A new Bloomberg article on Scattered Spider revealed that the centralized exchange Crypto[.]com previously had a breach and never publicly disclosed the incident that exposed the personal information for a portion of its users.

A threat actor drained 8 X Hypurr NFTs airdropped to compromised wallets on HyperEVM in the past hour profiting ~$400K

0x72785D42874E965086829eA789a703fe1a5238df

On September 24, 2025 addresses linked to SBI Crypto saw ~$21M in suspicious outflows on Bitcoin, Ethereum, Litecoin, Doge, & Bitcoin Cash.

The stolen funds were transferred to five instant exchanges and deposited to Tornado Cash. Interestingly several indicators share similiarities to other known DPRK attacks.

SBI Crypto is a mining pool that's a subsidiary of SBI Group, a publicly traded company in Japan.

As of now it does not appear they have publicly disclosed the incident.

Theft addresses:
0x40d76a78ddba2ea81fb0f9fba147a08bcfc2b866
bc1qx0a2kfjd7eweczv8xqjm6rggm40v0nkhfss78l
qpv9nh5ktagsmtkqle8z2w4dd3mksskpmy499z7c9k
ltc1qjyrn9p803efj3p8a0g3fmlevs45kq704ns363t
DRiEQuJ9pt3GgNraQmHVTjNg4B7uv1XuGb

h/t to Cyvers for helping investigate.

Threat actor from the Coinbase breach swapped ~5M DAI for ~5M USDC that was sitting as USDC for 35 minutes.

Due to Circle not being compliant the funds were just bridged away.

A portion was bridged using the official Circle CCTP bridge.

0x8Da006d5aFEC4A3A2aB7cdb6E1d2FC7c5032Ea30

Several week ago I applied to Octant to fund a longterm investigation impacting 30+ projects that will include a detailed article, X thread, and video.

The Octant Epoch 9 allocation window ends later today.

If you are a GLM holder please consider allocating your rewards to me below for this epoch:

https://octant.app/project/9/0xE74bbe83747ad12F24ecc5E9e4fAF7CFd7D487A2

Update: The epoch concluded thanks to everyone who allocated rewards to me.

Community alert: If your favorite influencer promotes any of these offshore centralized exchanges block them immediately as your funds are not safe:

KCEX, Toobit, Bitunix, WEEX, Jucoin (Ju)

Promoting sketchy bucket shops means they are not actually profitable traders and instead make their money from KOL deals, ref links, etc.

They all lack basic transparency around operations and the team that a regulated tier 1 exchange like Kraken or Bybit would have.

Garden Finance was likely exploited for $10.8M+ on multiple chains.

An address related to the team sent a message onchain to the alleged exploiter offering a 10% whitehat bounty but has yet to comment publicly on the incident. All freezeable assets were quickly swapped.

Theft address
0x98BCc6c34A489CEfdD9DfA8d792CFEFb02Ea2D12
WZy4xxpqktWa1b6MPMRiWsD487CT8mDcapB6GufBJCH

Ironically a few days ago I pointed out on X how Garden Finance was ignoring victims for returning fees after an estimated >25% of their total activity for Garden Finance has related to stolen funds (Bybit exploit, Swissborg, etc)

Looking for intel on the alleged MEXC shadow owner ‘Tony’

Seems it’s kept purposely hidden.

Please send me a DM on X if you have any basic info on them:

X.com/zachxbt

Please stop sending me DMs on X asking to help get your funds unfrozen.

Choosing to trade on a sketchy bucket shop exchange is a personal choice and legitimate cases can be difficult for me to verify the authenticity of.

Also lots of people have ulterior motives and are dishonest about their source of funds.

EX: This person asked for help claiming they were innocent while promoting an online Chinese illicit market place that includes hitmen services, stolen government IDs, etc.

Ranking the bottom 5 jurisdictions for crypto related victims from my own experience:

🥇 Nigeria
🥈India
🥉Canada
4). UK
5). Russia

(If you contact me from them I will likely have to decline formally assisting due to stagnant legal cases)

Community Alert: Be careful of a fake Hyperliquid app on the Google Play Store.

None of these platforms seem to do a good job of filtering these scams out.

