238C20121768919a6A608E7a6B5D080d0040fc7c
The rest of the coins have already been sold for ETH.
It seems they likely fell victim to the phishing site posted from the compromised Renzo Protocol X account.
Читать полностью…
Which one of you hacked Caitlyn Jenner lol
Читать полностью…
A few weeks ago I published research on 25 Lazarus Group hacks which resulted in $3.8M frozen.
I am sharing 7 additional wallet addresses which currently hold $61.8M (891 BTC) tied to these hacks.
bc1qw88pehjuejym9jyfgn6vn4aaw7q232hlyzzn6f
bc1q27vxzyuh4vqwt3u9aqpuk7z5xtgz9y0tqxzesq
bc1q62clzxr4vcycjfdqe33ake4dk9fenkpaddkteq
bc1qfad2yxulctgz6g6tw635n52cw3v7wxydmtmd0f
bc1q972gcd3ywyc2n2p5lzs5mdwra5q8nymzg0qlx0
bc1qfenmgt8x2ndhm00xsv09snvandvl9j9w0fhtzw
bc1qmd3kzw0ge45eag7qpuhyxa5kdv4hqh3kxp44dg
Someone was phished 5 minutes ago for $1.25M worth of wstETH
Theft txn
0xd7ef4ea3d08fb101544e4a21047c8d05d016211096a6180c9d4f2b055bdeaf68
Theft address
0x58EfE9AeE1b12053f4C58233B75c319412CB0614
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
If you send me a DM or tag me on X/Twitter asking me to look into a meme coin I am muting or blocking you for wasting my time.
My notifications have gotten unbelievably low quality over the past few months.
Here are some examples:
On-chain clown of the day: This person accidentally sent 51K USDT to the USDT contract address 5 minutes ago
Transaction hash
0xb6e3e77c7c5f8b4fe2dc49b35a7018c28d948d20661971e5160abffcd0325609
Someone was drained for $18M (~5800 ETH) from their Coinbase account 9 hours ago. Funds were immediately transferred to instant exchanges and bridged to Bitcoin via THORChain, Defiway, and Wan Bridge.
Theft address
0xf2fB2844C46C19A623957Ed6DBaB148301B18161