Investigations by ZachXBT

02 Dec 2023 04:04

Update: Velodrome and Aerodrome frontends are now compromised once again.

Embarrassing their provider (Porkbun) got social engineered a second time like this.

https://x.com/velodromefi/status/1730782369185927225
https://x.com/aerodromefi/status/1730782403763794078

Investigations by ZachXBT

12 Nov 2023 18:42

Seems like this person lost 27M USDT yesterday.

0x0f2183c8e415e61b4ad7774bf1097019eb2d5b85798a2a229070495131d60321

Funds were immediately swapped for ETH and bridged via THORswap to Bitcoin and transferred to multiple services (FixedFloat, ChangeNow, SideShift, OKX, WhiteBit, Binance)

Investigations by ZachXBT

02 Nov 2023 02:47

It looks like the Onyx Protocol exploiter sent ~23.9 ETH to three different addresses who begged the exploiter for funds on-chain.

Investigations by ZachXBT

29 Oct 2023 08:21

They went again tonight with a new sign

Investigations by ZachXBT

27 Oct 2023 02:56

Two other people on Reddit reported receiving the same Trezor phishing email today.

Investigations by ZachXBT

25 Oct 2023 22:28

Update: Here’s the chart on MEXC

Investigations by ZachXBT

25 Oct 2023 20:28

X/Twitter just enabled audio and video calls by default for anyone you follow.

Go to settings -> privacy and safety -> direct messages to disable this on the app.

Investigations by ZachXBT

18 Oct 2023 02:03

The American rapper “Nelly” has their X/Twitter account compromised.

Investigations by ZachXBT

06 Oct 2023 20:20

It appears burgel.eth was drained for ~$3M across multiple wallet addresses earlier this week likely as the result of a private key compromise.

The funds were consolidated into one theft address before they were deposited into Tornado Cash after.

Main theft address
0x3a77c47cd683cf0b4e6bbd43683816e106ef3bec

Investigations by ZachXBT

04 Oct 2023 20:07

If you hold HyPC on Ethereum I would dump rn. This OTC scammer is about to unload $492K worth of it.

Scammer address
https://etherscan.io/token/0xea7b7dc089c9a4a916b5a7a37617f59fd54e37e4?a=0x43cae3f6bbf42276ea1a976477b17cc72acf74c4

Investigations by ZachXBT

13 Sep 2023 12:41

Update: This hack appears to have been done by North Korea.

One hour ago they were moving funds from the CoinEX hack to 0x75 on OP.

0x75 on Polygon was funded from the $41M Stake hack.

Investigations by ZachXBT

10 Sep 2023 01:08

0x4eF6f0d3f94fF609ACef88068b1FC66a1184b3f3

$147K drained so far

Edit: $700K+ drained

Investigations by ZachXBT

07 Sep 2023 05:00

It appears a whale was phished for $24.2M worth of stETH & rETH earlier today

0xb91d7b1440745aa07409be36666bc291ecc661e424b21b855698d488949b920f
0xcbe7b32e62c7d931a28f747bba3a0afa7da95169fcf380ac2f7d54f3a2f77913

Investigations by ZachXBT

28 Aug 2023 15:29

This top Bitcoin address has been laundering $265M through multiple Bitcoin mixers in recent months after being funded with 10,000 BTC from Binance in May 2018

1EU2pMence1UfifCco2UHJCdoqorAtpT7

Investigations by ZachXBT

25 Aug 2023 16:18

There has already been another six SIM swaps since my post earlier this week bringing the total to 59 public incidents

19-Aug-2023 Faraway
19-Aug-2023 Kroll employee
19-Aug-2023 Supreme Kongs founder
22-Aug-2023 Pixels Online
22-Aug-2023 Swaap Finance
23-Aug-2023 Strike

Investigations by ZachXBT

29 Nov 2023 09:33

Careful both Velodrome and Aerodrome frontends are currently compromised. So far $133K+ drained.

Theft addresses
0x02BA13f39D7df9C3F7592257b636eD6C7CC4ae78
0xf64fCEdFCe714Bbe835761e54D7067f2f8231443

Velodrome tweet
https://x.com/velodromefi/status/1729771762752135463
Aerodrome tweet
https://x.com/aerodromefi/status/1729771968717541711

Investigations by ZachXBT

08 Nov 2023 21:01

It looks like the Austrailian crypto exchange CoinSpot was just drained for ~$2M worth of ETH from their hot wallet. Funds were then bridged to Bitcoin via Thorswap and Wan Bridge.

