Update: The address poisoning scammer who stole $68M last week messaged the victim on-chain asking for their Telegram and has sent $34.7M back so far.

Transaction hash
0xbf38e389b6b584642fffa4ea923637789cbdc667a3e379a8d72e02df087cb8a9

If you send me a DM or tag me on X/Twitter asking me to look into a meme coin I am muting or blocking you for wasting my time.

My notifications have gotten unbelievably low quality over the past few months.

Here are some examples:

It appears the crypto exchange Rain was likely exploited for $14.8M on April 29, 2024 after their BTC, ETH, SOL, and XRP wallets saw suspicious outflows. Funds were quickly transferred to instant exchanges and swapped for BTC and ETH.

As of now Rain has yet to make any statement about the incident.

Stolen funds currently sit
137.9 BTC
bc1q53aawrkpt5lvk2e30z36unvmhqqdru7q4rprp2
1881 ETH
0x197bc094f990261fd6841342901c451858756c28

Someone was phished 5 minutes ago for $1.25M worth of wstETH

Theft txn
0xd7ef4ea3d08fb101544e4a21047c8d05d016211096a6180c9d4f2b055bdeaf68

Theft address
0x58EfE9AeE1b12053f4C58233B75c319412CB0614
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745

The admin for the drainware service “Pink Drainer” just announced they will be shutting down after $75M+ stolen.

A few weeks ago I published research on 25 Lazarus Group hacks which resulted in $3.8M frozen.

I am sharing 7 additional wallet addresses which currently hold $61.8M (891 BTC) tied to these hacks.

bc1qw88pehjuejym9jyfgn6vn4aaw7q232hlyzzn6f
bc1q27vxzyuh4vqwt3u9aqpuk7z5xtgz9y0tqxzesq
bc1q62clzxr4vcycjfdqe33ake4dk9fenkpaddkteq
bc1qfad2yxulctgz6g6tw635n52cw3v7wxydmtmd0f
bc1q972gcd3ywyc2n2p5lzs5mdwra5q8nymzg0qlx0
bc1qfenmgt8x2ndhm00xsv09snvandvl9j9w0fhtzw
bc1qmd3kzw0ge45eag7qpuhyxa5kdv4hqh3kxp44dg

Someone was phished for $6.9M (~1807 Ether.fi-Liquid1) 27 minutes ago

Theft txn hash
0xd66e105f29843bf3766d36c910b85c4a194408a7d20f193b39356a39c73d74c8

Theft address
0xE56978D5F7E728C3AE545b2a0882F8BEeC50a19d
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745

Last year this victim was also phished for $638K (2929 BNB)

Which one of you hacked Caitlyn Jenner lol

Someone was phished three minutes ago for $2.1M

Theft txn
0xa2aecccebe5fef03ca18dbcf890e3d4ea73bd17361b15df77ac9704b2d12f389

Theft address
0x41671a8219fF70b19e0D523C7d0C711c1AfCBB7e
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745

It seems they likely fell victim to the phishing site posted from the compromised Renzo Protocol X account.

A TAO holder had $11.2M (28.2K TAO) stolen from them on June 1, 2024.

Theft address
5G9Dpkg34SG3is47MzAjBdmV5iosGt1EJypFHzMPokkbymRA
0x09f76d4fc3bce5bf28543f45c4cee9999e0a0aaf

The attacker bridged the stolen funds to Ethereum and has been selling TAO for ETH and USDC. As of now they have 12.4K TAO ($5M) remaining and have been transferring USDC/ETH to Whitebit, HTX, & Binance.

Someone was drained for ~$2M worth of meme coins 16 hours ago

Currently the attacker still holds 4.2B ANDY ($1M).

I would closely monitor this address from the theft in the short term if you hold ANDY
0x238C20121768919a6A608E7a6B5D080d0040fc7c

The rest of the coins have already been sold for ETH.

The crypto exchange Bitforex mysteriously went offline in February 2024 and its crypto assets were transferred out without any communication from the team.

An address tied to the exchange holding $43M of assets just woke up and transferred ETH to a new address.

New address
0x14b0cB518EDF83e49e636047Db8853A4CAC6A1ff

AVAX is down 10% over past few hours likely due to this entity that started moving transferring 1.96M AVAX ($54.2M) to Coinbase, Binance, Gate, and bridging via THORChain.
0x327a81d0d128db8886d265be73c9fdda97194f30

I conducted a timing analysis and found highly probably BTC withdrawals made shortly after the AVAX deposits at both Coinbase and Binance

587.75 BTC ($38.1M) was withdrawn from Coinbase to:
bc1q7pkc7h8td55s4em7tmlvd42wahjd4hm8lf035n

122.66 BTC ($7.95M) was withdrawn from Binance to:
bc1qezradgkklz3gczk9jjzn922ye7pgj4yd9pnupv

Update: This is likely due to the BTCTurk hack

Online casino Sportsbet was likely hacked for $3.5M+ by the same threat actor as BTCTurk two hours before as funds from the thefts comingled.

Theft address
TDgZKxhyFQWCsNK1p7d1tVifeuW2DJTUEo
TQWSmSqns2BLczLEMpy96tNq3MagM66H4b
TJZ8NNxJETGDzGaWwSHwjGrzzz2Zhvexo2

US government just transferred 3940 BTC ($243M) of funds from the Silk Road hack to Coinbase Prime

Transaction hash
0f3f9a7c01d85c5747a3ae6cc9621cc30360390c4b681c1f95573e6bbcffed4f

Deposit address
3FGcXf5HiPkitjQp4xjGu7Gte6aK7w43su

Update: Bittensor was halted due to additional thefts earlier today potentially as a result of private key leakage.

New theft address of 32K TAO($8M)
5FbWTraF7jfBe5EvCmSThum85htcrEsCzwuFjG3PukTUQYot

Someone was just drained an hour ago for 6 X Bored Apes and 40 x Beanz NFTs

Theft address
0x0CDa1f8F94fA4301C6fD0740268cb41e1654D28C

Victim address
0xd7b2879c8922cd704e41e8cc1f18f6994d6b7c36