The hack of 4,064 Bitcoins worth about $238 million that occurred a month ago, with no culprit, has been officially brought to light by on-chain detective ZachXBT.
ZachXBT "reveals" the identity of the perpetrator of the $238 million hack in August
Summary of the 4,064 Bitcoin hack with unknown perpetrator in August
As Coin68 reported , on August 19, 2024, on-chain detective ZachXBT recorded a suspicious transaction on the Bitcoin network, circulating an amount of up to 4,064 BTC , worth 238 million USD at that time.
The reason this transaction was marked as suspicious is because after withdrawing the huge amount of Bitcoin to a new wallet, the person who made it shredded this amount of BTC and sent it to many other addresses for unknown reasons, with suspicion of asset dispersion.
The crypto community then discovered that the hacked whale wallet was linked to Genesis Trading , a lending unit that went bankrupt in early 2023 due to the collapse of the FTX exchange. Specifically, this wallet received $37.7 million in bankruptcy compensation from Genesis in early August, as well as being sent $127.6 million in Bitcoin by Genesis in 2022.
However, ZachXBT stopped the information about the incident here without Chia the attack method, and at the same time announced not to reveal the identity of the perpetrator out of respect for privacy, making the investor community "restless" for fear that one day the same thing would happen to them. But to reassure public opinion, this detective affirmed that the perpetrator behind the incident was not the notorious hacker group Lazarus Group .
Exactly one month later, ZachXBT today decided to reveal the identities of all the perpetrators behind the above hack, as well as announce the method that this group used to "pocket" about 250 million USD at the current Bitcoin value of around 62,000 USD.
1/ An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen. pic.twitter.com/dcY1e9xsPd
— ZachXBT (@zachxbt)September 19, 2024
The identity of the perpetrator and the method of attack were revealed.
According to ZachXBT's investigation, the culprit behind this $250 million hack is a group of 4 core members using different aliases: Greavys (real name Malone Iam), Wiz (Veer Chetal), Box (Jeandiel Serrano), Danny Trauma (Danish Khan). All of them live in the United States.
Most of the gang members' identities were exposed by ZachXBT because they "accidentally" made the mistake of revealing their real names while screen- Chia to lure victims.
The method that this group used to steal 4,064 BTC from the whale wallet was very sophisticated through calls on social networks to get the private key as follows:
- Phone number spoofing to trick victims into believing they are speaking with Google and Gemini support staff, claiming their account is being hacked.
- Tricking victims into resetting two-factor authentication (2FA) and transferring funds from the Gemini exchange to a wallet address that had been previously hacked by the group.
- Using "sweet" words to lure victims to use AnyDesk (a video call application with screen Chia function) and thereby exposing private keys from Bitcoin Core wallet.
After knowing that the victim had "fallen into the net" and successfully appropriated a huge amount of money, this group of people discussed how to Chia the "reward", then dispersed it all through more than 15 exchanges, mainly exchanging around Bitcoin, Litecoin (LTC), Ethereum (ETH) and Monero (XMR).
Chain of living lavishly and spending money, but his residence was exposed because of "girls"
The reward was successfully Chia , and each member of this gang of robbers began a life of luxury and debauchery from then on.
- Wiz (Veer) was the recipient of the majority of the stolen funds. Wiz's friend Light/Dark (Aakaash) helped launder the funds through eXch and Thorswap . There is still $34.5 million left in Wiz's wallet.
- Box (Jeandiel/John) posed as a Gemini support agent calling victims. Box’s wallet address still has $18 million in it. A cluster of ETH addresses linked to both Box and Wiz has received over $41 million from the two exchanges over the past few weeks, mostly used to buy luxury items such as cars, watches, jewelry, and designer clothes.
- Greavys (Malone): Bought more than 10 cars and spent $250,000 - $500,000/night at clubs in Los Angeles and Miami (USA). This person even gave many Hermes Birkin handbags (each worth $10,000 - $100,000) to the girls. However, "going out at night often leads to ghosts", Greavys was discovered because his friends and the girls posted photos on social networks every night, revealing his location. Currently, Greavys' wallet address still has $3.5 million.
- Danny Trauma (Danish Khan) joined the internal Telegram chat group under the name Meech, but his Vai is not really clear. Like Greavys , Danny's personal information was also "accidentally" revealed by his ex-girlfriend on social media.
8/ Greavys was located via OSINT in LA/Miami due to friends/girls posting his location on social media every night.
— ZachXBT (@zachxbt)September 19, 2024
He also has an Instagram account where he posted photos of himself using his name earlier this year. pic.twitter.com/mfh0cAaJGG
A "bitter" ending for the group of party-goers
With the support of blockchain forensics experts @CFInvestigators and security solutions service @zeroshadow_io, along with Binance security team, over $9M USD was frozen and over $500K USD was returned after working closely with the victim to investigate the incident.
As a result of the investigation, Box and Greavys were arrested last night in Miami and Los Angeles. ZachXBT speculates that law enforcement will continue to pursue the remaining individuals in the gang due to the large transactions that have been traced over the past period.
13/ As a result of the investigation Box and Greavys were arrested yesterday evening in Miami and LA.
— ZachXBT (@zachxbt)September 19, 2024
I would expect law enforcement to seize additional funds during the arrests due to large transfers around that period of time. pic.twitter.com/QEKN9yepAr
The crypto market has many opportunities to make money but also has many potential risks and tricks that will make those who are not careful fall into the trap.
According to a report from Web3 bug bounty platform and security service Immunefi, the crypto industry lost $572.7 million to hacks and fraud in Q2 2024 with 72 incidents. The July 2024 report also said that crypto has seen over $1.19 billion this year due to hacks and fraud.
Of the total $572.7 million, hacking was the primary cause of losses in Q2, accounting for 98.5% ($564.2 million) from 53 incidents, compared to fraud, phishing, and Rug Pull, which accounted for just 1.5% ($8.5 million) across 19 incidents.
Coin68 synthesis
Join the discussion about the HOTTEST issues of the DeFi market in the Fomo Sapiens chat group with Coin68 admins!!!
