HyperExchange(HX)

Users of cryptocurrency exchange BitForex have been blocked from accessing the website. Blockchain sleuth ZachXBT reported that $57 million has been drained out of the exchange's hot wallets.

The phishing attempt has already led to $440,000 worth of crypto being stolen.

Blockchain analyst ZachXBT claims 213 million XRP tokens were stolen before being laundered across multiple exchanges.

A meme coin named after Elon Musk’s artificial intelligence (AI) bot has witnessed a spectacular collapse following accusations from noted blockchain investigator ZachXBT. The recently launched Grok memecoin hit a market cap of $160 million just eight days after its debut.

A hacker seemingly stole $27 million worth of tether [USDT] from a wallet linked to the Binance deployer over the weekend, according to blockchain analyst ZachXBT.

ZachXBT reveals CoinSpot wallets drained of 1,282 ETH ($2M) in just five mins.

Hackers siphoned a total of $4.4 million in crypto from at least 25 LastPass users on Oct. 25, according to blockchain analyst ZachXBT.

The alleged scammer worked as a contributor for a financial news website.

ZachXBT, a crypto investigator, revealed that his account has received a court subpoena requesting a comprehensive range of personal information.

Interestingly 'Trader SZ' bought back some of the tokens after being called out by ZachXBT.

Late last year, Twitter/X restructured its verification system.

