zachxbt

"On-chain detective" ZachXBT stated that the hacker "Dritan Kapplani Jr" transferred approximately $2.59 million in assets, including 1.99 million DAI and 259 ETH. The related funds were transferred from address 0x4487...bba6 to address 0x67ec...125d, and the stolen funds are currently in a stagnant state.ZachXBT indicated that it released an investigation report on May 12, detailing the connections between Dritan Kapplani Jr and Trenton (Trent) Johnson in a social engineering theft case involving 185 bitcoins (approximately $13 million).

On-chain detective ZachXBT has released a lengthy article exposing the LAB project and its founder (@vsadkovv), accusing the LAB token's circulation and distribution of being very opaque.ZachXBT stated that Coingecko, RootData, and CMC all reported different circulation figures for LAB, and the official team has not clearly disclosed the token distribution. There is a significant overlap between investors and trading platforms, and most critically: insiders likely control over 95% of the tokens, leaving retail investors completely unaware of the true circulation situation.Additionally, the LAB team unilaterally changed the public sale lock-up period from 3 months to 9 months, while also defaulting on marketing fees, providing special treatment to KOLs and whales, and requiring them to post promotional content. The founder has mixed project funds with personal accounts, with a large amount of funds going directly into trading platform recharge addresses. Insiders can sell off tokens without retail investors being aware at all. ZachXBT calls for trading platforms to conduct a thorough investigation and delist or freeze the related funds.

On-chain detective ZachXBT has released a lengthy article exposing the LAB project and its founder (@vsadkovv). The LAB token has surged to a $6 billion FDV, but the situation is very opaque.The team was founded by Vova Sadkov and Mark, whose previous Eesee project left many investors dissatisfied. Currently, the circulation data for LAB is chaotic, with Coingecko, RootData, and CMC reporting different circulation figures. The official team has not clearly disclosed the token distribution, and there is a significant overlap between investors and trading platforms. Most critically, insiders likely control over 95% of the tokens, leaving retail investors completely unaware of the true circulation situation.Additionally, the LAB team unilaterally changed the public sale lock-up period from 3 months to 9 months, while also defaulting on marketing fees, providing special treatment to KOLs and whales, and requiring them to post promotional content. The founder has mixed project funds with personal accounts, with large amounts of money directly entering the trading platform's recharge address. Insiders can sell off tokens without retail investors being aware.On-chain data shows that insiders recently withdrew over 100 million LAB from trading platforms, worth hundreds of millions of dollars, using tactics similar to those seen in previously manipulated projects. ZachXBT calls for trading platforms to conduct a thorough investigation and delist or freeze related funds. Furthermore, ZachXBT specifically states: this is not a short-selling recommendation. With such high supply control, short-selling instead becomes fuel.

On-chain detective ZachXBT exposed American threat actor Dritan Kapllani Jr, claiming he is suspected of participating in a social engineering theft targeting crypto users, totaling approximately $19 million. ZachXBT stated that Dritan has long flaunted luxury cars, high-end watches, private jets, and nightlife on social media. On April 23, 2026, during a "Band 4 Band (B4B)" voice chat on Discord, he publicly displayed an Exodus wallet containing $3.68 million in assets to prove he was wealthier than another hacker.The relevant ETH address is: 0x4487db847db2fc99372a985743a26f46e0b2bba6. ZachXBT tracked and found that this address is linked to a social engineering theft case involving 185 BTC (approximately $13 million) on March 14, 2026. The next day, Dritan's Exodus wallet received about $5.3 million of those funds. By the time of the B4B call six weeks later, about $1.6 million had been spent or laundered.On May 11, the U.S. Justice Department unsealed a criminal indictment against Trenton Johnson, who is accused of participating in the aforementioned 185 BTC theft case and could face up to 40 years in prison. "Coconspirator 1" in the indictment is alleged to be Dritan, who has not yet been formally charged. ZachXBT also pointed out that Dritan is connected to hacker John Daghita (Lick), who was previously arrested for stealing $46 million from the U.S. government, and John had exposed Dritan's old wallet address on Telegram.On-chain analysis shows that this address is related to multiple high-confidence social engineering theft cases in 2025, with a total amount involved exceeding $5.85 million. ZachXBT stated that Dritan has been active in "The Com" hacker circle for a long time and had previously not faced formal charges due to his minor status. He is now over 18 years old, and "the borrowed time may finally be over."

