Background Story : 230 Million Bitcoin Were Stolen
Were you aware that on August 19, 2024, Zachxbt The Anonymous Crypto Investigator warned the public saying Seven hours ago a suspicious transfer was made from a possible victim for 4064 BTC ($238M) . Quick transfers of funds were made to Avalanche Bridge, ChangeNow, eXch, Kucoin, ThorChain, and Railgun. Thanks to the assistance of Investigator ZachXBT, the thieves were found and millions of dollars were recovered.
About the Huge Theft
Cybercriminals known as Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) have been accused of carrying out a phishing operation on August 19, 2024, with the victim being in Washington, D.C.
The flow of Bitcoin was tracked by ZachXBT’s transaction hashes, which confirmed that 14.88 and 59.34 BTC were taken during the hack. A stunning 4,064 BTC, worth $243 million, was then transferred.
The attackers, acting as help professionals from Google and Gemini, fooled the victim into resetting two-factor authentication (2FA) and transferring cash to a compromised wallet. Using the remote access software AnyDesk, the group further hacked the user by leaking private keys kept within the victim’s Bitcoin core.
The stolen funds were reportedly spent on international travel, nightclubs, luxury automobiles, watches, jewelry, designer purses, and rental apartments in Los Angeles and Miami.
“Greavys (Malone) lives a flashy lifestyle with the stolen funds, having purchased 10+ cars and going out to clubs in LA and Miami, spending $250K-500K per night and giving out Birkin bags to girls,”
Who is ZachXBT
Zachxbt is a well-known researcher, bug bounty hunter, and investigator for cryptocurrencies. He actively participates in exposing dishonest activity related to cryptocurrencies, frequently revealing Fraud scams, fake coin launches, and other dishonest tactics.
Zachxbt is well-known in the cryptocurrency field and his efforts have resulted in the closure of some illegal projects. He is renowned for conducting in-depth investigations, many of which uncover complex webs of fake identities, fake corporations, and other strategies criminals employ to avoid detection.
Incident Summary:
On August 19, 2024 the threat actors targeted a single Genesis creditor by:
1) Calling as Google Support via spoofed number to compromise personal accounts
2) Calling after as Gemini support claiming account is hacked
3) Social engineered victim into resetting 2FA and sending Gemini funds to compromised wallet
4) Got victim to use AnyDesk to share screen and leaked private keys from Bitcoin core. Gemini txn hash 59.34 BTC – Aug 19 at 1:48 am
UTC e747b963a463334c164b0a8fff844f73693272bb2b331adbe2147d70ec196360 14.88 BTC – Aug 19 at 2:30 am UTC 7c7ebed785f0b4d4335d559b14b8215862fbe29db329e3ee0f2a7e64a16ce9e3″As Said by ZachXBT On His X Account
FBI Arrests Defendants for Fraud, Money Laundering Conspiracy
Lam, Serrano, and others collaborated to carry out cryptocurrency crimes and to launder the stolen crypto currency through exchanges and mixing services. The criminals would obtain access to victim cryptocurrency accounts through fraud, after which they would take control of the victim’s funds.
In order to conceal their true identities, they used virtual private networks (VPNs), “peel chains,” and pass-through wallets to move the proceeds through a number of mixers and exchangers.