Magnate Finance, a lending and borrowing protocol that operates on the Ethereum Layer-2 network Base, has apparently orchestrated a rug pull, stealing millions from users of the protocol. The rug pull had been predicted by on-chain sleuths, including ZachXBT, who cited several previous actions of the project’s founders. Details Of The Rug Pull Magnate Finance has also effectively cleared its entire digital presence, having deleted its Telegram group on the 25th of August. It also took its website offline, rendering it inaccessible on the same day. The protocol later deleted its X (formerly Twitter) account as well, effectively erasing its entire digital and social media presence. Mere hours after deleting its entire social media presence, Magnate Finance developers manipulated the price oracle of the protocol. This let them remove all assets within the protocol, removing around $6.4 million of the total value locked (TVL) in the protocol, effectively collapsing the project. Security firm PeckShield called this occurrence a classic rug pull and also conducted an investigation into the situation. The security firm stated that the developers behind the project transferred around $1.34 million worth of DAI tokens to a new address. Later, they bridged around $1 million of the stolen funds to the BNB Smart Chain. The firm also tracked five different wallets, all of which were linked to the Magnate Finance scammers. PeckShield added that the scammers had manually manipulated the price oracle, allowing them to drain funds. A majority of the stolen funds went to several Ethereum Layer-2 platforms, such as Optimism and Arbitrum, along with the BNB Smart Chain using Stargate. Around 295 ETH and 1.3 million DAI tokens are currently held on the Base chain. ZachXBT Had Warned Of Potential Exit Scam The Magnate Finance rug pull came to light after a warning issued by on-chain investigator ZachXBT. ZachXBT had issued a warning that the developers behind the Magnate Finance protocol could orchestrate an exit scam. The on-chain investigator reached this conclusion after discovering that the Magnate Finance deployer address was linked to a previous exit scam involving a project called Solfire. Solfire defrauded its users of around $4.8 million. “Community Alert: Magnate Finance on Base will likely exit scam in the near future currently with over $6.4M TVL. The deployers address is directly linked to the Solfire $4.8M exit scam.” The Problem Of Exit Scams Exit scams and rug pulls have become a considerable problem in the decentralized finance (DeFi) ecosystem, with scammers using them as their preferred tactic. The Magnate Finance rug pull is the second rug pull this month, with the SwirlLend rug pull occurring earlier. SwirlLend, another protocol on Base, stole around $460,000 in an exit scam, with some funds also stolen on Linea. PeckShield, in an analysis of the rug pull, stated that the SwirlLend team drained $290,000 worth of crypto assets from Base and a further $170,000 worth of assets from Linea. Like Magnate Finance, SwirlLend has also completely erased its digital presence, with its social media accounts on Twitter and Telegram deleted and the website rendered inaccessible. The scourge of rug pulls, and exit scams is evident from the total value of cryptocurrencies lost to them in the first half of 2023. According to blockchain security firm Beosin, phishing scams and rug pulls have resulted in the loss of a staggering $655 million so far. “Total losses from hacks, phishing scams, and rug pulls in #Web3 amounted to a staggering $655.61M in H1 2023. Out of this, 108 attacks resulted in a loss of ~$471.43M. Phishing scams accounted for around $108M of losses, while 110 #rugpulls resulted in a total loss of ~$75.87M.” Growing Problems On Base Chain Coinbase’s Layer-2 blockchain has faced several problems since it commenced operations. RocketSwap, a project on Base, fell victim to a brute force attack, which saw around 471 ETH, valued at about $865,000 stolen. The protocol outlined an emergency plan following the attack and would also attempt to reach out to the hackers to negotiate a return of the stolen assets. Another project on Base, the decentralized exchange LeetSwap, also had to suspend trading operations thanks to fears of a potential exploit. The decentralized exchange tweeted that it had detected a security vulnerability and had to stop trading for further investigations. Additionally, Coinbase and Base are also dealing with the aftermath of an SEC lawsuit. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Magnate Finance, a lending and borrowing protocol that operates on the Ethereum Layer-2 network Base, has apparently orchestrated a rug pull, stealing millions from users of the protocol. The rug pull had been predicted by on-chain sleuths, including ZachXBT, who cited several previous actions of the project’s founders. Details Of The Rug Pull Magnate Finance has also effectively cleared its entire digital presence, having deleted its Telegram group on the 25th of August. It also took its website offline, rendering it inaccessible on the same day. The protocol later deleted its X (formerly Twitter) account as well, effectively erasing its entire digital and social media presence. Mere hours after deleting its entire social media presence, Magnate Finance developers manipulated the price oracle of the protocol. This let them remove all assets within the protocol, removing around $6.4 million of the total value locked (TVL) in the protocol, effectively collapsing the project. Security firm PeckShield called this occurrence a classic rug pull and also conducted an investigation into the situation. The security firm stated that the developers behind the project transferred around $1.34 million worth of DAI tokens to a new address. Later, they bridged around $1 million of the stolen funds to the BNB Smart Chain. The firm also tracked five different wallets, all of which were linked to the Magnate Finance scammers. PeckShield added that the scammers had manually manipulated the price oracle, allowing them to drain funds. A majority of the stolen funds went to several Ethereum Layer-2 platforms, such as Optimism and Arbitrum, along with the BNB Smart Chain using Stargate. Around 295 ETH and 1.3 million DAI tokens are currently held on the Base chain. ZachXBT Had Warned Of Potential Exit Scam The Magnate Finance rug pull came to light after a warning issued by on-chain investigator ZachXBT. ZachXBT had issued a warning that the developers behind the Magnate Finance protocol could orchestrate an exit scam. The on-chain investigator reached this conclusion after discovering that the Magnate Finance deployer address was linked to a previous exit scam involving a project called Solfire. Solfire defrauded its users of around $4.8 million. “Community Alert: Magnate Finance on Base will likely exit scam in the near future currently with over $6.4M TVL. The deployers address is directly linked to the Solfire $4.8M exit scam.” The Problem Of Exit Scams Exit scams and rug pulls have become a considerable problem in the decentralized finance (DeFi) ecosystem, with scammers using them as their preferred tactic. The Magnate Finance rug pull is the second rug pull this month, with the SwirlLend rug pull occurring earlier. SwirlLend, another protocol on Base, stole around $460,000 in an exit scam, with some funds also stolen on Linea. PeckShield, in an analysis of the rug pull, stated that the SwirlLend team drained $290,000 worth of crypto assets from Base and a further $170,000 worth of assets from Linea. Like Magnate Finance, SwirlLend has also completely erased its digital presence, with its social media accounts on Twitter and Telegram deleted and the website rendered inaccessible. The scourge of rug pulls, and exit scams is evident from the total value of cryptocurrencies lost to them in the first half of 2023. According to blockchain security firm Beosin, phishing scams and rug pulls have resulted in the loss of a staggering $655 million so far. “Total losses from hacks, phishing scams, and rug pulls in #Web3 amounted to a staggering $655.61M in H1 2023. Out of this, 108 attacks resulted in a loss of ~$471.43M. Phishing scams accounted for around $108M of losses, while 110 #rugpulls resulted in a total loss of ~$75.87M.” Growing Problems On Base Chain Coinbase’s Layer-2 blockchain has faced several problems since it commenced operations. RocketSwap, a project on Base, fell victim to a brute force attack, which saw around 471 ETH, valued at about $865,000 stolen. The protocol outlined an emergency plan following the attack and would also attempt to reach out to the hackers to negotiate a return of the stolen assets. Another project on Base, the decentralized exchange LeetSwap, also had to suspend trading operations thanks to fears of a potential exploit. The decentralized exchange tweeted that it had detected a security vulnerability and had to stop trading for further investigations. Additionally, Coinbase and Base are also dealing with the aftermath of an SEC lawsuit. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Crypto Banter host Ran Neuner takes aim at Ripple and FatMan Terra, tips his hat to ZachXBT and explains his young kids can read charts.

