Media is too big
VIEW IN TELEGRAM
BREAKING: Cambodian authorities arrest and extradite Prince Group head Chen Zhi to China amid global fraud crackdown.
This alleged mastermind of Asia's largest scam empire faces US charges for pig butchering schemes and money laundering, with nearly $12 billion in Bitcoin seized from investment fraud targeting victims worldwide.
Chen reportedly transformed his conglomerate into a transnational crime network, running scam centers with forced labor, trafficking workers from China to deceive people into fake crypto investments.
The operation spanned over 100 companies in 30+ countries, evading justice through bribes and political ties in China.
US sanctions target Chen, his executives, and linked entities, while China convicts staff for related crimes.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
This alleged mastermind of Asia's largest scam empire faces US charges for pig butchering schemes and money laundering, with nearly $12 billion in Bitcoin seized from investment fraud targeting victims worldwide.
Chen reportedly transformed his conglomerate into a transnational crime network, running scam centers with forced labor, trafficking workers from China to deceive people into fake crypto investments.
The operation spanned over 100 companies in 30+ countries, evading justice through bribes and political ties in China.
US sanctions target Chen, his executives, and linked entities, while China convicts staff for related crimes.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
β€3
SAVE THIS: How the $2.3M "Support Scam" Actually Works πΈ
Stage 1: The Hook
- "Your account has suspicious activity"
- Looks like real exchange notification
- Urgent language + deadline pressure
Stage 2: The Trap
- Link goes to fake site (binance support . com vs binance . com)
- Asks for seed phrase "to verify"
- OR: malicious wallet approval
Stage 3: The Drain
- Funds move in seconds
- Through 5-10 wallets immediately
- Lands at major exchange within 6 hours
Stage 4: The Race
β You report it
β We trace it
β Exchange freezes it
β Law enforcement recovers it
But only if you're FAST.
Average time victims realize they're scammed: 4 hours
Average time to freeze stolen funds: 23 hours
That 19-hour gap? That's where we work.
Stage 1: The Hook
- "Your account has suspicious activity"
- Looks like real exchange notification
- Urgent language + deadline pressure
Stage 2: The Trap
- Link goes to fake site (binance support . com vs binance . com)
- Asks for seed phrase "to verify"
- OR: malicious wallet approval
Stage 3: The Drain
- Funds move in seconds
- Through 5-10 wallets immediately
- Lands at major exchange within 6 hours
Stage 4: The Race
β You report it
β We trace it
β Exchange freezes it
β Law enforcement recovers it
But only if you're FAST.
Average time victims realize they're scammed: 4 hours
Average time to freeze stolen funds: 23 hours
That 19-hour gap? That's where we work.
β€3
CASE STUDY: How ego exposes crypto thieves
ZachXBT identified scammer "John" after he bragged about $23M in wallets during a group chat argument with another fraudster.
The exposure:
John engaged in a "band for band" flex (showing who has more crypto) with Dritan Kapplani Jr. The entire interaction was recorded, with John revealing multiple wallet addresses to prove his wealth.
ZachXBT traced the funds back to over $90M in alleged thefts, including:
$24.9M from US government address (linked to 2024 Bitfinex hack seizure)
$63M+ from alleged victims in Q4 2025
$12.4M deposited from MEXC exchange
John actively boasted in Telegram, calling others "broke." After exposure, he quickly deleted all identifiable information and changed his handle.
The lesson: Scammers who brag about stolen funds create their own evidence trail. A recorded flex became a prosecution roadmap.
Blockchain forensics always catches up.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
ZachXBT identified scammer "John" after he bragged about $23M in wallets during a group chat argument with another fraudster.
The exposure:
John engaged in a "band for band" flex (showing who has more crypto) with Dritan Kapplani Jr. The entire interaction was recorded, with John revealing multiple wallet addresses to prove his wealth.
ZachXBT traced the funds back to over $90M in alleged thefts, including:
$24.9M from US government address (linked to 2024 Bitfinex hack seizure)
$63M+ from alleged victims in Q4 2025
$12.4M deposited from MEXC exchange
John actively boasted in Telegram, calling others "broke." After exposure, he quickly deleted all identifiable information and changed his handle.
The lesson: Scammers who brag about stolen funds create their own evidence trail. A recorded flex became a prosecution roadmap.
Blockchain forensics always catches up.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
π2
BREAKING: $717K exploit hits XPlayer Media on BNB Chain
Web3 gaming platform XPlayer Media suffered a $717K exploit after an attacker abused a vulnerability in the smart contract's token burn mechanism.
