zachxbt

On-chain detective ZachXBT stated that during the migration from the traditional private messaging system to XChat, the X platform encountered multiple technical bugs. At the same time, the reliability of the platform's search function declined, affecting information retrieval efficiency. More importantly, the X platform's algorithm has a "traffic bottleneck" for cryptocurrency content, making it easier for content to be restricted within the cryptocurrency vertical, thereby reducing the ability to reach a broader audience.

According to on-chain detective ZachXBT's monitoring, it was found that signs of mixing appeared in the funds stolen from the Humanity Protocol and Kelp DAO vulnerability attacks one hour ago, indicating that there may be an overlap between the attackers of these two incidents.Based on this new evidence, it can be largely ruled out that the theft case of Humanity Protocol was committed by an insider.

ZachXBT released a community alert on platform X, reporting that the centralized exchange AscendEX (formerly Bitmax) has been reported by multiple users for withdrawal delays ranging from days to weeks, and in some cases, withdrawals cannot be processed at all. ZachXBT checked the known hot wallets of the exchange through Arkham and TRM and found that its reserves lack mainstream large-cap tokens such as ETH, USDT, and SOL, which may indicate liquidity issues.AscendEX was founded by George Cao and Ariel Ling in 2018 and was hacked by the Lazarus Group in December 2021, resulting in a loss of approximately $78 million.

According to "On-Chain Detective" ZachXBT's post on his personal channel, Polish social engineering attacker Wojtek Kulisz (online name "Merry") was recently suspected of being raided by Polish law enforcement, along with three others being taken away.Although the official press release did not disclose his name or photo, several designer clothing and jewelry items displayed on his public Instagram account "wojtekk" are highly consistent with the items seized during the police operation. The related case is led by the Polish Central Cyber Crime Fighting Department (CBZC) and has received assistance from agencies such as the FBI and HSI.

"On-chain detective" ZachXBT published a case analysis stating that in a cryptocurrency asset case involving an Indian scam gang, the relevant individuals reported the case to law enforcement after their assets were frozen, drawing attention. The incident began when a user sought help, claiming that approximately 5.73 BTC (about $475,000) was frozen on Changelly in March 2025.Subsequent on-chain analysis revealed that these funds could be traced back to multiple social engineering attacks and theft cases related to Bitcoin ATMs targeting U.S. users, with a total amount involved exceeding $1 million and several elderly victims. The investigation showed that the individual provided multiple changing explanations for the source of the funds, including "loan," "boss transfer," and "investment from 2014-2015," and there were significant contradictions in the evidence chain.More concerning is that this user had previously filed a police report in India in December 2025, attempting to recover the frozen funds (case number 3207-P/2025). Subsequent on-chain evidence collection and email data analysis indicated that they might be a "mule" for transferring funds, with some bank documents inconsistent with their identity information. ZachXBT noted that such cases demonstrate that social engineering attacks and cross-border fund transfers continue to occur and remind users to avoid interacting with funds from suspicious sources to prevent triggering compliance freezes or legal risks.

According to monitoring by ZachXBT, the address starting with TA6YHq received 120.2 million USDT on the Tron chain, then transferred over 12 million dollars to a Kucoin deposit address, and moved 8 million dollars to several instant exchanges. This entity created Monero orders, causing its price to briefly surge from 330 dollars to 420 dollars. Additionally, over 8 million dollars was transferred from Tron to Bitcoin and Ethereum via Near Intents.Previously, it was reported that Tether froze 72 million USDT in the address starting with TBzrPE, which is directly related to TA6YHq.

On-chain detective ZachXBT posted on platform X, stating that the demands from the crypto community for its investigative work are often difficult to meet.ZachXBT mentioned that when it publishes token manipulation investigations before insiders exit, it gets accused of shorting related projects, such as RAVE, M, and LAB; whereas when it releases investigation results after events occur, it is criticized for failing to issue warnings in advance.He stated that continuously facing such doubts has gradually diminished his motivation to regularly publish investigation reports, as he prefers to continue conducting investigations privately rather than endure public pressure. ZachXBT also criticized some community members for overly relying on its investigative results instead of conducting their own research.

