![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Investigations by ZachXBT
Someone lost $68M (1155 WBTC) three hours ago from an address poisoning scam by mistakenly copying the wrong address. Theft transaction 0x3374abc5a9c766ba709651399b6e6162de97ca986abc23f423a9d893c8f5f570 Victim 0x1E227979f0b5BC691a70DEAed2e0F39a6F538FD5
Update: The address poisoning scammer who stole $68M last week messaged the victim on-chain asking for their Telegram and has sent $34.7M back so far.
Transaction hash
0xbf38e389b6b584642fffa4ea923637789cbdc667a3e379a8d72e02df087cb8a9
Transaction hash
0xbf38e389b6b584642fffa4ea923637789cbdc667a3e379a8d72e02df087cb8a9
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
It appears the crypto exchange Rain was likely exploited for $14.8M on April 29, 2024 after their BTC, ETH, SOL, and XRP wallets saw suspicious outflows. Funds were quickly transferred to instant exchanges and swapped for BTC and ETH.
As of now Rain has yet to make any statement about the incident.
Stolen funds currently sit
137.9 BTC
bc1q53aawrkpt5lvk2e30z36unvmhqqdru7q4rprp2
1881 ETH
0x197bc094f990261fd6841342901c451858756c28
As of now Rain has yet to make any statement about the incident.
Stolen funds currently sit
137.9 BTC
bc1q53aawrkpt5lvk2e30z36unvmhqqdru7q4rprp2
1881 ETH
0x197bc094f990261fd6841342901c451858756c28
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Someone was phished 5 minutes ago for $1.25M worth of wstETH
Theft txn
0xd7ef4ea3d08fb101544e4a21047c8d05d016211096a6180c9d4f2b055bdeaf68
Theft address
0x58EfE9AeE1b12053f4C58233B75c319412CB0614
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
Theft txn
0xd7ef4ea3d08fb101544e4a21047c8d05d016211096a6180c9d4f2b055bdeaf68
Theft address
0x58EfE9AeE1b12053f4C58233B75c319412CB0614
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
The admin for the drainware service “Pink Drainer” just announced they will be shutting down after $75M+ stolen.
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Investigations by ZachXBT
My new 15 month long investigation sharing how Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020–2023 https://x.com/zachxbt/status/1784935501935390930
A few weeks ago I published research on 25 Lazarus Group hacks which resulted in $3.8M frozen.
I am sharing 7 additional wallet addresses which currently hold $61.8M (891 BTC) tied to these hacks.
bc1qw88pehjuejym9jyfgn6vn4aaw7q232hlyzzn6f
bc1q27vxzyuh4vqwt3u9aqpuk7z5xtgz9y0tqxzesq
bc1q62clzxr4vcycjfdqe33ake4dk9fenkpaddkteq
bc1qfad2yxulctgz6g6tw635n52cw3v7wxydmtmd0f
bc1q972gcd3ywyc2n2p5lzs5mdwra5q8nymzg0qlx0
bc1qfenmgt8x2ndhm00xsv09snvandvl9j9w0fhtzw
bc1qmd3kzw0ge45eag7qpuhyxa5kdv4hqh3kxp44dg
I am sharing 7 additional wallet addresses which currently hold $61.8M (891 BTC) tied to these hacks.