Investigations by ZachXBT

30 Oct 2023 16:26

Seems like a potential breach for Strike.

A bunch of people reported receiving phishing emails to the email address associated with their Strike account over the weekend.

Investigations by ZachXBT

28 Oct 2023 19:14

A group of phishing scammers got bottle service last night in Canada and one of them sent me this video.

Investigations by ZachXBT

27 Oct 2023 01:10

Be careful this person just received a phishing email to the email address associated with their Trezor purchase.

This was a fresh email specifically created for the purchase and it was purchased 6 months ago.

Seems like a potential data breach for Trezor or Evri (UK delivery company which shipped the Trezor).

Reached out to Trezor for comment but their team has not responded at the time of this message.

Investigations by ZachXBT

25 Oct 2023 22:10

Fyi the same OTC scammer just scammed another project for 500K PPT ($194K) on BSC.

0xaf89549a535165fd194bb44b959e9b0bd4e204a12e58ef4251fd2ed05bfef470

They just sent the tokens to MEXC to market dump like the previous time I would assume.

I tried warning their team 20+ min before the OTC scam took place but did not receive a response.

Investigations by ZachXBT

18 Oct 2023 02:03

They are currently messaging people in an attempt to social engineer them into using a phishing site.

Investigations by ZachXBT

09 Oct 2023 02:21

Optimism retroactive public goods funding round 3 applications are live rn until October 23. It is a good way to receive funding/grant if you believe you have contributed postively to the Optimism ecosystem in the past as a project or individual. As a major change from previous rounds you no longer have to be nominated to apply.

Just wanted to share bc as this bear market drags on it becomes harder and harder to receive funding. I previously received a grant in the last round as a result of some of my prior work for the space.

Sign up link
https://app.optimism.io/retropgf-signup

Guidelines
https://plaid-cement-e44.notion.site/RetroPGF-3-Application-Guidelines-6942e743b28e4cc1a53a5e7d781f2bf4

Investigations by ZachXBT

04 Oct 2023 20:20

Hope some people were able to frontrun them

Investigations by ZachXBT

25 Sep 2023 06:30

The Mixin team just announced they were hacked for $200M worth of ETH, BTC, USDT on September 23 (h/t SlowMist)

Theft addresses
0x52E86988bd07447C596e9B0C7765F8500113104c
0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e
0xB5d631A74AD9c9efcF96d6e9e2fAbcB75C67Eafa
bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes

Investigations by ZachXBT

12 Sep 2023 17:02

It appears the hot wallets for CoinEX are currently being drained for $54M+ so far on ETH, TRON, BSC, BTC, XRP, and Polygon.

ETH
0x8bf8cd7F001D0584F98F53a3d82eD0bA498cC3dE
0x483D88278Cbc0C9105c4807d558E06782AEFf584
0xCC1AE485b617c59a7c577C02cd07078a2bcCE454
TRON
TPFUjxQzG88Vwynrpj2W61ZAkQ9W2QYgAQ
BSC
0xc844f7178379782ec19f3ee6e399f2eb7b2b984f
BTC
1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH
XRP
rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf
SOL
G3udanrxk8stVe8Se2zXmJ3QwU8GSFJMn28mTfn8t1kq
Polygon
0x4515bE0067E60d8e49b2425D37e61c791C9B95e9
BCH
qrgxyhj8rzl4l7fgauu6q6vtu2grct4jeyrnaq2s75

Investigations by ZachXBT

10 Sep 2023 00:57

Vitalik Twitter is compromised do not click any links

Investigations by ZachXBT

02 Sep 2023 04:18

An unknown entity made a $24 million BTC ransomware payment recently which has gone unreported by mainstream media.

bc1qqldfv7h0ysn0szh9uasa7ldru287yxkljw8he0

The funds were laundered through MEXC, OKX, Huobi, Binance and bridged to ETH via Thorchain.

Investigations by ZachXBT

28 Aug 2023 01:26

Hopefully we will get Etherscan on zkSync soon.

Investigations by ZachXBT

25 Aug 2023 06:55

A friend just received an FTX phishing email they believe to be from the recent Kroll data beach. Be careful.