The attacker exploited a flaw in the burn function, allowing unauthorized extraction of funds.
Attacker address: 0x9779341b2b80ba679c83423c93ecfc2ebcec82f9f94c02624f83d8a647ee2e49
CertiK identified the exploit and the attacker's address has been frozen with "USDT Frozen Address" label.
This marks another smart contract vulnerability in the Web3 gaming space where burn mechanisms create attack surfaces when not properly audited.
For projects: Audits are not optional.
For victims: Time is critical for tracing stolen funds.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
Web3 gaming platform XPlayer Media suffered a $717K exploit after an attacker abused a vulnerability in the smart contract's token burn mechanism.
The attacker exploited a flaw in the burn function, allowing unauthorized extraction of funds.
Attacker address: 0x9779341b2b80ba679c83423c93ecfc2ebcec82f9f94c02624f83d8a647ee2e49
CertiK identified the exploit and the attacker's address has been frozen with "USDT Frozen Address" label.
This marks another smart contract vulnerability in the Web3 gaming space where burn mechanisms create attack surfaces when not properly audited.
For projects: Audits are not optional.
For victims: Time is critical for tracing stolen funds.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
β€2
SECURITY ALERT: Wrench attacks on crypto holders surged 75% in 2025
CertiK's latest report reveals a disturbing trend: physical violence has become a core threat vector in crypto, with 72 verified wrench attacks worldwide in 2025 (up 75% from 2024).
Key findings:
$40.9M+ in confirmed losses (likely significantly under-reported due to silent settlements and untraceable ransoms)
Europe accounted for over 40% of global incidents, with France leading worldwide
Physical assaults rose 250% year-over-year, showing clear escalation in brutality
Kidnapping remains the primary attack vector
Attackers are no longer opportunistic individuals. They operate as organized, transnational groups using OSINT-driven targeting, social engineering, and extreme physical violence to extract private keys.
High-profile cases include David Balland (France), Danylo Kuzmin (Austria), and Roman and Anna Novak (UAE).
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
CertiK's latest report reveals a disturbing trend: physical violence has become a core threat vector in crypto, with 72 verified wrench attacks worldwide in 2025 (up 75% from 2024).
Key findings:
$40.9M+ in confirmed losses (likely significantly under-reported due to silent settlements and untraceable ransoms)
Europe accounted for over 40% of global incidents, with France leading worldwide
Physical assaults rose 250% year-over-year, showing clear escalation in brutality
Kidnapping remains the primary attack vector
Attackers are no longer opportunistic individuals. They operate as organized, transnational groups using OSINT-driven targeting, social engineering, and extreme physical violence to extract private keys.
High-profile cases include David Balland (France), Danylo Kuzmin (Austria), and Roman and Anna Novak (UAE).
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
β€2
BREAKING: $1.5M in Bitcoin vanishes from Seoul police cold wallet
22 BTC disappeared from a cold wallet held as evidence by Gangnam police station in Seoul.
The device itself was not stolen. Only the funds vanished.
This was discovered during an audit triggered by a similar incident where 320 BTC disappeared from Gwangju Prosecutor's Office.
Critical questions:
How were private keys accessed without the physical device being stolen?
Who had authorization to move evidence funds?
Were there multisig controls or audit trails?
This is the second major incident of seized Bitcoin disappearing from South Korean law enforcement custody.
Investigation ongoing.
22 BTC disappeared from a cold wallet held as evidence by Gangnam police station in Seoul.
The device itself was not stolen. Only the funds vanished.
This was discovered during an audit triggered by a similar incident where 320 BTC disappeared from Gwangju Prosecutor's Office.
Critical questions:
How were private keys accessed without the physical device being stolen?
Who had authorization to move evidence funds?
Were there multisig controls or audit trails?
This is the second major incident of seized Bitcoin disappearing from South Korean law enforcement custody.
Investigation ongoing.
β€3
π¨ ALERT: Moonwell exploited for $1.78M due to AI-generated vulnerable code
Moonwell lost $1.78M after deploying code co-authored by Claude Opus 4.6 without proper auditing.
The bug: cbETH price set at $1.12 instead of $2,200+ in the oracle formula, enabling price manipulation.
GitHub commits show the vulnerable code was AI-assisted ("vibe coding"). This is not the first case, OpenClaw and others faced similar issues.
The problem is not AI tools. The problem is deploying AI-generated code without comprehensive security audits.
Key lesson: AI accelerates development but cannot replace human security review. Every line of AI-generated smart contract code needs rigorous auditing.
