On-chain detective ZachXBT has shared details of the massive crypto Ponzi scheme that took over $150 million from unsuspecting victims before collapsing last week. Related Reading: Bitcoin Targets $86,000 After Key EMA Reclaim: Is The Next Rally Here? The Mechanics Behind The $150M Crypto Ponzi In a series of X posts, ZachXBT unveiled the details of a Ponzi scheme that had been operating under the DSJ Exchange (DSJEX), a fake trading platform, and BG Wealth Sharing, a fraudulent investment scheme, since 2025. The scam involved a fake CEO named Stephen Beard, a self-proclaimed professor who represented the platform to the public. According to the Tuesday thread, DSJEX and BG Wealth advertised daily returns of 1.3%–2.6%, with referral commissions and rank-based bonuses. In addition, Beard pushed recruitment and fake trading signals through a group on Hong Kong messaging app BonChat. The Washington State Department of Financial Institutions (DFI) recently explained that investors used these trading signals on the DSJ exchange and were led to believe that the crypto investments were generating returns. BG Wealth and DSJ claimed to be licensed by the US Securities and Exchange Commission (SEC), but the DFI found that neither of the forms filed by these companies indicated that they were registered with the SEC. Thirteen regulators across five continents had issued public fraud warnings about the firms, including the UK’s Financial Conduct Authority (FCA), the Australian Securities and Investments Commission (ASIC), the Philippines’ SEC, and Washington’s DFI. On April 23, US law enforcement seized one of BG Wealth’s domains as part of a joint operation conducted by Operation Level Up and the Scam Center Strike Force. However, the scam continued to operate for roughly another week. Last Saturday, Beard posted a video affirming that DSJEX would soon go public and demanded a 12% “tax” on account balances as a prerequisite for the regulatory process. But the scammers had already disabled withdrawals by this point. Tether, Exchanges Freeze $41.5M After the US authorities’ involvement, the malicious actors laundered over $92 million in crypto assets across chains. ZachXBT noted that the scammers regularly rotated between domains and hot wallets to evade law enforcement. Between April 27 and May 3, the crypto funds were laundered through token swaps, bridging via Bridgers, Butter Network, and USDT0, wrapping and unwrapping USDD, and consolidation of transactions across hundreds of addresses. The crypto sleuth traced the millions in outflows through a timing analysis, located Solana/Tron deposits to Binance, and found matching Tron withdrawals. Then, he provided details to the relevant parties, including Tether, the Binance security team, OKX, and US law enforcement. As a result, Tether froze $38.4 million on May 4, while another $3.1 million was frozen at various crypto services and exchanges, bringing the total to $41.5 million. Related Reading: Why is Crypto Up Today? Bitcoin Price Faces ‘Real Test’ At This Key Level Despite the significant recovery, the on-chain detective noted that the scam’s $150 million assessment is “likely significantly higher since the scheme has been operating since 2025, with thousands of victim exchange withdrawals identified.” Ultimately, he advised victims of DSJEX and BG Wealth’s scheme to file a police report in their jurisdiction to aid global investigations and potential restitution from laundered proceeds. Featured Image from Unsplash.com, Chart from TradingView.com
A wave of crypto hacks hitting decentralized finance platforms in April has renewed an old argument: should stablecoin companies step in when stolen money passes through their systems? That question is now front and center again after Tether, the world’s largest stablecoin issuer, revealed it froze over $340 million in dollar-pegged tokens at the direct request of US law enforcement officials. Related Reading: Shariah-Compliant Stablecoin PUSD Moves Into MidEast Institutional Arena Community Divided Over Stablecoin Control The freeze targeted two separate wallet addresses. Tether said the funds were linked to unlawful conduct but gave no further detail about what the accounts