Cryptocurrency Detective ZachXBT Uncovers Unusual ETH Withdrawals for MTG Cards

ZachXBT, a renowned cryptocurrency detective, has shared an analysis of a unique and unconventional use of significant cryptocurrency funds. According to his investigation, an unidentified individual withdrew over 11,200 ETH, valued at around $25 million, from Tornado Cash, a cryptocurrency tumbler known for its privacy features. This large sum of money was primarily used to purchase Magic The Gathering (MTG) trading cards, a popular collectible and competitive card game.

ZachXBT meticulously traced the flow of these funds, revealing a complex process involving multiple steps. The individual involved first withdrew the ETH in batches of 100 from Tornado Cash to a total of 11 different addresses. Following this, the ETH was converted to Wrapped Ethereum (WETH), which was then transferred to new addresses. The WETH was subsequently unwrapped back into ETH and converted into USDC, a stablecoin pegged to the US dollar. This USDC was then used to facilitate transactions with an MTG broker.

The identification of the MTG broker was a critical part of ZachXBT’s investigation. He discovered the broker’s involvement through cross-referencing usernames on Instagram and OpenSea, a popular platform for trading digital collectibles. Further inquiries into the broker’s on-chain interactions with MTG sellers provided additional clarity. Interestingly, the buyer’s behavior in these transactions was notable for several reasons. The individual appeared to be overpaying for the MTG items by about 5-10%, and the payments were made upfront in cryptocurrency. Despite these large transactions, the buyer’s identity remained unknown to the sellers.

The investigation also revealed that the funds were distributed to various deposit addresses associated with major cryptocurrency exchanges like Kraken, Bitpay, and Coinbase. This aspect of the investigation suggests a broader network of financial activities and raises questions about the origin and ultimate destination of these substantial funds.

ZachXBT’s analysis does not conclusively establish the source of the funds. However, he considers the possibility that they could have originated from top Tornado Cash depositors such as Anubis, Cashio, and Uranium. This speculation is based on the timing and magnitude of their activities in relation to the withdrawal and spending patterns observed.

This case stands out for its unusual combination of large-scale cryptocurrency transactions and the world of collectible trading cards. The considerable amount spent on MTG cards, along with the sophisticated methods used to mask the money trail, highlights the diverse and sometimes unexpected ways in which cryptocurrency can be utilized. It also underscores the ongoing challenges in tracking and understanding the flow of digital currencies, especially in cases where privacy tools like Tornado Cash are used. The case continues to garner interest as it sheds light on the complex and often opaque nature of cryptocurrency transactions.

Image source: Shutterstock


Tagged : / / / / / / / / / / / / / /

$27M USDT Theft Linked to Binance Deployer Address

A significant cryptocurrency theft has been reported, involving the loss of 27 million USDT (Tether). The incident was first brought to light by a tweet from ZachXBT, a well-known figure in the cryptocurrency community, known for his investigative work on crypto-related frauds and scams.

According to ZachXBT’s tweet, the theft occurred on November 12, 2023. The stolen USDT was rapidly converted into Ethereum (ETH) and then dispersed through various services, including FixedFloat and ChangeNow. Subsequently, the funds were bridged to Bitcoin via THORChain, a decentralized liquidity protocol.

An intriguing aspect of this case is the connection of the victim’s address to the Binance deployer. Binance, one of the world’s largest cryptocurrency exchanges, has been known for its robust security measures. The involvement of an address linked to Binance’s deployer raises questions about the security protocols and the potential vulnerabilities that could have been exploited in this theft.

The transaction ID provided by ZachXBT for the theft is 0x0f2183c8e415e61b4ad7774bf1097019eb2d5b85798a2a229070495131d60321. This transaction can be traced on the Ethereum blockchain, offering insights into the movement of the stolen funds.

The rapid conversion of the stolen USDT to ETH and the subsequent transfer to various services highlights the challenges in tracking and recovering stolen cryptocurrency funds. The use of decentralized exchanges and cross-chain bridges like THORChain further complicates the recovery process, as these platforms often do not have the same level of regulatory oversight or user identification requirements as centralized exchanges.