Projects skipping audits are gambling with user funds.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
Moonwell lost $1.78M after deploying code co-authored by Claude Opus 4.6 without proper auditing.
The bug: cbETH price set at $1.12 instead of $2,200+ in the oracle formula, enabling price manipulation.
GitHub commits show the vulnerable code was AI-assisted ("vibe coding"). This is not the first case, OpenClaw and others faced similar issues.
The problem is not AI tools. The problem is deploying AI-generated code without comprehensive security audits.
Key lesson: AI accelerates development but cannot replace human security review. Every line of AI-generated smart contract code needs rigorous auditing.
Projects skipping audits are gambling with user funds.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
β€3
ALERT: StakeNova protocol exploited for $135K on Solana
Over 1,500 SOL drained through flash loan attack involving $2.5M in $SOL.
StakeNova offered the exploiter a deal: return 90% of funds, keep 10% as white hat bounty with no legal action.
At time of writing, funds remain in attacker's wallet.
The exploit happened just two days before the project's planned submission to RadiantDAO Solana Mobile Hackathon.
Flash loan attacks continue to be a major vulnerability in DeFi protocols, especially on Solana where transaction speed enables rapid exploitation.
If you've lost funds to crypto exploits or fraud, contact Hackless. We help victims quickly recover their assets through forensic tracing and legal coordination.
Hackless.io
Over 1,500 SOL drained through flash loan attack involving $2.5M in $SOL.
StakeNova offered the exploiter a deal: return 90% of funds, keep 10% as white hat bounty with no legal action.
At time of writing, funds remain in attacker's wallet.
The exploit happened just two days before the project's planned submission to RadiantDAO Solana Mobile Hackathon.
Flash loan attacks continue to be a major vulnerability in DeFi protocols, especially on Solana where transaction speed enables rapid exploitation.
If you've lost funds to crypto exploits or fraud, contact Hackless. We help victims quickly recover their assets through forensic tracing and legal coordination.
Hackless.io
1β€3
ALERT: $50M turned into $36K due to 99% slippage on AAVE swap
Trader Garrett Bullish attempted to swap $50M USDT for AAVE tokens on mobile and received only $36K worth (324 AAVE tokens) after ignoring high slippage warnings.
What happened:
User executed massive single order through AAVE interface
Platform warned about extraordinary slippage with confirmation checkbox
User confirmed on mobile and proceeded anyway
99% loss due to insufficient liquidity for order size
AAVE confirmed the transaction could not proceed without explicit user confirmation of the risk. CoW Swap routers functioned as intended.
AAVE will return $600K in fees collected, but the $50M loss remains.
Key lesson: Large single orders in DeFi face extreme slippage. Always split large trades, use limit orders, or work with OTC desks for transactions of this size.
If you've lost funds to crypto fraud or scams, contact Hackless. We help victims quickly recover their assets through forensic tracing and legal coordination.
Hackless.io
Trader Garrett Bullish attempted to swap $50M USDT for AAVE tokens on mobile and received only $36K worth (324 AAVE tokens) after ignoring high slippage warnings.
What happened:
User executed massive single order through AAVE interface
Platform warned about extraordinary slippage with confirmation checkbox
User confirmed on mobile and proceeded anyway
99% loss due to insufficient liquidity for order size
AAVE confirmed the transaction could not proceed without explicit user confirmation of the risk. CoW Swap routers functioned as intended.
AAVE will return $600K in fees collected, but the $50M loss remains.
Key lesson: Large single orders in DeFi face extreme slippage. Always split large trades, use limit orders, or work with OTC desks for transactions of this size.
If you've lost funds to crypto fraud or scams, contact Hackless. We help victims quickly recover their assets through forensic tracing and legal coordination.
Hackless.io
π€―2
2025 Crypto Crime Report: Crime is becoming industrialized
Key findings:
$154B in illicit transaction volume
694% surge in sanctioned entity activity
$2B+ stolen by North Korea (DPRK)
$93B in A7A5 settlement flows
Organized crime groups now run sophisticated digital asset supply chains, and nation state actors are increasingly using the same infrastructure.
Crypto crime is no longer opportunistic individuals. It's coordinated, well funded operations with industrial scale capabilities.
If you've lost funds to crypto fraud or theft, contact Hackless. We help victims quickly recover their assets through forensic tracing and legal coordination.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
Key findings:
$154B in illicit transaction volume
694% surge in sanctioned entity activity
$2B+ stolen by North Korea (DPRK)
$93B in A7A5 settlement flows
Organized crime groups now run sophisticated digital asset supply chains, and nation state actors are increasingly using the same infrastructure.
