Temporarily turning off my DMs on X (Twitter) for a bit due to high volume of requests from people who are low iq or lack basic financial literacy skills.

Appears my avatar made it on China Central Television (CCTV) yesterday in a short segment about the $243M theft from the Genesis creditor.

For an industry that was founded on principles of independence from the government it’s embarrassing how
reliant we are on them to find a solution for victims.

There’s no other industry that has normalized thefts to the same extent.

These are all major problems no one has been able to solve and continue to get worse as bad actors improve their efficiency while nothing changes:

>What happens when >95% of law enforcement (LE) is not competent enough to trace a basic theft and seize frozen funds from centralized platforms?

>What happens when thefts <$100K are never assigned to LE after filing a police report due to lack of resources?

>What happens when a victim is located in one jurisdiction but the perpetrator is in a different uncooperative jurisidiction?

>What happens when the perpetrator is a minor so LE chooses to not pursue further?

>What happens when teams and exchanges are not willing to collaborate with the private sector?

>What happens when a victim cannot pursue litigation to recover frozen funds because retaining a firm costs more than the amount stolen?

>What happens when offshore exchanges have jurisidictional uncertainty due to regulatory arbitrage and refuse to honor court orders?

>What happens when a major publicized incident occurs but a stablecoin issuer requires an impossible ask of a court order within minutes in order to blacklist?

>What happens when founders profit millions in fees from laundering stolen funds and then refuse to return them as they flex record user metrics on X?

>What happens if the government makes KYC mandatory for Defi but companies with breaches of sensitive PII are never held liable?

>What happens when the legal system can be easily abused with incomplete tracing due to outdated laws rather than facts?

On August 19, 2025 a victim fell for a social engineering scam and lost 783 BTC ($91.4M) after exchange and hardware wallet customer support were impersonated.

The stolen funds began to peel off and multiple deposits to Wasabi were made by the threat actor.

Coincidentally this theft happened on the one year anniversary of the $243M Genesis Creditor theft.

Theft txn hash
da598f2a941ee3c249a3c11e5e171e186a08900012f6aad26e6d11b8e8816457
Theft address
bc1qyxyk4qgyrkx4rjwsuevug04wahdk6uf95mqlej

It appears the Solana project 'Aqua' has likely rug pulled 21.77K SOL ($4.65M) after being promoted by teams such as Meteora, Quill Audits, Helius, SYMMIO, Dialect, and many influencers.

A few hours ago the funds were split four ways and transferred between intermediary addresses before being sent to multiple instant exchanges.

The team has since turned off replies on X (Twitter) for all posts.

Presale address
4Ea23VxEGAgfbtauQZz11aKNtzHJwb84ppsg3Cz14u6q

SwissBorg experienced an incident a few hours ago and 192.6K SOL ($41.5M) was stolen on Solana

Theft address
TYFWG3hvvxWMs2KXEk8cDuJCsXEyKs65eeqpD9P4mK1

Update: Kiln was exploited and SwissBorg was the victim

Yesterday an unknown victim was exploited for ~3.047M USDC on Ethereum.

The attacker swapped USDC for ETH and immediately deposited the funds to Tornado.

Theft address
0xf0a6c5b65a81f0e8ddb2d14e2edcf7d10c928020

JP (THORChain co-founder & Vultisig co-founder) had a personal wallet drained for $1.35M by DPRK on September 9, 2025 after a meeting call scam on Telegram.

Ironically JP and his products have benefited significantly financially from the laundering of DPRK exploits/hacks such as Bybit in the past.

Theft address
0x37cDB6B40861F350E23AA5733E75755fCBed739F

Currently majority of the stolen funds sit at 0x7abc09ab94d6015053f8f41b01614bb6d1cc7647

In a press release RCMP just confirmed they seized 56M CAD in assets from TradeOgre.

A new Bloomberg article on Scattered Spider revealed that the centralized exchange Crypto[.]com previously had a breach and never publicly disclosed the incident that exposed the personal information for a portion of its users.

A threat actor drained 8 X Hypurr NFTs airdropped to compromised wallets on HyperEVM in the past hour profiting ~$400K

0x72785D42874E965086829eA789a703fe1a5238df

On September 24, 2025 addresses linked to SBI Crypto saw ~$21M in suspicious outflows on Bitcoin, Ethereum, Litecoin, Doge, & Bitcoin Cash.