Theft address
0x8c12C21C394D9174c3b1a086A97d2C5523ABb8F5

Onchain clown of the month: A Cardano holder swapped 14.4M ADA ($6.9M) for 847K USDA (Cardano stable pegged to USD) two hours ago and lost $6.05M due to low liquidity causing the price to sharply spike temporarily. Previously the funds sat dormant for ~5 years

Address
addr1qy5lcrk497pg88xkfgwxp2v9y328g3j87tvq3sefpkmg7n7nst5js3fzwl4cm8g46fm6unayaet8yfcw5kp3jkjy0tdsr4x534

The project 'GANA Payment' was exploited a few hours ago for ~$3.1M+ on BSC

Theft consolidation
0x2e8a8670b734e260cedbc6d5a05532264aae5c38

The attacker deposited 1140 BNB ($1.04M) to Tornado on BSC and bridged funds to Ethereum where another 346.8 ETH ($1.05M) was deposited to Tornado.

346 ETH ($1.046M) currently sits dormant on Ethereum at 0x7a503e3ab9433ebf13afb4f7f1793c25733b3cca

The British threat actor Danny / Meech aka Danish Zulfiqar (Khan) appears to have likely been arrested by law enforcement and had crypto assets seized.

$18.58M currently sits at
0xb37d617716e46511E56FE07b885fBdD70119f768

I previously was monitoring and had identified him for his involvement in the $243M Genesis Creditor theft from August 2024 with Malone, Veer, Chen, & Jeandiel.

Danny was also involved in the Kroll SIM Swap from Aug 2023 that compromised the PII of BlockFi, Genesis, & FTX creditors that has since lead to $300M+ stolen via targeted social engineering scams.

Several hours ago multiple addresses tied to him I was tracking consolidated funds to 0xb37d in a similar pattern to other law enforcement seizures.

Danny was last known to be in Dubai. It’s alleged a villa was raided and others there were arrested as well.

Several sources say they have been unresponsive to messages for the past couple days.

$5K bounty to the first person who can successfully scrape all Kaito Yaps, Wallchain, Galxe, Layer 3, Cookie, Xeet users.

Please capture any data available (X username, user id, onchain address, score/points, etc).

Send me a DM on X once completed.

Update: To make it a bit easier I’ll be rewarding bounties for data sets from each of the six InfoFi platforms I stated.

Xeet (144K users), Galxe, Layer3, Cookie have already been completed.

Sorry for the spam I’ll continue to edit this message to avoid flooding the TG channel with notifications.

Earlier today Serpent (Ethos Network founder) publicly shared a dataset of 70K InfoFi users from Kaito, Wallchain, Cookie, Galxe, Xeet, & Ethos.

I worked with Shob to compare the InfoFi users to their X account location and here were the results:

A victim had suspicious outflows of ~$1.1M from five wallets on EVM chains 23 hours ago in a private key compromise.

The attacker swapped out of all assets for ETH immediately and deposited 330 ETH to Tornado.

Theft address
0x4f8affe6cd269d1f8352d0542432de6975c3912d

Community alert: A number of Trust Wallet users have reported that funds were drained from wallet addresses within the past couple of hours.

While the exact root cause has not been determined coincidentally the Trust Wallet Chrome extension pushed a new update yesterday.

Send me a DM on X (Twitter) if you were affected and I will update the list of theft addresses below as I verify more.

Theft addresses

EVM
0x3b09A3c9aDD7D0262e6E9724D7e823Cd767a0c74
0x463452C356322D463B84891eBDa33DAED274cB40
0xa42297ff42a3b65091967945131cd1db962afae4
0xe072358070506a4DDA5521B19260011A490a5aaA
0xe072358070506a4DDA5521B19260011A490a5aaA
0xc22b8126ca21616424a22bf012fd1b7cf48f02b1
0x463452c356322d463b84891ebda33daed274cb40
0x109252d00b2fa8c79a74caa96d9194eef6c99581
0x30cfa51ffb82727515708ce7dd8c69d121648445
0x4735fbecf1db342282ad5baef585ee301b1bce25
0xf2dd8eb79625109e2dd87c4243708e1485a85655
Bitcoin
bc1qjj7mj50s2e38m4nn7pt2j0ffddxmuxh2g8tyd8
bc1ql9r9a4uxmsdwkenjwx7t5clslsf62gxt8ru7e8
bc1q4g8u7kctk6f2x3f6nh43x76qm4fd0xyv3jugdy
bc1qw7s35umfzgcc7nmjdj9wsyuy9z3g6kqjr0vc7w
bc1qgccgl9d0wzxxnvklj4j55wqeqczgkn6qfcgjdg
bc1q3ykewj0xu0wrwxd2dy4g47yp75gxxm565kaw6m
Solana
HoQ6z1wW3LUnEGHnseC3ND3PoC6i6RghMCphHhK42FEH

Update: Hundreds of Trust Wallet victims & $6M+ stolen from the intial list of theft addresses

Update 2: Trust Wallet confirmed the incident on X

Update 3: Losses will be covered