were suspected of doing or who controlled them. The company coordinates freezes when it finds credible ties to sanctioned entities, criminal networks, or other illegal activity, according to its published policy. Tether CEO Paolo Ardoino defended the action in a statement released alongside the announcement. “When credible links to sanctioned entities or criminal networks are identified, we act immediately and decisively,” he said. The company did not respond to further requests for comment. The freeze was carried out in coordination with the Office of Foreign Assets Control, a US Treasury agency responsible for enforcing economic sanctions. That makes this more than a routine compliance move — it signals active cooperation between a major crypto firm and federal authorities at a time when regulatory pressure on the industry continues to mount. Not everyone welcomed the news. Crypto media outlet Truth for The Commoner pushed back sharply. “Your stablecoins are not your stablecoins. They never were,” the outlet posted on social media. The reaction reflects a tension that has existed since centralized stablecoins became widely used — the tokens may sit on a blockchain, but the company behind them holds a master switch. 3/ On April 1, 2026, Drift Protocol was exploited for $280M. The exploiter used CCTP to bridge 232M+ USDC from Solana to Ethereum across 100+ transactions over six consecutive hours. 10+ additional DeFi protocols across the Solana ecosystem were indirectly impacted. Despite the… https://t.co/RLDwKghzjo — ZachXBT (@zachxbt) April 3, 2026 A Debate Rekindled By A $280 Million Hack The announcement comes weeks after one of the month’s most damaging incidents — the Drift Protocol exploit, which drained $280 million from the platform. That attack put Circle, the issuer of the USDC stablecoin, under a different kind of scrutiny. Onchain analyst ZachXBT publicly criticized Circle for failing to freeze USDC funds after the attacker routed stolen money through Circle’s own native bridge over six consecutive hours. Related Reading: Consistent XRP Buys Could Deliver Outsized Gains By 2030: Finance Expert “No USDC was frozen,” ZachXBT noted, arguing that centralized issuers have a responsibility to act quickly when hacks are in progress. The criticism drew wide attention across the crypto community and intensified calls for clearer standards around when and how stablecoin issuers should intervene. Featured image from MetaAI, chart from TradingView
Nearly $6 billion in market value vanished from Rave DAO in less than 48 hours — but only about $52 million in liquidations could account for it. That gap is what drew the most attention from analysts trying to make sense of one of crypto’s sharpest recent collapses. Related Reading: Strategy Raises $1.76B War Chest As Saylor Signals Bigger Bitcoin Buy Exchange Probes Add To Investor Alarm The token, known as RAVE, had climbed from roughly $0.25 to $27.30 in just nine days before the bottom fell out. RAVE had swung from $26 to nearly $1 in 24 hours — a 95% collapse, according to onchain sleuth ZachXBT. The speed of both the rise and the fall left traders scrambling for answers. Binance co-CEO Richard Teng confirmed the exchange had opened an investigation into trading activity. Bitget CEO Gracy Chen said the same. Gate.io was also named in connection with the original allegations. Rather than calming markets, the announcements deepened the sell-off. Investors read the probes as confirmation that something had gone wrong, and selling accelerated. Pump and dump activity for $RAVE originated on @bitget @binance @Gate Call to action for both @heyibinance @GracyBitget to do better and launch internal investigation offboarding the responsible actors. Offering up to $10K bounty of my personal funds for whistleblowers to… pic.twitter.com/NhZDubdU9R — ZachXBT (@zachxbt) April 18, 2026 The immediate trigger was a public post by on-chain investigator ZachXBT. He accused the project of running a coordinated pump-and-dump scheme and put up a $25,000 bounty for anyone with verifiable inside information. His findings spread fast across social media and trading forums. Wallet Data Points To Insider Control ZachXBT’s analysis focused