Crypto crime is no longer opportunistic individuals. It's coordinated, well funded operations with industrial scale capabilities.
If you've lost funds to crypto fraud or theft, contact Hackless. We help victims quickly recover their assets through forensic tracing and legal coordination.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
1β€2
BREAKING: Irish police crack "lost" Bitcoin wallet from 2019 seizure
Ireland's Criminal Assets Bureau (CAB), with Europol support, successfully accessed 1 of 12 locked wallets containing 500 BTC (β¬30M).
The backstory:
6,000 BTC seized in 2019 drug operation
Access codes lost after being hidden in fishing rod case that was discarded
All 12 wallets remained locked for years
Authorities waited for technology to catch up
The breakthrough:
CAB used advanced decryption with Europol technical support
Likely brute forced weak password on wallet .dat file
Seed phrases were lost (stored only on paper)
Remaining 5,500 BTC still locked but authorities believe this breakthrough could unlock the rest, potentially making it one of Europe's largest crypto seizures at β¬360M total value.
This demonstrates that "lost" crypto isn't always permanently lost, especially when law enforcement has the physical devices and time to develop cracking methods.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
Ireland's Criminal Assets Bureau (CAB), with Europol support, successfully accessed 1 of 12 locked wallets containing 500 BTC (β¬30M).
The backstory:
6,000 BTC seized in 2019 drug operation
Access codes lost after being hidden in fishing rod case that was discarded
All 12 wallets remained locked for years
Authorities waited for technology to catch up
The breakthrough:
CAB used advanced decryption with Europol technical support
Likely brute forced weak password on wallet .dat file
Seed phrases were lost (stored only on paper)
Remaining 5,500 BTC still locked but authorities believe this breakthrough could unlock the rest, potentially making it one of Europe's largest crypto seizures at β¬360M total value.
This demonstrates that "lost" crypto isn't always permanently lost, especially when law enforcement has the physical devices and time to develop cracking methods.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
1β€2
BREAKING: KelpDAO exploited for $290M - Aave exposed to bad debt
Attacker minted 116,500 unbacked rsETH, deposited as collateral in Aave, and borrowed $280M in real ETH/WETH.
The impact:
$280M extracted from lending markets
rsETH collateral now worthless, debt remains real
Aave carrying $200-300M in bad debt
$1.2B rsETH collateral in Aave at risk
Why this matters:
Composability attack: one protocol hacked, another left holding the bag
Liquidation mechanism broken (unbacked collateral can't be liquidated)
Cascade risk if users panic withdraw or unwind positions
Aave has frozen rsETH to prevent further damage.
Key lesson: DeFi composability means one exploit cascades across interconnected protocols.
If you've lost funds to DeFi exploits, contact Hackless. We help victims recover assets through forensic tracing and legal coordination.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
Attacker minted 116,500 unbacked rsETH, deposited as collateral in Aave, and borrowed $280M in real ETH/WETH.
The impact:
$280M extracted from lending markets
rsETH collateral now worthless, debt remains real
Aave carrying $200-300M in bad debt
$1.2B rsETH collateral in Aave at risk
Why this matters:
Composability attack: one protocol hacked, another left holding the bag
Liquidation mechanism broken (unbacked collateral can't be liquidated)
Cascade risk if users panic withdraw or unwind positions
Aave has frozen rsETH to prevent further damage.
Key lesson: DeFi composability means one exploit cascades across interconnected protocols.
If you've lost funds to DeFi exploits, contact Hackless. We help victims recover assets through forensic tracing and legal coordination.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
β€2
CRYPTO HACK DATA: $17.1B stolen over the past decade
The breakdown:
10 years (2016-2026): $17.1B lost across 518 incidents
5 years (2021-2026): $15.2B lost across 450+ incidents
1 year (Apr 2025-Apr 2026): $2.5B lost across 140+ incidents
Key insight: Most losses concentrated in the last 5 years, showing exponential growth in crypto crime.
The attack vector has shifted from smart contract bugs toward private key compromise and access control failures.
This means:
Social engineering attacks increasing
Insider threats and credential theft rising
Infrastructure security becoming critical attack surface
The industry is maturing but so are the attackers. Professional criminal operations now target crypto with industrial scale capabilities.
Lost funds to hacks or exploits? Contact Hackless for forensic recovery.
