$330 million in Bitcoin apparently stolen; laundering spikes Monero price by over 40%
3,250 BTC (~$330 million) were apparently stolen from a bitcoin holder and then quickly moved through multiple exchanges and swapped for the Monero privacycoin. Such a massive swap into Monero was apparently enough to cause the Monero price to spike from around $230 to as high as around $330, before retracting somewhat.
Coinbase customer loses $35 million in bitcoin theft
A Coinbase customer reportedly lost 400 BTC (~$35 million) in a scam identified by blockchain sleuth zachxbt. While investigating the massive theft from the single customer, he also observed at least $11 million in thefts from various other Coinbase customers throughout March.
zachxbt has previously accused Coinbase of not doing enough to protect customers from hundreds of millions of dollars in scams, and he noted that in these cases, Coinbase had not marked the thief wallets as malicious in various cryptocurrency compliance tools.
- Telegram post by zachxbt [archive]
Coinbase accused by crypto sleuth zachxbt of allowing more than $300 million per year in social engineering attacks on its customers
Crypto sleuth zachxbt has accused the popular American cryptocurrency exchange Coinbase of "fail[ing] to stop its users losing $300M+ per year to social engineering scams". He identified $65 million in crypto thefts from Coinbase in just the most recent two months, but noted that the "number is likely much lower than the actual amount stolen as our data was limited to my DMs and thefts we discovered on-chain which does not account for Coinbase support tickets and police reports we do not have access to."
zachxbt recounted how scammers routinely spoof phone numbers and use stolen personal information to gain trust with victims on phone calls, where they claim to be Coinbase employees informing users of unauthorized account access. They then walk victims through "securing" their accounts, but in reality they direct people to cloned versions of the Coinbase website where the victims are made to transfer their assets to the scammers.
zachxbt concluded, "Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month. ... Coinbase is in a position where they have the power to make these changes and set a good example but they have chosen to do little to nothing ."
NoOnes hacked for almost $8 million
After crypto sleuth zachxbt noticed an apparent theft from the NoOnes peer-to-peer crypto trading platform on January 1, CEO Ray Youssef was forced to acknowledge the theft. He claimed that the project's Solana bridge had suffered a compromised, and explained that it had been taken offline for "exhaustive pen testing".
Youssef emphasized that user funds were safe, which led to questioning from others on how that could be possible when nearly $8 million had been stolen. Youssef claimed he had reimbursed the stolen assets himself.
- Telegram post by zachxbt [archive]
- Tweet by Ray Youssef [archive]
MetaWin casino hacked for $4 million
Hot wallets used by the MetaWin crypto casino were drained of around $4 million. According to the company's CEO, the attacker "t[ook] advantage of our frictionless withdrawal system". The attacker then moved the stolen funds to crypto exchanges including KuCoin.
- "Online Casino MetaWin hacked for $4 million — ZackXBT", CoinTelegraph
North Korean developers steal $1.3 million from crypto project treasury
According to blockchain investigator zachxbt, North Korean developers using fake identities were able to steal $1.3 million from a cryptocurrency project after pushing malicious code.
zachxbt traced the payment addresses for roughly 21 developers involved in this kind of activity, which he found had been working for at least 25 different cryptocurrency projects. They had earned around $375,000 over the past month.
WazirX exchange hacked for $235 million
After a $230 million "suspicious transfer", Indian cryptocurrency exchange WazirX has paused withdrawals and acknowledged that one of their multisignature wallets was compromised. The attacker began selling off the tokens, causing the price of tokens like Shiba Inu to drop around 10%.
WazirX is the largest cryptocurrency exchange in India. The company was acquired by Binance in 2019, but the two companies re-separated in 2023 after a bizarre public dispute.
WazirX's June 2024 proof-of-reserves reported around $500 million in total holdings, making the $235 million theft a substantial portion of the assets held at the exchange.
Blockchain sleuth zachxbt observed that the theft had some of the hallmarks of the Lazarus Group, a North Korean hacking group that has perpetrated other 9-figure heists including the $625 million Axie Infinity theft in March 2022, and the theft of more than $100 million from Atomic Wallet users. The US and South Korea both officially pinned the attack on North Korea later on.
Martin Shkreli claims to have been behind a Donald Trump memecoin
After Arkham Intelligence announced a $150,000 bounty for anyone who could prove the identity of the person behind a Donald Trump memecoin called $DJT, blockchain sleuth zachxbt quickly rose to the occasion. He submitted evidence that Martin Shkreli, the "pharma bro" who spent years in federal prison for financial fraud and who was previously known for hiking the price of an anti-malaria drug 56×, was behind the token. This wouldn't have been Shkreli's first foray into the blockchain world, after he launched a "web3 drug discovery platform", and then later dubiously claimed to have been hacked for over $450,000 after his computer was infected by a trojan after he torrented a porn video.
Shkreli attempted to frontrun the news in a Twitter space, and came out with his own claims that he had collaborated with Barron Trump to create the token, and with Andrew Tate to pump its price. However, fellow felon and memecoin pumper Roger Stone subsequently crawled out of the woodwork to claim that neither Barron nor Donald Trump was involved with $DJT.
Shkreli has yet to provide solid proof that he created the memecoin, though zachxbt's research tends to be very strong. If true, Shkreli faces potential legal repercussions, as he is still on parole after his release in 2022. The terms of his parole require him to "refrain from engaging in self-employment which involves access to client's assets, investments, or money, or solicitation of assets, investments, or money", and to make financial disclosures to the courts. Shkreli was also banned from the securities industry in 2018, as part of a settlement with the SEC.
Phishing scammers impersonate Andreessen Horowitz employee to drain crypto wallets
Attentive phishers noticed when Andreessen Horowitz partner Peter Lauten changed his Twitter username from
@peter_lauten to @lauten, and snapped up the previous username. They then began contacting various targets in the cryptocurrency world, asking to set up meetings to arrange appearances on the venture capital firm's crypto podcast.The scammers followed a familiar playbook in which they asked their targets to download video call software called "Vortax", which was actually wallet draining malware. However, these scammers had a leg up on some others who have been running that scheme: the Andreessen Horowitz website still listed Lauten's old username on their website, giving even skeptical victims some reassurance that the account was legitimate.
According to crypto sleuth zachxbt, who first reported on this incident, one victim lost $245,000 when his wallets were drained by the malware.
Memecoin team accused of hacking influencer Twitter account to manipulate markets
According to crypto sleuth zachxbt, the team behind the Solana-based $CAT memecoin hacked the Twitter account of "Gigantic-Cassocked-Rebirth" (@GCRClassic) crypto influencer.
First, the team sniped their own $CAT token launch to obtain 63% of the token supply, ultimately selling a portion of it for around $5 million. Then, they took out $2.3 million and $1 million long positions on the ORDI and ETHFI tokens, respectively. Finally, they posted from the compromised influencer account to shill the ORDI and ETHFI tokens to his massive following. Ultimately, their gambit doesn't appear to have been incredibly successful: they made around $34,000 on the ORDI position, but lost $3,500 on the ETHFI position. However, as zachxbt noted, it's possible they also opened positions on centralized exchanges where the outcomes aren't publicly visible.