on token distribution. According to his findings, nine wallets connected to the project’s early distribution phase held close to 95% of the total supply. That concentration, he argued, gave a small number of insiders the ability to move prices at will. Large transfers to exchanges were also recorded before the rally began — a pattern often associated with coordinated offloading once retail demand peaks. A summary of the RAVE -95% price fluctuation from $26 to $1 over the past 24 hours. RAVE Timeline: April 18, 2026 7:26 am UTC: I posted a call to action for Binance, Bitget, & Gate to investigate RAVE market manipulation and offered a $10K bounty. 10:56 am UTC: I posted an… pic.twitter.com/mivKcdyBrw — ZachXBT (@zachxbt) April 19, 2026 The 10,800% price run had squeezed out short sellers along the way, triggering over $40 million in forced liquidations. Short squeezes can push prices higher without any real buyer demand behind them. Once that pressure eased, the floor disappeared. RaveDAO pushed back. The team issued a public statement saying it had no role in the recent price movement. Officials said token unlocks were sold to cover operating costs, which they described as standard practice. The statement did not address ZachXBT’s specific wallet claims. 1/ We are aware of the rumors and accusations circulating regarding $RAVE and RaveDAO team. We want to be clear: RaveDAO team is not engaged in, nor responsible for, recent price action. We take transparency seriously and remain humbled by the attention, but our focus is on the… — RaveDAO (@RaveDAO) April 18, 2026 Related Reading: XRP A Strong Buy Before 2027 Despite 27% Drop In 2026: Finance Advisory Firm Analysts Watch Key Price Levels For Signs Of Stability With the dust still settling, some analysts pointed to the $1.00 to $1.20 range as a potential floor. A sustained hold above that zone could signal that the worst of the selling is over. A move past $1.50 might indicate that forced sellers have largely exited. But the sheer volume of supply sitting above current prices makes any quick recovery difficult. Featured image from Getty Images, chart from TradingView
Drift Protocol said it has secured up to $127.5 million from Tether to support user recovery after the April 1 exploit.
A fake Ledger app on Apple's App Store drained $9.5M from more than 50 victims across Bitcoin, Tron and Solana, ZachXBT said.
ZachXBT said a 390-account North Korean IT worker network has generated over $3.5 million in crypto flows since November 2025.
Also: Ethereum’s “strawmap”, Robinhood chain update and OpenAI + smart contracts
ZachXBT.alleges a senior Axiom employee used internal dashboards to access private wallet data and track traders’ activity, raising questions about potential insider trading.
Solana app Meteora leads the odds at 43% after the blockchain investigator teased a "major" insider-trading probe set for release on Wednesday.
The threat actor was captured on video flaunting millions in crypto allegedly siphoned from U.S. government seizure addresses, later traced back by ZachXBT.
A cybercriminal known as "Lick" may be the son of the president of a firm contracted by the government to dispose of stolen crypto assets.
A recorded online dispute between alleged threat actors led blockchain investigator ZachXBT to trace millions in illicit crypto to a single wallet.
ZachXBT still holds the crown as the crypto world’s pseudonymous Sherlock Holmes.
A British hacker tied to the $243 million Genesis creditor theft has possibly been arrested in Dubai, according to onchain sleuth ZachXBT.
A US investor says he lost $3 million in XRP after hackers emptied his wallet, and blockchain tracking suggests the funds moved fast through shadowy over-the-counter networks tied to Southeast Asia. Related Reading: Biggest Shiba Inu Burn In Months — And It Came From A Coinbase Account Funds Traced To OTC Networks According to blockchain sleuth ZachXBT, the stolen coins were first pooled into a single Tron address and then pushed through OTC services linked to an illicit marketplace known as Huione Guarantee. Reports have disclosed that Huione Guarantee is tied to a range of criminal activity, and that once funds enter those channels they are very hard to recover. The trace provides a clear record of movement on public ledgers, but it does not guarantee that law enforcement can follow the money to its final holders. 