On-chain investigator ZachXBT has given a more light to the recent BTC phishing case that removed 3,520 BTCs from a single purse. Apparently, funds are stolen from a personal scam that targets an older investor.
On-chain investigator Zachxbt gave a more light to the recent heist to take 3,520 BTC from a single purse. Monero's heist (XMR) noticed Rally In a year high, as the thief tries to cash out by an unidentified coin.
ZachXBT reported that $ 7M was monitored and frozen with the help of other on-chain investigators and Binance's team.
Update: So far $ 7m+ has frozen with the help of @Cfinvestigator, @tanuki42_Binance security team, and myself.
– zachxbt (@zachxbt) May 2, 2025
The heist has been traced to two personalities on social media, Nina/Mo, and W0RK, which operates from the UK. Scammers later removed their social media, even though they left tracks in the Bitcoin chain.
The targeted individual is based in the USA, and seems to have little problem with BTC maintenance, after transferring funds to a new address about a month ago. The targeted purse belongs to a relatively early BTC whale, which uses Gemini to form a large purse.
Investigators suspect either LAX security or trust scammers enough to expose the purse or send funds. No malware or intelligent contracts were involved. Confidence games have brought investment opportunities, complete with crypto deposit links.
BTC phishing funds exchanged or kept new purses
The heists that target BTC are relatively rare, as the coin is not held in easily accessible web3 wallets. However, the phishing team managed to make their target to expose the purse.
Some of the funds will still be held in new addresses with smaller handling, divided into small sums of 5 btc. More than 17 BTC was sent to a Kucoin Hot pursewith the potential to interfere with funds.
The hacker Address Received many transactions from the victim, with the largest one for 2.78k BTC in a single transaction. Investigators did not respond if the victim sent transactions voluntarily or if the keys of the purse were compromised.
BTC theft remains unusual, as most confidence scams often use the use of stablecoins. However, the pattern of attacking on older investors remains valid. Stablecoins can be hidden more easily, using P2P Markets Like a Huione guarantee.
Following the robbery, the price of XMR remained elevated above $ 280. Most of the volume of XMR dedicated to Kucoin. Nearly 47% of all XMR activities are locked in many pairs in South Korea exchange.
An obstacle for hacker may be the inability to withdraw XMR from the exchange. The coin saw the high raised volume as other businessmen joined.
Kucoin has only shared BTC, ETH, and Stablecoins reserves, with no data in the actually available XMR for removal. While in exchange, XMR does not offer actual privacy. However, Kucoin has not yet been mentioned as one of ZachXBT's assistants for the seizure of some of the funds.
The mexc exchange was also used for some of the swaps. The market operator does not share XMR or other available reserves.
Cryptopolitan Academy: Tired of market swings? Learn how the Defi can help you develop a steady passive income. Register now