Jeffrey Huang withdrew the lawsuit after ZachXBT edited his article that Huang claimed to be defamatory.

A scammer managed to steal $20 million worth of Tether (USDT) on the 1st of August, using a zero transfer phishing attack. Tether immediately swung into action, blocking the scammer’s address and blacklisting them, all within an hour of the attack being orchestrated. Zero Transfer Attack Blockchain users have to always be on their guard when making on-chain transactions, primarily due to the threat of hackers and scammers. One such scammer managed to steal $20 million worth of Tether (USDT) by orchestrating a zero-transfer phishing attack. Most zero-transfer attacks operate using the same modus operandi. Hackers trick the user into sending a $0 transaction to a phishing address similar to an address the victim frequently transacts with or transfers funds to. Users typically check only the first and last few digits of a wallet address and ignore reading the complete address. This is the loophole that hackers are able to use, outsmarting the intended victim with a phishing address that looks similar to the original address. Users that don’t bother to check the whole address typically fall for such attacks. For example, if a user sends 100 coins to a particular address, the hacker could send 0 coins from the victim’s wallet to a similar address controlled by the attacker. The victim views the transaction in their transaction history and assumes that the address in question is the proper address and ends up sending the transaction to the phishing address instead. The Tether Attack Data from On-chain analytic firm PeckShield has shown that a scammer managed to grab $20 million worth of USDT using this type of attack. The intended address to which the victim wanted to send the funds was 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570. However, the scammer tricked the victim into sending the funds to another address, 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570, as shown by PeckShield in its analysis. Data shows that the victim’s wallet address initially received $10 million from a Binance account. This was sent to another address before the scammer jumped into the middle of the transaction, sending a fake Zero USDT transfer from the victim’s account to the phishing address in question. Following this, the victim inadvertently ended up sending 20 million USDT to the phishing address, thinking they were transferring it to the original address. “#PeckShieldAlert A #ZeroTransfer scammer grabbed 20M $USDT from 0x4071...9Cbc. Intended Address: 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570 Phishing Address: 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570.” Tether Swings Into Action Tether was extremely proactive in dealing with the scammer, almost immediately freezing the stolen funds by putting the scammer’s address on a blacklist. This was done barely an hour after the attack. Tether’s quick response has raised plenty of eyebrows regarding the victim’s identity, with on-chain sleuth ZachXBT tweeting his curiosity about the victim’s identity. “Curious who this would be if it were blacklisted within ~1 hr. Tether takes days to do that after obvious hacks but was acted here extremely quickly.” According to some members of the crypto community, the victim could be an influential individual or a very large firm. Zero transfer scams are becoming increasingly common in the crypto space over the past year. The first instance of a big zero transfer scam occurred in December 2022, with the ecosystem losing around $40 million to similar attacks since. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

On-chain sleuth ZachXBT was relieved but surprised by Tether’s immediate response to the scam.