ZachXBT posted on platform X, revealing that crypto KOL and former Fortnite professional player Yelo has been charged with money laundering for threat actors through his luxury car rental business in Miami, facing up to 30 years in prison.

The on-chain detective ZachXBT, who calls himself a "fraud fighter," is increasingly being pointed to by on-chain behavior analysis as having another identity: he is not a lone righteous messenger but more like a "public spokesperson" for a premeditated short-selling team. Multiple "preview-style revelations" have triggered sharp declines in token prices, with accusations of coordinated efforts involving pre-positioned short orders and precise timing.At the same time, ZachXBT himself is embroiled in serious controversy. In 2025, he received 50% of the supply of the meme coin ZACHXBT, inflated its market value to $88 million, and then withdrew nearly $4 million in liquidity, creating a "case investigation-style rug pull." Additionally, he has long accepted airdrops from project parties and rights protection coins without exception, cashing out every time; he earns over ten million dollars a year anonymously but has consistently refused to disclose his wallet and profit chain.An anonymous account questioned as a market manipulator is now turning around to "judge" the industry— is it a voice of justice, or is it creating a smokescreen for the next short-selling opportunity?

On-chain detective ZachXBT announced a reward of $10,000 for evidence of market manipulation related to LAB, including insider information on market makers for LAB on Bitget spot, Bybit perpetual contracts, Binance perpetual contracts, and OKX perpetual contracts, such as contracts, chat records, etc., as well as identity clues like the passport or ID of LAB founder vsadkovv.ZachXBT stated that the aforementioned actions are further damaging the reputation of the crypto industry, and the relevant participants should not go unpunished, adding that they have entered "war mode."

ZachXBT posted on platform X that the founder of LAB released philosophical nonsense while participating in the manipulation of the CEX market that harms retail investors; they attempted to contact privately, but the message was read and not replied to; the scammers further undermined the last remaining credibility of the industry.

On-chain detective ZachXBT tweeted that the DSJ Exchange (DSJEX) and the BG Wealth Sharing Ponzi scheme collapsed last week, with a total amount involved exceeding $150 million. The scheme had been operating since 2025, luring victims with high returns of 1.3%-2.6% daily. Between April 27 and May 3, criminals transferred and laundered over $92 million across chains to cover their tracks.ZachXBT stated that it had assisted Tether, Binance security teams, OKX, and U.S. law enforcement, and has currently frozen over $41.5 million in funds, including a single freeze of $38.4 million USDT on the TRON chain by Tether on May 4. ZachXBT warns that such scams primarily target ordinary retail investors, and victims should report to local police in a timely manner.

"On-chain detective" ZachXBT disclosed that the DSJ Exchange (DSJEX) / BG Wealth Sharing Ponzi scheme, involving over $150 million, collapsed last week.Under its leadership, actions were taken in collaboration with Tether, Binance security teams, OKX, and U.S. law enforcement agencies, resulting in approximately $41.5 million in funds being frozen, including $38.4 million frozen by Tether on May 4, and about $3.1 million frozen by other platforms.It is reported that the project has been operating since 2025, using "1.3%--2.6% daily returns" as a gimmick to attract users through referral commissions and tiered rewards. DSJ has been identified as a fraudulent trading platform, BG as a supporting investment organization, and the so-called CEO "Stephen Beard" is also a fictional character. Investigations show that the project team evaded regulation by frequently changing domain names and hot wallets, and promoted false trading signals through messaging applications. Before the collapse, the platform had suspended withdrawals and demanded users pay a 12% "tax" under the pretext of "upcoming IPO."In terms of fund flow, the involved addresses transferred assets through Tokenlon exchanges, cross-chain bridges (such as Bridgers, Butter Network), and stablecoin wrapping/unwrapping, ultimately flowing into addresses of multiple exchanges. Currently, 13 regulatory agencies from five continents have issued risk warnings regarding this project. Analysts believe that this incident once again highlights the critical role of cross-chain tracking and multi-party collaboration in combating cryptocurrency fraud.

"On-chain detective" ZachXBT posted on platform X, publicly criticizing Tokenlon and imToken, stating that they have become high-risk channels for illegal fund flows and indicating that further actions will be taken against the relevant platforms.It is claimed that most of Tokenlon's trading volume comes from "pig butchering," investment scams, and various illegal market activities, directly stating that its co-founder Ben He should "bear legal responsibility for the related actions." He mentioned that investigations and crackdowns on Tokenlon and the imToken system will continue in the future. Tokenlon lacks genuine trading demand outside of Southeast Asia, with a significant proportion of its on-chain activities related to illegal fund flows, and this issue has noticeably worsened since 2022.In addition, ZachXBT also named several so-called "offshore large trading and aggregation platforms," including Butter Network, HiFiSwap, and Tokenlon, stating that they should be subject to stricter regulation and crackdown due to potential criminal activities.