The stolen funds were transferred to five instant exchanges and deposited to Tornado Cash. Interestingly several indicators share similiarities to other known DPRK attacks.

SBI Crypto is a mining pool that's a subsidiary of SBI Group, a publicly traded company in Japan.

As of now it does not appear they have publicly disclosed the incident.

Theft addresses:
0x40d76a78ddba2ea81fb0f9fba147a08bcfc2b866
bc1qx0a2kfjd7eweczv8xqjm6rggm40v0nkhfss78l
qpv9nh5ktagsmtkqle8z2w4dd3mksskpmy499z7c9k
ltc1qjyrn9p803efj3p8a0g3fmlevs45kq704ns363t
DRiEQuJ9pt3GgNraQmHVTjNg4B7uv1XuGb

h/t to Cyvers for helping investigate.

Threat actor from the Coinbase breach swapped ~5M DAI for ~5M USDC that was sitting as USDC for 35 minutes.

Due to Circle not being compliant the funds were just bridged away.

A portion was bridged using the official Circle CCTP bridge.

0x8Da006d5aFEC4A3A2aB7cdb6E1d2FC7c5032Ea30

Several week ago I applied to Octant to fund a longterm investigation impacting 30+ projects that will include a detailed article, X thread, and video.

The Octant Epoch 9 allocation window ends later today.

If you are a GLM holder please consider allocating your rewards to me below for this epoch:

https://octant.app/project/9/0xE74bbe83747ad12F24ecc5E9e4fAF7CFd7D487A2

Update: The epoch concluded thanks to everyone who allocated rewards to me.

Community alert: If your favorite influencer promotes any of these offshore centralized exchanges block them immediately as your funds are not safe:

KCEX, Toobit, Bitunix, WEEX, Jucoin (Ju)

Promoting sketchy bucket shops means they are not actually profitable traders and instead make their money from KOL deals, ref links, etc.

They all lack basic transparency around operations and the team that a regulated tier 1 exchange like Kraken or Bybit would have.

Garden Finance was likely exploited for $10.8M+ on multiple chains.

An address related to the team sent a message onchain to the alleged exploiter offering a 10% whitehat bounty but has yet to comment publicly on the incident. All freezeable assets were quickly swapped.

Theft address
0x98BCc6c34A489CEfdD9DfA8d792CFEFb02Ea2D12
WZy4xxpqktWa1b6MPMRiWsD487CT8mDcapB6GufBJCH

Ironically a few days ago I pointed out on X how Garden Finance was ignoring victims for returning fees after an estimated >25% of their total activity for Garden Finance has related to stolen funds (Bybit exploit, Swissborg, etc)

Looking for intel on the alleged MEXC shadow owner ‘Tony’

Seems it’s kept purposely hidden.

Please send me a DM on X if you have any basic info on them:

X.com/zachxbt

Please stop sending me DMs on X asking to help get your funds unfrozen.

Choosing to trade on a sketchy bucket shop exchange is a personal choice and legitimate cases can be difficult for me to verify the authenticity of.

Also lots of people have ulterior motives and are dishonest about their source of funds.

EX: This person asked for help claiming they were innocent while promoting an online Chinese illicit market place that includes hitmen services, stolen government IDs, etc.

Ranking the bottom 5 jurisdictions for crypto related victims from my own experience:

🥇 Nigeria
🥈India
🥉Canada
4). UK
5). Russia

(If you contact me from them I will likely have to decline formally assisting due to stagnant legal cases)

Community Alert: Be careful of a fake Hyperliquid app on the Google Play Store.

None of these platforms seem to do a good job of filtering these scams out.

Theft address
0x8c12C21C394D9174c3b1a086A97d2C5523ABb8F5

Onchain clown of the month: A Cardano holder swapped 14.4M ADA ($6.9M) for 847K USDA (Cardano stable pegged to USD) two hours ago and lost $6.05M due to low liquidity causing the price to sharply spike temporarily. Previously the funds sat dormant for ~5 years

Address
addr1qy5lcrk497pg88xkfgwxp2v9y328g3j87tvq3sefpkmg7n7nst5js3fzwl4cm8g46fm6unayaet8yfcw5kp3jkjy0tdsr4x534