On-chain detective ZachXBT released an update on the Humanity $31 million security incident. After further analysis of the flow of funds, ZachXBT believes that the team is likely not involved in "self-theft" or "self-directed performance." The official announcement regarding the private key leak is true, but before the unlocking, the price of H tokens was artificially pumped, resulting in hackers taking advantage of the situation. The private key leak and the previous abnormal price pump should be considered independent events.ZachXBT also questioned whether the team artificially inflated the price of H tokens through suspicious market-making agreements and large over-the-counter transactions before the token unlocking, in order to smoothly offload or alleviate selling pressure ahead of the upcoming unlocking for investors/early contributors (around June 25).

Regarding the incident of "Humanity being stolen over 31 million dollars," on-chain detective ZachXBT stated, "It's unclear whether this is a hacker theft or malicious behavior from the project team. From the K-line chart, given the concentration of supply, the H team is likely collaborating with an active market maker. However, all H tokens were sold on decentralized exchanges (on-chain), not centralized exchanges."

In response to Radha Stirling's claims about multiple Dubai crypto figures being abused in UAE detention centers, on-chain investigator ZachXBT stated that the individuals referred to as "crypto entrepreneurs" are actually threat actors suspected of involvement in high-impact social engineering crypto scams and data extortion. Law enforcement has seized $18.9 million in stolen funds.

On-chain detective ZachXBT posted questioning BitMEX co-founder Arthur Hayes for frequently changing his views and selling tokens in a short period, asking how much exit liquidity he had received from followers in the past few days.ZachXBT pointed out that before WLD, Arthur Hayes had expressed bullish views on tokens such as NEAR, HYPE, and ZEC, and in his latest operation, after publicly expressing a strong bullish stance on Worldcoin (WLD) multiple times and giving a target far above the current price, he chose to liquidate his position in a short time.In response, Arthur Hayes stated that he was simply selling assets at market prices to buyers willing to take over according to his trading targets, and if the price continued to rise, outsiders would think his sale was a wrong decision, "this time it just happened to be a correct judgment."Subsequently, ZachXBT posted again, sharing Arthur Hayes's previous bullish comments on WLD and questioning his rapid exit from the position after loudly promoting it, sparking discussions in the community about the influence of opinion leaders on the market and the issue of "exit liquidity."Previously, Arthur Hayes had stated that he had liquidated his WLD position, claiming that the price trend was "not right," and announced his exit from that position.

According to a post by on-chain detective ZachXBT, the prediction market project Rain Protocol ($RAIN), with a market capitalization of approximately $8.8 billion, is facing serious risks. ZachXBT discovered through tracking on-chain addresses that the funding sources of the RAIN team are linked to the Gems hot wallet, and the related addresses had previously transferred funds for failed projects DOP and TOMI, suggesting potential team overlap.TOMI, DOP, and Sirin Labs can all be traced back to the controversial Israeli businessman Moshe Hogeg, who was arrested in 2021 for crypto fraud and was charged by police in 2023 for allegedly being involved in a $290 million crypto scam. Additionally, the price of the RAIN token appears to be subject to on-chain manipulation, with its TVL almost entirely composed of its own native token, which has extremely poor liquidity, and annual fee income of only about $1 million.The launchpad Gems.vip, which incubated several of the aforementioned projects, is reportedly preparing for a new round of presales for the Kai Platform, while the whereabouts of the $162 million raised by DOP remain unclear, with ongoing complaints from retail investors.

ZachXBT stated that approximately $12.4 million in funds in the Zama cUSDC contract, which was blacklisted by Circle, may be associated with the DeFi project Overnight Finance, which has recently been embroiled in controversy due to accusations against its team of a Rug Pull.