The breakdown:
10 years (2016-2026): $17.1B lost across 518 incidents
5 years (2021-2026): $15.2B lost across 450+ incidents
1 year (Apr 2025-Apr 2026): $2.5B lost across 140+ incidents
Key insight: Most losses concentrated in the last 5 years, showing exponential growth in crypto crime.
The attack vector has shifted from smart contract bugs toward private key compromise and access control failures.
This means:
Social engineering attacks increasing
Insider threats and credential theft rising
Infrastructure security becoming critical attack surface
The industry is maturing but so are the attackers. Professional criminal operations now target crypto with industrial scale capabilities.
Lost funds to hacks or exploits? Contact Hackless for forensic recovery.
β€1
KelpDAO hacker lost $123 M to Aave liquidation
The attacker behind the $293 M KelpDAO exploit got liquidated after borrowing $123 M against worthless rsETH collateral.
What happened:
Aave adjusted rsETH price via oracle
Hacker's positions went underwater
Automatic liquidation on Ethereum and Arbitrum
$123 M recovered, sent to DeFi United Recovery Guardian for victims
The irony: Hacker exploited fake collateral, then lost funds borrowing against it.
Lost funds to exploits? Contact Hackless for forensic recovery.
Hackless.io
The attacker behind the $293 M KelpDAO exploit got liquidated after borrowing $123 M against worthless rsETH collateral.
What happened:
Aave adjusted rsETH price via oracle
Hacker's positions went underwater
Automatic liquidation on Ethereum and Arbitrum
$123 M recovered, sent to DeFi United Recovery Guardian for victims
The irony: Hacker exploited fake collateral, then lost funds borrowing against it.
Lost funds to exploits? Contact Hackless for forensic recovery.
Hackless.io
β€2
BREAKING: $ESPORTS token crashes 92% after massive sell-off
Over the past 4 hours, someone dumped 197.8M $ESPORTS tokens (43% of circulating supply) for 20,401 BNB ($13.65M).
The numbers:
43% of total supply sold in one move
$13.65M extracted
92% price crash
If you've lost funds to crypto scams or phishing attacks, contact Hackless.
We help victims quickly recover their assets through forensic tracing and legal coordination.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
Over the past 4 hours, someone dumped 197.8M $ESPORTS tokens (43% of circulating supply) for 20,401 BNB ($13.65M).
The numbers:
43% of total supply sold in one move
$13.65M extracted
92% price crash
If you've lost funds to crypto scams or phishing attacks, contact Hackless.
We help victims quickly recover their assets through forensic tracing and legal coordination.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
β€1
MARKET ALERT: THE TRUTH BEHIND LABβS $14B FDV AND INSIDER CONTROL
LAB continues to manipulate the market on centralized exchanges through its market maker, reaching a $5.7B market cap and $14B FDV. It is concerning that exchanges allow this to persist, especially as insiders control nearly the entire circulating supply.
The eventual release of hidden supply through OTC deals, private sales, or airdrops poses a significant risk to the market. Furthermore, uncertainty remains regarding whether the team will once again alter its vesting terms.
Retail traders are often lured by top-tier listings and high valuations that create an illusion of safety. It is essential to remain cautious of projects where insider-controlled volume dictates market dynamics.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
LAB continues to manipulate the market on centralized exchanges through its market maker, reaching a $5.7B market cap and $14B FDV. It is concerning that exchanges allow this to persist, especially as insiders control nearly the entire circulating supply.
The eventual release of hidden supply through OTC deals, private sales, or airdrops poses a significant risk to the market. Furthermore, uncertainty remains regarding whether the team will once again alter its vesting terms.
Retail traders are often lured by top-tier listings and high valuations that create an illusion of safety. It is essential to remain cautious of projects where insider-controlled volume dictates market dynamics.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
β€2
Ledger researchers discovered a way to bypass firmware signature verification in the TROPIC01 chip used in Trezor Safe 7.
Before you panic:
Attack requires physical device access
Expensive lab equipment needed
Researchers could not access any user private data
TROPIC01 is only one of three security layers on the device
User funds remain safe. A hardware-level fix is already in development.
This is responsible disclosure working as intended: vulnerability found, vendor notified, patch incoming before anyone gets hurt.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
Before you panic:
Attack requires physical device access
Expensive lab equipment needed
Researchers could not access any user private data
TROPIC01 is only one of three security layers on the device
User funds remain safe. A hardware-level fix is already in development.
This is responsible disclosure working as intended: vulnerability found, vendor notified, patch incoming before anyone gets hurt.
π Website | βοΈ X (Twitter) | π± Telegram | π¬ Chat
π2