Crypto payments platform CoinsPaid believes North Korean Lazarus Group was behind the hack that saw $37 million stolen from the platform. The platform has restarted operations after halting them in the wake of the hack and has proposed a roundtable with other victims of the Lazarus Group. Lazarus Group Behind Hack CoinsPaid had halted all operations following the hack that hit the platform on the 22nd of July, with hackers stealing over $37 million. In a post published on the 26th of July, the company pointed at the dreaded Lazarus Group, accusing it of orchestrating the hack while announcing the resumption of processing services. The company stated in the post, “On the 22nd of July, CoinsPaid experienced a hacker attack, resulting in the theft of USD 37.3M. We suspect Lazarus Group, one of the most powerful hacker organizations, is responsible. In response to the attack, the company’s dedicated team of experts has worked tirelessly to fortify our systems and minimize the impact, leaving Lazarus with a record-low reward. Indeed, our security measures and procedures allowed CoinsPaid to prevent higher loss of funds.” The Lazarus Group has become one of the most feared hacker organizations and has targeted some of the biggest companies in the world, including Sony, Alphapo, Atomic Wallet, Horizon Bridge, and Axie Infinity. The Axie Infinity hack alone saw the group steal a staggering $625 million. Customer Funds Secure The post also confirmed that the platform had resumed operations in a new, secure, and limited environment. “After the partial downtime, our services are getting up and running one by one in the new secured environment. We expect it to take a few more days to sort out minor details and ensure the system works smoothly.” The firm assured users that their funds were safe. However, it acknowledged that the company’s balance sheet had taken a considerable hit. Despite the loss, the company believes that Lazarus was hoping to extract a much larger sum from the platform, but the company’s team of experts was able to thwart their attempts. “We believe Lazarus expected the attack on CoinsPaid to be much more successful. In response to the attack, the company’s dedicated team of experts has worked tirelessly to fortify our systems and minimize the impact, leaving Lazarus with a record-low reward.” CoinsPaid’s preliminary investigation was assisted by blockchain security firms, including Match Systems, Chainalysis, and Crystal. CoinsPaid CEO Max Krupyshev stated, “CoinsPaid will recover and continue delivering first-class innovative payment solutions despite the incident. We have no doubt the hackers won’t escape justice.” Roundtable With Other Victims According to the online coding platform GitHub, the Lazarus Group is actively targeting entities and users in the crypto and cybersecurity space. Cybersecurity platform Socket.Dev outlined how the hacker group targets users by compromising their accounts through Malware. According to Socket.Dev, the first point of contact are social media platforms such as WhatsApp. Just last month, Elliptic, a blockchain forensics firm, revealed that the group had managed to hack Atomic Wallet, with the platform losing around $100 million. Meanwhile, online crypto sleuth ZachXBT revealed that the Alphapo hack resulted in a loss of $60 million. The Alphapo hack also impacted CoinsPaid, as the two organizations are closely associated with one another. CoinsPaid revealed that it would be organizing a roundtable with other victims of the Lazarus Group and launching an initiative to minimize such attacks in the future. “Within a few weeks, CoinsPaid will organize a round table with all the Lazarus victims to announce a new initiative aimed at minimizing and preventing such attacks in the future. We urge Binance, Kraken, Coinbase, Bitfinex, OKX, and others to participate in this vital process.” Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

The on-chain sleuth ZachXBT claims to have found an additional $37 million in losses suffered from the unconfirmed attack.

ZachXBT has exposed another remorseless crypto and NFT scammer and is sharing information with victims to take possible legal action against the culprit.

According to court documents, the Boneheads team has been accused of breach of contract, misappropriating funds and misleading investors.