Recent months have seen a surge in significant crypto hacking incidents, highlighting the persistent vulnerabilities in the digital asset sector. One case was the LastPass hack in October, where hackers siphoned $4.4 million from over 25 users, underscoring the risks associated with digital security and password management. This event was closely followed by a major breach at the Poloniex exchange, resulting in a staggering loss of over $100 million in crypto assets, believed to be due to a private key compromise. In a related development, the digital asset lender Hodlnaut faced liquidation amid the crypto winter, affecting numerous users and creditors. These incidents collectively underscore the critical need for enhanced security measures and vigilance in the cryptocurrency industry, as investors and platforms alike navigate the complexities of digital asset security.

Image source: Shutterstock


Tagged : / / / / / / / / /

Fraudulent Ledger Live App in Microsoft Store Linked to $768K Cryptocurrency Theft

The cryptocurrency community faced a significant security breach when a fake Ledger Live application, titled “Ledger Live Web3,” appeared in the Microsoft App Store, leading to substantial financial losses for unsuspecting users. Notorious for mimicking the genuine interface of Ledger’s hardware wallet application, this fraudulent software managed to siphon off a sizeable sum before its removal.

Cryptocurrency investigator ZachXBT first brought attention to this scam on November 5, 2023, warning users of the counterfeit application. Analysis of the transactions to the scammer’s Bitcoin address (bc1q…y64q) revealed the theft of approximately 16.8 Bitcoins, amounting to around $588,000, through 38 transactions. Further scrutiny indicated an additional address associated with the scheme accumulating roughly $180,000 across the Ethereum and Binance Smart Chain networks.

Microsoft responded by removing the deceptive application following the uproar. However, questions about their app vetting process and accountability have risen, especially since it’s not the inaugural instance of such a scam. Reports from victims have intensified the call for stringent app store oversight and highlighted the risks associated with downloading cryptocurrency-related applications from less stringent sources.

The activity in the scammer’s wallet commenced with a transaction dated October 24, suggesting a well-orchestrated plan that escalated from November 2. The largest single transfer recorded was $81,200 on November 4. Historical data indicated that the faux “Ledger Live Web3” app was listed on Microsoft’s platform as early as October 19.

This event serves as a stark reminder of the dangers lurking in seemingly secure app stores and the importance of rigorous due diligence before downloading any financial management software.

Image source: Shutterstock


Tagged : / / / / / / / / Users Lose $385K in Ether to SIM-Swap Scammer

On October 5, 2023, a blockchain investigator by the name of ZachXBT stated that a single scammer had stolen 234 ETH, which is roughly comparable to $385,000, from four customers of over the course of a single day. A SIM-swap assault was carried out by the con artist in order to acquire unauthorised access to the accounts of the victims. It was determined that the same hacker who had drained the accounts of the four victims was responsible for the theft of the assets.

One of the victims, who goes by the Twitter handle “KingMgugga,” reported the incident while it was happening in real time, saying that they were “getting f—ing sim swapped watching it happen.” Another user who goes by the name “holycryptoroni” stated that they had a similar experience by adding, “I got swapped sorry.” In the early part of this week, four more customers of reported losing a combined total of around 109 ETH as a result of SIM-swap or phishing attempts.

It has been brought to people’s attention that the website, which is a platform that enables users to buy “keys” for access to private chat rooms, does not have very solid security measures. A company that specialises in ecosystem tools called Manifold Trading projected that twenty million dollars out of’s total worth of fifty million dollars locked might be at danger. The company strongly suggested that use two-factor authentication (2FA) in order to beef up the account’s level of protection.

The incident has also revived demands for Twitter to adopt two-factor authentication (2FA) security measures. This is particularly the case following the high-profile SIM-swap hack that occurred in September on the account of Ethereum co-founder Vitalik Buterin. Users are encouraged to delete their phone numbers from their social media profiles by “0xfoobar,” who is the founder and CEO of wallet security company Delegate. This is done in order to reduce potential hazards.

The incident comes amid growing concerns about the vulnerability of two-factor authentication (2FA) systems to SIM-swap attacks. On April 27, 2023, a report by Blockchain.News highlighted that a recent update to Google’s Authenticator app, which stores one-time codes in cloud storage, has raised security questions. The update makes users susceptible to SIM-swap attacks, where scammers can trick telecom operators into associating a victim’s phone number with their own SIM card. If a hacker gains access to the user’s Google password, they could compromise all authenticator-linked applications.