bc1qw88pehjuejym9jyfgn6vn4aaw7q232hlyzzn6f
bc1q27vxzyuh4vqwt3u9aqpuk7z5xtgz9y0tqxzesq
bc1q62clzxr4vcycjfdqe33ake4dk9fenkpaddkteq
bc1qfad2yxulctgz6g6tw635n52cw3v7wxydmtmd0f
bc1q972gcd3ywyc2n2p5lzs5mdwra5q8nymzg0qlx0
bc1qfenmgt8x2ndhm00xsv09snvandvl9j9w0fhtzw
bc1qmd3kzw0ge45eag7qpuhyxa5kdv4hqh3kxp44dg
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Someone was phished for $6.9M (~1807 Ether.fi-Liquid1) 27 minutes ago
Theft txn hash
0xd66e105f29843bf3766d36c910b85c4a194408a7d20f193b39356a39c73d74c8
Theft address
0xE56978D5F7E728C3AE545b2a0882F8BEeC50a19d
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
Last year this victim was also phished for $638K (2929 BNB)
Theft txn hash
0xd66e105f29843bf3766d36c910b85c4a194408a7d20f193b39356a39c73d74c8
Theft address
0xE56978D5F7E728C3AE545b2a0882F8BEeC50a19d
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
Last year this victim was also phished for $638K (2929 BNB)
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Someone was phished three minutes ago for $2.1M
Theft txn
0xa2aecccebe5fef03ca18dbcf890e3d4ea73bd17361b15df77ac9704b2d12f389
Theft address
0x41671a8219fF70b19e0D523C7d0C711c1AfCBB7e
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
Theft txn
0xa2aecccebe5fef03ca18dbcf890e3d4ea73bd17361b15df77ac9704b2d12f389
Theft address
0x41671a8219fF70b19e0D523C7d0C711c1AfCBB7e
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Investigations by ZachXBT
Someone was phished three minutes ago for $2.1M Theft txn 0xa2aecccebe5fef03ca18dbcf890e3d4ea73bd17361b15df77ac9704b2d12f389 Theft address 0x41671a8219fF70b19e0D523C7d0C711c1AfCBB7e 0xFC4EAA4ac84D00f1C5854113581F881b42b4A745
It seems they likely fell victim to the phishing site posted from the compromised Renzo Protocol X account.
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
A TAO holder had $11.2M (28.2K TAO) stolen from them on June 1, 2024.
Theft address
5G9Dpkg34SG3is47MzAjBdmV5iosGt1EJypFHzMPokkbymRA
0x09f76d4fc3bce5bf28543f45c4cee9999e0a0aaf
The attacker bridged the stolen funds to Ethereum and has been selling TAO for ETH and USDC. As of now they have 12.4K TAO ($5M) remaining and have been transferring USDC/ETH to Whitebit, HTX, & Binance.
Theft address
5G9Dpkg34SG3is47MzAjBdmV5iosGt1EJypFHzMPokkbymRA
0x09f76d4fc3bce5bf28543f45c4cee9999e0a0aaf
The attacker bridged the stolen funds to Ethereum and has been selling TAO for ETH and USDC. As of now they have 12.4K TAO ($5M) remaining and have been transferring USDC/ETH to Whitebit, HTX, & Binance.
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Someone was drained for ~$2M worth of meme coins 16 hours ago
Currently the attacker still holds 4.2B ANDY ($1M).
I would closely monitor this address from the theft in the short term if you hold ANDY
0x238C20121768919a6A608E7a6B5D080d0040fc7c
The rest of the coins have already been sold for ETH.
Currently the attacker still holds 4.2B ANDY ($1M).
I would closely monitor this address from the theft in the short term if you hold ANDY
0x238C20121768919a6A608E7a6B5D080d0040fc7c
The rest of the coins have already been sold for ETH.
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
The crypto exchange Bitforex mysteriously went offline in February 2024 and its crypto assets were transferred out without any communication from the team.
An address tied to the exchange holding $43M of assets just woke up and transferred ETH to a new address.
New address
0x14b0cB518EDF83e49e636047Db8853A4CAC6A1ff
An address tied to the exchange holding $43M of assets just woke up and transferred ETH to a new address.
New address
0x14b0cB518EDF83e49e636047Db8853A4CAC6A1ff
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
AVAX is down 10% over past few hours likely due to this entity that started moving transferring 1.96M AVAX ($54.2M) to Coinbase, Binance, Gate, and bridging via THORChain.