On-chain detective ZachXBT replied that PolyArb is a fraudulent prediction market product, and its website contains a wallet stealer.Previously, PolyArb claimed on platform X that the Hyperliquid HIP-4 results market reached a daily BTC trading volume of $6.15 million within 48 hours, which was questioned by user growth head William LeGate regarding its claims about Polymarket fees. ZachXBT warned that replying to the relevant account might bring more exposure to them and lead to an increase in potential victims.

On the X platform, "on-chain detective" ZachXBT pointed out that certain law firms in the United States are using their investigative work and on-chain forensic results to help victims of hacking incidents file legal claims, but this practice may actually affect the victims' ability to receive compensation or recover funds.In previous hacking incidents involving the Lazarus Group, these law firms typically intervene only after their on-chain fund tracking or freezing is completed, and propose follow-up legal actions that are weakly related to the crypto incidents themselves. They have also employed similar strategies for "free-riding claims" in incidents involving Harmony, Bybit, and others. ZachXBT also called for the crypto community to establish a DAO to resist such behavior.

ZachXBT posted on platform X criticizing Sam Altman's associated project World (formerly WorldCoin), questioning its practice of obtaining biometric data from users in low-income countries in exchange for distributing WLD tokens.He also criticized the low circulation token design of WLD, stating that the related identity verification system has led to a black market for verified accounts, and questioned the token inflation mechanism and the issue of off-exchange holdings circulation.

ZachXBT posted that it does not recommend users to use Bitcoin Depot's Bitcoin ATM service and questioned its recent allowance for a U.S. elderly fraud victim to exchange $25,000 in fiat for BTC through the ATM.ZachXBT stated that the victim was quoted at $108,000 per BTC, while the market price at that time was about $75,000, and ultimately the $25,000 only exchanged for 0.232 BTC, with an actual value of about $17,500. It also mentioned that Bitcoin Depot was recently exploited, resulting in a loss of $3.26 million, equivalent to about 54 BTC, and went unnoticed for several days.

On-chain investigator ZachXBT updated that the funds related to the KelpDAO attack have begun to be transferred, with approximately $1.5 million being cross-chain transferred from the Ethereum mainnet to the Bitcoin network via Thorchain, and another approximately $78,000 being transferred through Umbra.The initial source of funds for the related attack addresses came from Tornado Cash, and the money laundering and cross-chain transfers are still ongoing.

MemeCore CEO Jun tweeted that the true value of any project does not depend on short-term attention, headline valuations, or how much profit the foundation can extract, but is built on trust.Jun pointed out that while some may question MemeCore's valuation, the project's responsibility goes beyond creating temporary hype; it is to strengthen the ecosystem around the project, contribute to a healthier market environment, and build something that can exist long-term.He admitted that the blockchain industry has witnessed too many projects driven by speculation, short-term hype, and "pump and dump" behavior. Although MemeCore started as a meme project, a meme project can do much more than attract attention; it can also create culture, build trust, and contribute to a healthier market environment.Previously, on-chain detective ZachXBT questioned the review process for Kraken listing Memecore (M) spot trading and pointed out that there were anomalies in the related on-chain fund flows. Data shows that last week, M's market cap once soared by nearly $6 billion, but it has now fallen back to around $4.7 billion.

On-chain detective ZachXBT questioned Kraken's due diligence process for the listing of $M (Memecore) spot trading on July 3, 2025, stating that approximately 7.9 million $M had been withdrawn from Kraken to 18 newly created addresses, of which a total of about 11.7 million $M is currently held, valued at approximately $39.8 million at the current price.He also mentioned that a suspected Memecore team address received 200 million $M during the token generation event (TGE) and transferred 5.3 million $M to the Kraken deposit address on July 3, 2025.

On-chain detective ZachXBT questioned Kraken's review process for the listing of Memecore (M) spot trading and pointed out that there were anomalies in the related on-chain fund flows.He stated that approximately $7.9 million flowed out of Kraken to 18 newly created addresses, which currently hold a total of about 11.7 million M (currently valued at approximately $39.8 million). At the same time, he claimed that a suspected team address had previously deposited about 5.3 million M into Kraken, raising market concerns about token distribution and trading behavior.