Image source: Shutterstock


Tagged : / / / / / / / / /

ZachXBT: Deceptive Promotions of Meme CBOT and BABYSHIB with Crypto Influencers Revealed

In a series of tweets, ZachXBT has brought to light alleged deceptive promotional tactics by certain crypto influencers surrounding the meme CBOT and Shiba Inu family BABYSHIB tokens.

According to the revelations, ZachXBT was provided with specific wallet addresses by an individual named Icarus, which were purportedly linked to the CBOT team’s token transactions. A significant portion of these tokens were reportedly sold off within a short span of 1-2 weeks.

The central issue revolves around the promotional strategies of these influencers. ZachXBT alleges that neither Trader NJ nor PetaByte, who were actively promoting these tokens, disclosed that they were compensated with a percentage of the token supply. Instead, they portrayed themselves as unbiased investors, misleading their followers into believing they had personally invested in the projects.

Further deepening the controversy, ZachXBT claims that these influencers:

Leveraged the names of other notable figures in the crypto community to negotiate a larger percentage of the token supply.

Provided false information to projects and then feigned innocence when confronted.

To back his claims, ZachXBT shared wallet addresses associated with both BABYSHIB and CBOT tokens, allowing for independent verification.

The crypto Twitter community was quick to react. AGT_D10S highlighted a broader concern, suggesting that many high-profile figures in the crypto world might be exploiting their followers, using them as an exit strategy for their investments. ZachXBT concurred with this observation.

The revelations underscore the importance of transparency and ethical practices in the rapidly evolving crypto space, especially as influencers wield significant power over their followers’ investment decisions.

ZachXBT’s Pursuit of Transparency in the Crypto World

ZachXBT, renowned for unveiling scams and deceptive practices in the crypto realm, delved into the FTX hack, dispelling several circulating rumors. On November 20, 2022, he refuted claims that Bahamian authorities orchestrated the FTX attack and that exchanges knew the hacker’s identity. He emphasized that the 0x59 wallet address, linked with the hacker, showed distinct behavior from other addresses, suggesting it wasn’t affiliated with FTX or the Securities Commission of the Bahamas (SCB).

ZachXBT also challenged the narrative that Kraken had identified the hacker, suggesting the identified individual was merely FTX securing assets. He further debunked rumors about the FTX hacker trading memecoins, citing potential “spoofed” Ethereum network transactions.

A few months ago, ZachXBT surpassed his fundraising goal, securing over $1 million in donations from crypto industry giants like Binance CEO Changpeng Zhao and Kraken co-founder Jesse Powell. This support comes amidst a lawsuit filed by Huang Licheng, accusing ZachXBT of defamation. Despite the legal challenge, ZachXBT remains steadfast in defending free speech, highlighting the crypto community’s commitment to truth and transparency.

Disclaimer & Copyright Notice: The content of this article is for informational purposes only and is not intended as financial advice. Always consult with a professional before making any financial decisions. This material is the exclusive property of Blockchain.News. Unauthorized use, duplication, or distribution without express permission is prohibited. Proper credit and direction to the original content are required for any permitted use.

Image source: Shutterstock


Tagged : / / / /

ZachXBT’s Defamation Lawsuit Receives Over $1 Million in Donations as Prominent Figures Rally Support

In a surprising turn of events, renowned on-chain analyst ZachXBT has exceeded his initial fundraising target, amassing a staggering $1,055,233 in donations, according to Nansen data. This remarkable achievement has been made possible through contributions from various entities and influential figures within the crypto industry.

Prominent supporters include Binance CEO Changpeng Zhao, Coinbase Cloud’s protocol lead Viktor Bunin, CertiK, Justin Sun, Kraken co-founder Jesse Powell, and Polygon’s founder Sandeep Nailwal.

Changpeng Zhao, in a tweet, expressed Binance’s commitment by pledging $50,000 to the cause, while urging ZachXBT to persevere in his fight and emphasizing the importance of transparency in the industry.

Jesse Powell also expressed gratitude for ZachXBT’s work and pledged a donation of 10 ETH.

Brown Rudnick partner Palley, along with Jess Meyers and the team at Brown Rudnick, expressed their honor in representing ZachXBT’s mission to speak truth to power.

Sandeep Nailwal, founder of Polygon, praised individuals like ZachXBT for their contributions and pledged 5 ETH to support the legal battle.