9/ Unfortunately the likelihood of this victim seeing any funds recovered is rather low due to a delay in reporting the theft to competent people within the private sector. I recommend victims try to report theft addresses to people as soon as possible as otherwise it can be… pic.twitter.com/Ficcit611f — ZachXBT (@zachxbt) October 19, 2025 Victim Says He Followed Best Practices Brandon LaRoque, the investor at the center of the case, told viewers that he had built his position over eight years and held about 1.2 million XRP. He posted a video this week explaining the loss, which has drawn wide attention online. “I thought I did all the things right,” he said, after describing how his Ellipal device turned out to be connected to the internet. The device maker, Ellipal, acknowledged that the seed phrase was imported into an app and said it was doing everything possible to help. Based on reports, the company suggested the theft followed a misuse of the seed rather than a flaw in a strictly offline product. A Human Cost LaRoque said he and his wife retired about a year ago and were planning to buy a house in Las Vegas. Now they say they may need to return to work. The loss is a stark example of how long-term small investors can be swept away by a single security lapse. The emotional impact is real. Many viewers on social platforms have offered help, but experts warn that public attention does not equal recovery. Experts Urge Caution On Recovery Firms According to ZachXBT, victims who want to pursue recovery must move quickly and seek competent private investigators, while avoiding predatory firms that promise guaranteed returns. Tracing on the blockchain can show where funds went next, and it can expose links to mixing services or OTC desks, but converting that trace into arrests or asset returns is complex. In the US, access to specialized crypto law enforcement is limited, which reduces the odds of successful recovery in many cross-border theft cases. Related Reading: Bitcoin’s Moment? Analyst Urges Traders To Swap Gold For Crypto Institutional Activity Rises As Retail Losses Persist Meanwhile, XRP has seen notable activity in regulated markets. Reports show more than 476,000 XRP futures contracts traded since May 2025, totaling $23.7 billion. Open interest has reached $1.4 billion, and the number of large institutional investors hit a record of 29. Featured image from Gemini, chart from TradingView
Onchain sleuth ZachXBT says an attacker routed some $3.05 million in stolen XRP through bridges and OTC channels tied to Huione.
The onchain sleuth leaked a spreadsheet he says lists crypto KOL promo rates, alleging fewer than five disclosed their posts as ads.
An on-chain investigation has revealed that North Korea IT workers posing as foreign developers have earned nearly $17 million from crypto startups and blockchain companies this year. The findings, revealed by prominent blockchain investigator ZachXBT, show that these individuals have successfully integrated into dozens of crypto projects by concealing their identities and locations. According to […]
The post North Korean IT workers earned $17M this year with some funds coming from Circle accounts appeared first on CryptoSlate.
Prominent blockchain investigator ZachXBT has criticized two prominent stablecoins, including Ripple’s RLUSD and Circle’s USDC, highlighting concerns about their compliance and adoption strategies. In a now-deleted social media post, ZachXBT questioned Ripple’s RLUSD stablecoin, arguing that it lacked an authentic user base and relied on paid partnerships to create the illusion of organic growth. Due […]
The post ZachXBT deletes call out of Ripple RLUSD adoption but questions trust appeared first on CryptoSlate.
From Silk Road to today, dormant wallets and mixing tools are no longer enough to hide illicit funds onchain, as ZachXBT’s investigations continue to prove.
As his gambling losses grew, Nieves allegedly stole from accomplices who helped pilfer over $4 million by posing as Coinbase support agents.