On-chain detective ZachXBT posted on his personal channel that a certain entity previously received ESPORTS, RIVER, and LIGHT tokens through Sablier's attribution contract, which are directly linked to the three multi-signature wallet signers of LAB. These BSC tokens have all experienced market manipulation on centralized trading platforms.ZachXBT had previously flagged anomalies with LAB and RIVER, while the ESPORTS token suffered another flash crash, plummeting 93% in a short time. The CEX deposit addresses associated with the entity and the LAB signer addresses have been made public.

"On-chain detective" ZachXBT disclosed on his personal channel that two contracts related to the European stablecoin issuer StablR may have been attacked, with potential losses exceeding $3 million (EURR and USDR). The source of the attacker's funds was through the CCTP platform on Noble. Additionally, ZachXBT revealed 7 attacker addresses currently associated with this security incident.

Polymarket staff Shantikiran Chanal posted on platform X that they have noted a security report related to reward distribution, and user funds and market settlements are in a secure state. The investigation points to a wallet used for internal operations experiencing a private key leak, rather than an issue with the contract or core infrastructure. More updates will be released later.Previously, ZachXBT stated that the Polymarket UMA CTF Adapter contract was suspected to have been attacked on Polygon, with over $520,000 currently leaked.

On-chain detective ZachXBT posted a warning stating that "choosing to gamble on Spartans is itself an IQ test," and questioned the long-term harvesting behavior of the operators behind Spartans. ZachXBT pointed out that Gurhan Kiziloz, a figure related to Spartans, previously operated BlockDAG Network, which has not launched its mainnet or mining products for years, yet still promoted a presale with "300 times returns" and has raised at least $350 million from inexperienced retail investors.He further stated that BlockDAG has recently shifted to casino operations and suspects that the related casino platform may be used to "legitimize BlockDAG funding sources," including circulating funds by paying high fees to employees and KOLs. Previously, several community members and content creators have also publicly questioned Spartans' marketing model and operational transparency, warning users of potential "rug pull" risks.

On-chain detective ZachXBT has announced a reward of up to $10,000 for insider information related to the Hong Kong market maker "Heisenberg Guru (HSBG)."ZachXBT stated that HSBG is suspected of being involved in multiple market manipulation incidents on centralized exchanges (CEX), including $RIVER. It pointed out that Sion and Chao are core members of HSBG and mentioned that materials such as chat records, contracts, and internal communications may all be eligible for rewards. Clues can be submitted by contacting ZachXBT via private message on X.

"On-chain detective" ZachXBT stated that the hacker "Dritan Kapplani Jr" transferred approximately $2.59 million in assets, including 1.99 million DAI and 259 ETH. The related funds were transferred from address 0x4487...bba6 to address 0x67ec...125d, and the stolen funds are currently in a stagnant state.ZachXBT indicated that it released an investigation report on May 12, detailing the connections between Dritan Kapplani Jr and Trenton (Trent) Johnson in a social engineering theft case involving 185 bitcoins (approximately $13 million).

On-chain detective ZachXBT has released a lengthy article exposing the LAB project and its founder (@vsadkovv), accusing the LAB token's circulation and distribution of being very opaque.ZachXBT stated that Coingecko, RootData, and CMC all reported different circulation figures for LAB, and the official team has not clearly disclosed the token distribution. There is a significant overlap between investors and trading platforms, and most critically: insiders likely control over 95% of the tokens, leaving retail investors completely unaware of the true circulation situation.Additionally, the LAB team unilaterally changed the public sale lock-up period from 3 months to 9 months, while also defaulting on marketing fees, providing special treatment to KOLs and whales, and requiring them to post promotional content. The founder has mixed project funds with personal accounts, with a large amount of funds going directly into trading platform recharge addresses. Insiders can sell off tokens without retail investors being aware at all. ZachXBT calls for trading platforms to conduct a thorough investigation and delist or freeze the related funds.