The lawsuit filed by Huang accuses ZachXBT of damaging his reputation through false allegations made in an article published by ZachXBT approximately a year ago. Huang vehemently denies the allegations and is determined to prove their falsity through the legal proceedings. In a recent tweet, Huang stated that he initially expected an apology and expressed his intention to donate any monetary compensation received to charity.

Huang Licheng(Jeffrey Huang),known as MachiBigBrother on Twitter, a former American-Taiwanese musician and technology entrepreneur, had been involved in a controversial incident in 2018 when he allegedly misappropriated 22,000 ETH from Formosa Financial. Furthermore, over the past four years following the collapse of Formosa Financial, Huang has been associated with a series of unsuccessful token launches and NFT projects.

In response to the lawsuit, ZachXBT expressed disappointment and asserted that the legal action taken against him is an attempt to stifle free speech. He remains resolute in his commitment to fight back and defend the principles of free expression.

To cover the legal expenses and protect the freedom of speech, ZachXBT has set up a donation wallet address for his followers and the wider community.This legal dispute has garnered significant attention within the industry, with key players showing their support for ZachXBT’s cause. The influx of donations and the rallying behind the principle of free speech highlight the crypto community’s dedication to transparency, accountability, and the pursuit of truth.


Tagged : / / / / / / / / / / / /

Massive Atomic Wallet Hack Revealed: Over $35M Stolen across Multiple Cryptocurrencies

On-chain investigator ZachXBT has reported a significant security breach on Atomic Wallet, a leading non-custodial decentralized wallet wallet. The hacker targeted various cryptocurrencies, managing to steal more than $35 million across different chains, according to ZachXBT’s updates on Twitter.

In his series of tweets, ZachXBT noted the discovery of a new victim on the Tron blockchain with a massive loss of 7.95 million USDT tokens, making it the largest individual theft on Tron to date. The five biggest losses reported from this attack on Atomic Wallet accounted for $17 million.

The investigator also revealed that the largest individual loss from the hack was a wallet stripped of $3.5 million, equivalent to 1897 ETH. The cumulative losses of the five biggest victims totaled a shocking $9.7 million.

ZachXBT’s compiled data indicates the worrying scale of the hack, which affected multiple blockchains. The stolen funds have been traced across Bitcoin, ETH, Tron, Binance Smart Chain (BSC), Cardano (ADA), Ripple, Polkadot, Cosmos, Algorand (Algo), Avalanche (Avax), Stellar Lumens (XLM), Litecoin (LTC), and Dogecoin (DOGE). His graph, indicating the scale of the attack, has exceeded $14 million, with ZachXBT estimating the total amount pilfered to be at least $20 million.

The on-chain expert warned users to be vigilant against phishing attempts, which have spiked in the aftermath of the breach. Scammers have reportedly been posting fake Atomic Wallet refund tweets to take advantage of desperate victims.

He also shared more insights about the hack, revealing that besides the largest single victim who lost 2.8M USDT, there have been multiple other victims suffering six-figure losses across different chains. He thanked the victims who had reached out and shared their transaction hashes, adding that the root cause of the breach is yet to be determined.


Tagged : / / / / /

Crypto sleuth debunks 3 FTX hack myths

On-the-job detective ZachXBT has taken to Twitter to clear up what he calls a “lot of disinformation” about the FTX hack and the individuals who may be responsible for it. He has shared the research he did on what he thinks are the three most common mistakes people make about the breach.

