An unidentified crypto investor lost $3.047 million in USDC through a highly coordinated phishing attack on September 11. The breach targeted a 2-of-4 Safe multi-signature wallet, where the victim approved transfers to an address that closely resembled their intended recipient. The attacker had deployed a fake but Etherscan-verified contract nearly two weeks prior, programming it with legitimate-looking ‘batch payment’ functions. The exploit leveraged the Safe Multi Send mechanism, making the malicious approval difficult to detect as it wasn’t a standard transaction. Request Finance confirmed the attack involved a counterfeit version of its Batch Payment contract, affecting one customer, with the vulnerability now patched. Security firm Scam Sniffer warned that such sophisticated methods—using verified contracts and near-identical addresses—show attackers are refining techniques to bypass user scrutiny, with potential vectors including app vulnerabilities, malware, and DNS hijacking.
read moreZachXBT
1 posts last week
Solana Trading Platform Aqua Accused of $4.65M Rug Pull
Aqua, a Solana-based trading platform that positioned itself as democratizing access beyond ‘insiders or whales,’ is accused of executing a sophisticated rug pull worth $4.65 million (21.77k SOL). The project had built significant credibility through endorsements from major Solana entities including Meteora, Helius, and SYMMIO, and had recently received a 99.7% security audit score from QuillAudits. The platform conducted a successful public token sale, raising $1 million in just 30 minutes, while promoting revenue sharing through its AQUA token. According to ZachXBT’s investigation, funds were systematically moved through multiple intermediary addresses to instant exchanges hours before the report. The team has since disabled communications, deleted Telegram messages, and claimed their Medium account was suspended, leaving investors without explanations or updates.
read moreCrypto Influencers Paid $60K Per Post, Lack Disclosure
A comprehensive investigation by blockchain detective ZachXBT has uncovered that over 200 crypto influencers have been accepting payments ranging from hundreds to $60,000 per post to promote token projects. The most alarming finding is that fewer than five out of 160+ tracked deals included proper advertisement disclosures, violating regulations in most jurisdictions. The leak exposed a tiered pricing system where high-profile accounts charge $5,000-$10,000 per post, while micro-influencers accept smaller amounts. Analysis of blockchain transactions confirmed payments and revealed that some influencers earned more from promotions than actual trading. The practice has sparked concerns about manufactured market narratives, deception of followers, and potential regulatory crackdowns, especially following recent UK FCA guidelines warning that unauthorized promotions could constitute criminal offenses.
read moreTRM Labs Launches Beacon Network to Combat Crypto Crime
TRM Labs’ Beacon Network represents a significant advancement in combating cryptocurrency crime through real-time detection and response capabilities. Developed with partners including Ripple, Binance, Stripe, and multiple law enforcement agencies, the network flags criminal addresses and triggers immediate alerts when tagged funds reach participating exchanges. This allows platforms to freeze suspicious deposits before criminals can convert them to fiat. The initiative addresses the urgent need for faster responses in an ecosystem where over $47 billion in crypto has been sent to fraudulent addresses since 2023, with $2 billion stolen just this year. By providing free access to law enforcement and verified exchanges, Beacon Network aims to create coordinated defenses against increasingly sophisticated crypto crimes that often outpace traditional response times.
read moreNorth Korean IT Workers Infiltrate Crypto Job Market
Blockchain investigator ZachXBT has uncovered a North Korean operation infiltrating the cryptocurrency job market using fake identities on platforms like Upwork and LinkedIn. A compromised device revealed how a small team of five IT workers managed over 30 fake profiles, using Google Drive for organization and Payoneer to convert earnings into crypto. The group is linked to a $680,000 exploit at Favrr and other high-profile hacks, including the $1.5 billion Bybit breach. Despite their lack of sophistication, their persistence and poor industry collaboration make them a persistent threat. The FBI has attributed major attacks like ‘TraderTraitor’ and the $44 million CoinDCX heist to North Korean operatives.
read moreNorth Korean IT Workers Infiltrate Western Tech Firms via Remote Jobs
A report by blockchain investigator ZachXBT exposed a North Korean IT worker operation that infiltrated Western tech firms using fake identities and remote development jobs. The workers purchased fraudulent social security numbers, Upwork and LinkedIn accounts, and rented computers to secure positions. Evidence from compromised devices revealed their use of Google products for organization and English communication, despite their North Korean origins. The team was linked to the $680,000 Favrr exploit, with payments processed via cryptocurrency. ZachXBT highlighted the lack of collaboration between services and hiring teams’ negligence as key challenges in combating such operations. The investigation underscores the scale of North Korean infiltration into global remote job markets.
read moreNorth Korean Hackers Steal $680K in Favrr Fan-Token Heist
A team of North Korean IT operatives, connected to a $680,000 hack of fan-token marketplace Favrr in June, has been exposed through leaked screenshots from one of their devices. The hackers used Google products and rented computers to infiltrate crypto projects, according to crypto investigator ZachXBT. This group has a history of large-scale exploits, including the $1.4 billion Bitbit exchange hack in February, and has siphoned millions from crypto protocols over the years. The leaks provide a rare glimpse into the operations of North Korean-linked cybercriminals.
read moreRipple’s RLUSD Stablecoin Surpasses $600M Supply in July
Ripple’s stablecoin RLUSD experienced a 32.3% supply increase between June and July, surpassing $600 million—the second-largest growth among stablecoins with over $500 million in supply expansion. Since May, RLUSD has nearly doubled its supply, with its market cap jumping 47% to $455.3 million by June. In July, it hit a new monthly high with $3.3 billion in trading volume, up 27% from June. Ripple bolstered RLUSD’s growth through strategic moves, including seeking a national banking charter, partnering with BNY Mellon as custodian, and pursuing ISO 20022 and MiCA compliance. However, skepticism arose as blockchain investigator ZachXBT questioned the authenticity of RLUSD’s user base, comparing it unfavorably to rivals like Circle and Tether.
read moreXRP Whales Move Funds to Exchanges, Price Pressure Looms
XRP’s price may face short-term pressure as large holders, or ‘whales,’ move significant amounts of the cryptocurrency to exchanges, according to CryptoQuant Head of Research Julio Moreno. Data reveals a sharp increase in the 30-day moving average of XRP inflows to exchanges, rising from 141 million to 260 million tokens in July. This trend mirrors past instances where whale activity preceded price declines, such as the drop from $3.65 to $3 following a 660 million XRP transfer to exchanges in mid-July. While whale movements can be bearish, they also reflect market dynamics, as seen in 2020 when XRP surged amid lower exchange reserves. The recent crypto rally has also spurred whale activity in Bitcoin, with Galaxy Digital facilitating a $9 billion sale for a Satoshi-era investor.
read moreCanadian Teen Sentenced for $37M Bitcoin Heist and X Hacks
Cameron Redman, a Canadian teen, has been sentenced to 12 months and one day in prison, followed by three years of supervised release, for stealing $37 million in Bitcoin and Bitcoin Cash through a SIM swap attack in 2020. He also hacked several high-profile X accounts, including those of NFT creators and crypto investors, laundering the stolen funds through exchanges and Tornado Cash. Despite recovering $5.4 million, authorities are still missing $31.5 million. ZachXBT, who uncovered the case, has called for stricter penalties and earlier disclosure of offenders’ identities to prevent further crimes. The incident underscores the rising threat of SIM swaps and phishing scams, with reports showing a 1,055% increase in such attacks in the UK in 2024.
read more