An onchain investigator has flagged a major breach at Iran-based Nobitex, where hackers made off with more than $81 million in digital assets. Related Reading: Tether Enforces Freeze On $12 Million In Tron Funds Over Illicit Activity Based on reports from blockchain sleuth ZachXBT, at least $81.7 million was moved out of the exchange’s hot wallets on June 16, 2025. The stolen funds came from both the Tron network and various Ethereum Virtual Machine (EVM) chains. Massive Funds Drained From Hot Wallets According to ZachXBT’s Telegram post, the first chunk—$49 million—went through a vanity address that read “TKFuckiRGCTerrorists…mNX.” A second custom address, “0xffFFfFFffFF…Dead,” was used to pull the rest. These special wallet names aren’t random. They show how attackers slipped around Nobitex’s checks and grabbed funds meant to stay locked down. Vanity Addresses Exploit Access Controls Experts say the use of these human‑readable addresses points to a flaw in the exchange’s internal controls. “Attackers managed to infiltrate systems that should have blocked unauthorized wallets,” noted Hakan Unal of Cyvers security. The exchange confirmed that it spotted the breach quickly and suspended the affected hot wallets. Political Motive Behind The Breach A pro‑Israel hacker group calling itself “Gonjeshke Darande” claimed responsibility in an X post. The group called Nobitex a tool for “regime financing” and threatened to release source code and internal files within 24 hours. After the IRGC’s “Bank Sepah” comes the turn of Nobitex WARNING! In 24 hours, we will release Nobitex’s source code and internal information from their internal network. Any assets that remain there after that point will be at risk! The Nobitex exchange is at the heart of the… pic.twitter.com/GFyBCPCFIE — Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025 They warned that any assets left on the platform would be in danger. This hack comes as tensions surged between Israel and Iran after Israel’s largest strikes on Iran since the 1980s. Reports say at least 224 people died in Iran and 24 in Israel during the renewed conflict. Cold Storage And User Security Assurances Nobitex says users’ main funds are safe in cold storage, and only a fraction of hot‑wallet assets were hit. The exchange promised to cover all losses with its insurance fund and internal resources. That promise should reassure customers, though the fear of leaked code or files could drive some to pull funds. Related Reading: Crypto Gets A Green Light From Spanish Banking Giant Unmoved Funds Could Reveal Next Steps Interestingly, none of the stolen coins have moved since the hack was first spotted. That could mean the hackers are choosing their next move. Or it might be a warning shot meant to show they can strike again. Either way, this incident highlights how vital it is for exchanges to guard against insider‑level slip‑ups. Protocols alone aren’t enough if people and processes leave doors open. As the crypto world watches, Nobitex users will be looking closely at how the platform rebuilds trust and keeps their money safe. Featured image from Unsplash, chart from TradingView
North Korea’s hackers has reportedly stolen nearly $2 billion from centralized crypto exchanges over the past year. Blockchain security researcher Tay Monahan attributes a significant portion of those funds, around $1.8 billion, to a series of major hacks targeting centralized crypto trading platforms like Bybit, DMM Bitcoin, WazirX, Phemex, and BingX. Despite setbacks such as […]
The post North Korea’s hackers could have laundered as much as $1.5 billion in stolen crypto appeared first on CryptoSlate.
Cybercriminals are adopting increasingly deceptive tactics to target crypto users, with some now posing as blockchain security companies. Their aim is to steal assets and implicate their victims in the process, making it harder for them to seek redress. This evolution comes amid a sharp rise in crypto-related losses. In May 2025 alone, hackers and […]
The post Hackers now pose as security companies to frame victims while stealing private keys appeared first on CryptoSlate.
On-chain sleuth ZachXBT reports that BitoPro suffered a suspected $11.5 million exploit on May 8, with stolen funds laundered through Tornado Cash and Thorchain.
ZachXBT said there were suspicious outflows from hot wallets on multiple networks including Tron, Ethereum, Solana and Polygon.
Blockchain investigator ZachXBT has publicly accused high-risk trader James Wynn of hypocrisy and deceptive trading practices. In a May 28 post on X, ZachXBT alleged that Wynn, who recently condemned scam tokens tied to his name, had previously engaged in similar pump-and-dump tactics involving memecoins. The controversy started after Wynn warned his followers about a […]
The post ZachXBT exposes Hyperliquid high-risk trader James Wynn’s alleged hypocrisy and deceptive tactics appeared first on CryptoSlate.
ZachXBT said a wallet involved in social engineering attacks on Coinbase users sent him a troll text onchain following this week's data breach disclosures.
Coinbase revealed that it suffered a data breach that affected less than 1% of its active monthly users, according to the May 15 statement. Following the hack, the exchange CEO Brian Armstrong said the perpetrators tried to extort it of $20 million in Bitcoin. How Coinbase was breached According to the exchange, the threat actors […]
The post Coinbase resists $20 million Bitcoin ransom demand after insider-led data breach appeared first on CryptoSlate.
Data thieves demanded $20 million from Coinbase to not publish stolen customer data. The company has now offered the same amount bountry on the extorters.