The self-proclaimed “on-chain detective” dispelled many rumours in a long message on Twitter on November 20. Rumours circulated that Bahamian authorities were behind the FTX attack, that exchanges were aware of the hacker’s true identity, and that the perpetrator was trading memecoins.
On November 11, the same day that FTX filed for bankruptcy, the cryptocurrency community started reporting strange transactions on wallets affiliated with FTX. These transactions included the movement of more than $650 million out of the wallet.
The Securities Commission of the Bahamas (SCB) issued a statement on November 17 in which it stated that it had ordered the transfer of all digital assets of FTX to a digital wallet owned by the commission around that time. Some people thought that the SCB was behind the alleged “hack,” even though no one has been officially named as the culprit.
However, ZachXBT argued that the 0x59 wallet address associated with the hacker was a blackhat address and was not affiliated with either the FTX team or the SCB because it “began selling tokens for ETH, DAI, and BNB and using a variety of bridges so crypto couldn’t be frozen on 11/12.” ZachXBT’s reasoning was based on the fact that the address “began selling tokens for ETH, DAI, and BNB and used a
“The fact that 0x59 was dumping tokens and bridging sporadically was very different behaviour from the other addresses who withdrew from FTX and instead sent to a multisig on chains like Eth or Tron,” he added. “The behaviour of the other addresses who withdrew from FTX and sent to a multisig on chains like Ether or Tron was much more consistent.”
Zach further mentions that the blackhat wallet spoke with another wallet known as 0x24, which, according to Zach, “had highly suspect behaviour on-chain utilising dodgy services.”
ZachXBT also brought to light the possibility of erroneous information regarding the assertion that “Kraken or other exchanges” had uncovered the identity of the hacker.
Since Kraken’s chief security officer said in a post on November 12 that “We know the identity of the user,” the rumour has been going around.
According to Zach, “In fact,” the person who was labelled as the hacker was probably simply the FTX group securing assets to a multi-signature wallet on Tron using Kraken since the FTX hot wallet had run out of gas and was unable to process transactions.
ZachXBT concluded his argument by addressing the persistent claim that the FTX hacker is involved in the trade of memecoins. This rumour was first brought to light by the blockchain analytics company CertiK.
Instead, the blockchain detective asserts that the transactions on the Ethereum network have been “spoofed.” As evidence, the blockchain detective cites a blog post written in March by an Etherscan community member named Harith Kamarul, who describes how transactions may be faked.


Tagged : / / /

Co-founder of defunct exchange QuadrigaCX allegedly runs Wonderland

In a series of twitter posts published Jan. 27, decentralized finance (DeFi) investigator zachxbt seemingly unveiled the true identity of previously anonymous QuadrigaCX co-founder Michael Patryn, doxxing him to be that of @0xSifu, the founder of DeFi protocol Wonderland.

Following the publication of private messages between zachxbt and Daniele Sesta — the founder of Wonderland and Abracadabra — Sesta tweeted his perspective on the case, stating that “I have no bias about @0xSifu he has became a friend and part of my family and if my reputation of judgment will be hit by his dox, than be it.”

A recent blog written by Sesta reveals that he became aware of Sifu’s career background just one month ago, but decided to maintain his role as treasury manager based upon principles of second chances. However, following passionate public outcry in response to his tweets this morning, Sesta took a moment to reflect upon the situation and concluded that:

“I have decided that he needs to step down till a vote for his confirmation is in place. Wonderland has the say to who manages its treasury not me or the rest of the wonderland team.”

On Jan. 9, Sesta declared his bullishness on projects in which the founders and teams reveal their personal identity, stating that “Doxxed teams tokens will outperform anons ones. Pay attention.”

This is a common theme witnessed in the DeFi and NFT space to support the evolution of the brand from a purely web-dimensional entity, to a global physical and digitally interactive community.

Wonderland emerged into the space in September 2020 as a fork of the Olympus DAO, launching on the Avalanche network. The community denotes themselves as “frogs,” but the decentralized reserve currency protocol hasn’t made great leaps in the market as of yet.

According to current data from the website, the protocol has $360 million in total value locked (TVL), while its native asset, TIME is down almost 97.5% from all-time highs just two months ago, and down 30% today to $355.

In the last week, the founders intervened with a quantitative-easing type strategy of injecting millions of dollars into the projects in a desperate bid to stem the price bloodshed. 

Related: QuadrigaCX Co-Founder Michael Patryn Is Actually Convicted Criminal Omar Dhanani

The QuadrigaCX saga began following the untimely passing of Gerald Cotten, the co-founder of Canadian-based cryptocurrency exchange in December 2018. In the days that followed, allegations emerged that in excess of $145 million of customers funds were misplaced, with the team citing an inability to locate the encrypted passwords to the cold storage wallets.

In the years that followed, an ongoing legal battle commenced between the estimated near 20,000 claimants and the exchange, with trustee firm Ernst & Young revealing in late 2020 that they only have approximately $29.8 million in assets to distribute in comparison to the $171 million worth of claims.

The story sparked the interest of streaming and production giant Netflix, which has recently announced that a documentary film dramatizing the mystery surrounding Cotten’s death and subsequent financial fallout is in the works.

Titled, Trust No One: The Hunt for the Crypto King, the film is set to premiere in 2022, and detail the suspected malice of QuadrigaCX in orchestrating a rug-pull as per countless personal accounts from the community base.