0x327a81d0d128db8886d265be73c9fdda97194f30
0x327a81d0d128db8886d265be73c9fdda97194f30
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Investigations by ZachXBT
AVAX is down 10% over past few hours likely due to this entity that started moving transferring 1.96M AVAX ($54.2M) to Coinbase, Binance, Gate, and bridging via THORChain. 0x327a81d0d128db8886d265be73c9fdda97194f30
I conducted a timing analysis and found highly probably BTC withdrawals made shortly after the AVAX deposits at both Coinbase and Binance
587.75 BTC ($38.1M) was withdrawn from Coinbase to:
bc1q7pkc7h8td55s4em7tmlvd42wahjd4hm8lf035n
122.66 BTC ($7.95M) was withdrawn from Binance to:
bc1qezradgkklz3gczk9jjzn922ye7pgj4yd9pnupv
Update: This is likely due to the BTCTurk hack
587.75 BTC ($38.1M) was withdrawn from Coinbase to:
bc1q7pkc7h8td55s4em7tmlvd42wahjd4hm8lf035n
122.66 BTC ($7.95M) was withdrawn from Binance to:
bc1qezradgkklz3gczk9jjzn922ye7pgj4yd9pnupv
Update: This is likely due to the BTCTurk hack
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Investigations by ZachXBT
I conducted a timing analysis and found highly probably BTC withdrawals made shortly after the AVAX deposits at both Coinbase and Binance 587.75 BTC ($38.1M) was withdrawn from Coinbase to: bc1q7pkc7h8td55s4em7tmlvd42wahjd4hm8lf035n 122.66 BTC ($7.95M) was…
Online casino Sportsbet was likely hacked for $3.5M+ by the same threat actor as BTCTurk two hours before as funds from the thefts comingled.
Theft address
TDgZKxhyFQWCsNK1p7d1tVifeuW2DJTUEo
TQWSmSqns2BLczLEMpy96tNq3MagM66H4b
TJZ8NNxJETGDzGaWwSHwjGrzzz2Zhvexo2
Theft address
TDgZKxhyFQWCsNK1p7d1tVifeuW2DJTUEo
TQWSmSqns2BLczLEMpy96tNq3MagM66H4b
TJZ8NNxJETGDzGaWwSHwjGrzzz2Zhvexo2
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
US government just transferred 3940 BTC ($243M) of funds from the Silk Road hack to Coinbase Prime
Transaction hash
0f3f9a7c01d85c5747a3ae6cc9621cc30360390c4b681c1f95573e6bbcffed4f
Deposit address
3FGcXf5HiPkitjQp4xjGu7Gte6aK7w43su
Transaction hash
0f3f9a7c01d85c5747a3ae6cc9621cc30360390c4b681c1f95573e6bbcffed4f
Deposit address
3FGcXf5HiPkitjQp4xjGu7Gte6aK7w43su
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Investigations by ZachXBT
A TAO holder had $11.2M (28.2K TAO) stolen from them on June 1, 2024. Theft address 5G9Dpkg34SG3is47MzAjBdmV5iosGt1EJypFHzMPokkbymRA 0x09f76d4fc3bce5bf28543f45c4cee9999e0a0aaf The attacker bridged the stolen funds to Ethereum and has been selling TAO for…
Update: Bittensor was halted due to additional thefts earlier today potentially as a result of private key leakage.
New theft address of 32K TAO($8M)
5FbWTraF7jfBe5EvCmSThum85htcrEsCzwuFjG3PukTUQYot
New theft address of 32K TAO($8M)
5FbWTraF7jfBe5EvCmSThum85htcrEsCzwuFjG3PukTUQYot
![](https://cdn4.cdn-telegram.org/file/DCmrVeRhHR0wYtFSKUX1mxQiVT8awlNqQ1TGwFWNd3gtcF1RPdblRJd5PhuL9Mw7AZsBxmhdYsk2_lf4SrsdeUsfzF_MUlzluSKBY8c03UehZtvtoAP0kmYacShtmHv5ebV1B7b4HV5IUcp4YXB7J1b45YoTD2ldX0nlGTSn8gL4PT5Svbg_cGFFhkPUC41YyquYZgxriCyWQ4ZDQlfgng4To1wigPbMTzSQoRNXcWHw9Z4DDzSEtAEwFm8TFNlGn9JLF3EFoU5Hse9e2Eb5c4G19pWGsVcevqbf23O3pWAzYQJtdcpU12mrSIOsoBO7rmckDbpzn1cK33IglUP2Mg.jpg)
Investigations by ZachXBT
Someone was just drained an hour ago for 6 X Bored Apes and 40 x Beanz NFTs
Theft address
0x0CDa1f8F94fA4301C6fD0740268cb41e1654D28C
Victim address
0xd7b2879c8922cd704e41e8cc1f18f6994d6b7c36
Theft address
0x0CDa1f8F94fA4301C6fD0740268cb41e1654D28C
Victim address
0xd7b2879c8922cd704e41e8cc1f18f6994d6b7c36