The crypto community has rallied behind respected blockchain sleuth ZachXBT just days after disclosing a lawsuit related to a previous investigation. Donations to ZachXBT have poured in from across the crypto community and have crossed over $1 million so far to help fund his legal defense. Donations Pour In Following the disclosure of the lawsuit, the blockchain sleuth posted a digital wallet address on his official Twitter handle, along with details of the lawsuit filed against him by Jeffrey Huang. Huang is a Taiwanese-American musician and tech entrepreneur. ZachXBT described the lawsuit as troubling and called it a “David and Goliath” story. “It’s unfortunate I have to make this thread, but I am being sued by MachiBigBrother for an article I published in June 2022. Today Machi filed a defamation lawsuit. The lawsuit is baseless and an attempt to chill free speech. I intend to fight back & defend free speech.” ZachXBT noted that his legal expenses could cost more than $1 million. However, in an example of how tight-knit the crypto community is, donations poured in, and within a day, ZachXBT’s donation wallet accumulated digital assets worth beyond the stated goal. According to Nansen Portfolio, a majority of donations primarily consisted of stablecoins. ZachXBT added that any leftover funds would be returned back to the donors on a pro-rata basis. “I am creating a donation address to assist with legal costs associated with the defense of this matter, which could easily exceed $1m USD. All leftover funds will be returned on a pro-rata basis to contributors.” Currently, the wallet contains over $650,000 worth of USDC, $274,000 worth of Tether, and several other cryptocurrencies, such as Ethereum (ETH) and Polygon (MATIC). Prominent Names Step In To Help Several users from a number of cryptocurrency exchanges also donated towards the effort, with ZachXBT’s donation wallet receiving funds from wallets linked to all major exchanges such as Binance, Kraken, OKX, Coinbase, Bitfinex, Bybit, 1inch, and Uniswap. Donations under the $100 mark number in the thousands, while several donations are between $10,000 and $50,000, as several prominent members from the crypto ecosystem also chipped in. Binance CEO Changpeng Zhao also made a donation of $50,000, urging ZachXBT to keep up the fight and help keep crypto transparent. The donation from Zhao comes even as the Binance CEO is himself grappling with a lawsuit filed by the United States Securities and Exchange Commission. Meanwhile, Tron founder Justin Sun also donated $10,000 worth of the True USD stablecoin. Sun also highlighted ZachXBT’s role in educating the crypto community, stating, “I’m pleased to pledge a donation of 10k #TUSD to @zachxbt. Despite not being a legal expert myself, I highly value Zach’s substantial contributions to blockchain security and his crucial role in guiding our users to safeguard their funds.” The Lawsuit Against ZachXBT ZachXBT was sued by NFT trader MachiBigBrother, also called Jeffrey Huang. ZachXBT had published a report about Huang last year, alleging that he had embezzled millions of dollars worth of crypto. MachiBigBrother filed the lawsuit against the blockchain sleuth in the United States District Court for the Western District of Texas, alleging that ZachXBT’s report caused serious monetary and reputational harm. The lawyer representing MachiBigBrother stated, “Without any regard for the ruinous effect that public allegations of criminal conduct can produce for the accused individual, [ZachXBT] not only proceeded to publish his defamatory article on Medium.com, he also maliciously promoted the article to his more than 300,000 Twitter followers.” ZachXBT faces one count of libel and one count of libel per se. The lawsuit also requests that the court order ZachXBT to pay actual and compensatory damages in addition to exemplary damages, the amount of which will be determined by the court. ZachXBT has emerged as one of the most prominent voices in the crypto space and has shone a light on several crypto projects and on-chain events. In the process, he has uncovered several potential scams and bad actors and studied exploits and hacks to find out their root causes. His detective work has also led to several real-world arrests and helped him amass a significant following, along with a place on the Consensus Magazine’s Most Influential 2022 list. However, the lawsuit has threatened to compromise ZachXBT’s identity after his name and place of residence were revealed. However, as the lawsuit progresses, the crypto and Web3 communities have come out in complete support through their donations. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Backers include the likes of prominent crypto businesses and personalities such as Binance, CertiK and Justin Sun, among others.

ZachXBT estimates that the legal fees could “easily exceed” $1 million and alleged that MachiBigBrother is “using his money to try” and silence him.