1. Home
  2. zachxbt

zachxbt

3Commas API leak victims demand refunds and apology for ‘gaslighting’

Coin Telegraph
<div>3Commas API leak victims demand refunds and apology for 'gaslighting'</div>
3commas

3Commas finally admitted there was an API leak, after months of refuting community reports that it had occurred. Users were not happy about being "gaslighted."

Victims of the 3Commas API leak are calling for refunds and an apology from the crypto trading platform for being gaslighted over the whole ordeal.

The past couple of months have seen an ongoing back and forth between 3Commas and supposed victims of unauthorized trades coming from their accounts.

3Commas and its CEO Yuriy Sorokin had strongly denied any hack or breach had taken place and had refuted there could have been an inside job from an employee gone rogue. Instead, it suggested any leaked APIs were the result of customers being phished.

On Dec. 28 however, Sorokin finally admitted there had been a sizeable API leak from the firm, confirming a database of API keys shared by a hacker was legitimate:

“We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.”

“We did everything that we could to investigate an inside job, as it was always a possible scenario and on our watch list, but proof of an inside job was not found,” Sorokin added.

The community has been left bewildered by this surprise admission, considering that 3Commas had on Dec. 11 labeled customer reports of a leak as “false rumors shared by bad faith actors using falsified evidence.” 

“Just a reminder: For the last 2 months, you have blamed the victims of the hack. You have defamed the victims as ‘bad faith actors’ and alleged they ‘falsified evidence’, when it turns out 3Commas was the ones who were the bad faith actors, lying and falsifying evidence,” wrote Twitter user Pledditor.

Related: 400M Twitter users’ data is reportedly on sale in the black market

Popular crypto trader CoinMamba tweeted that “you kept lying and saying this was our fault instead of taking responsibility and prevented [sic] further exploits. Are you going to refund the users now?”

“Congrats you morons are what’s wrong with the space,” blockchain sleuth ZachXBT chimed in, after he had been posting about the API leak for weeks.

Comments were just as aggressive in response to the 3Commas tweet confirming the leak, with turgut_oztunc writing: “You are really funny guys. We will see [you in] the court if you don't recover our funds asap.“

Read more
VanEck's Ethereum spot ETF listed on DTCC under ticker $ETHV

VanEck’s Ethereum spot ETF listed on DTCC under ticker $ETHV

Onchain Sleuths Discover Funds Linked to Alameda Swapped for ETH, USDT, BTC by a Mysterious Entity

Bitcoin.com
Onchain Sleuths Discover Funds Linked to Alameda Swapped for ETH, USDT, BTC by a Mysterious Entity
20176.84 BTC
Onchain Sleuths Discover Funds Linked to Alameda Swapped for ETH, USDT, BTC by a Mysterious EntityOn Dec. 27, 2022, a number of onchain researchers noticed that funds connected to Alameda Research and FTX have moved and have been swapped for other tokens. Reports show the hacker known as the ‘FTX Accounts Drainer,’ traded large sums of ERC20 tokens for digital assets like tether, ethereum, and bitcoin. Funds Tied to Sam […]
Read more
VanEck's Ethereum spot ETF listed on DTCC under ticker $ETHV

VanEck’s Ethereum spot ETF listed on DTCC under ticker $ETHV

$1.7M in Quadrigacx Bitcoins Move, Court Trustee EY Says Transfers Were ‘Unauthorized’

Bitcoin.com
.7M in Quadrigacx Bitcoins Move, Court Trustee EY Says Transfers Were ‘Unauthorized’
$1.7 million
.7M in Quadrigacx Bitcoins Move, Court Trustee EY Says Transfers Were ‘Unauthorized’On Dec. 19, the Twitter account Zachxbt revealed he discovered five cold wallets from the now-defunct Quadrigacx crypto exchange move 104 bitcoin. The following day, ‘big four’ accountancy firm EY, Quadrigacx’s bankruptcy court trustee, explained it did not authorize the spending of the funds and that prior reports detailed that the cold wallets were inaccessible […]
Read more
VanEck's Ethereum spot ETF listed on DTCC under ticker $ETHV

VanEck’s Ethereum spot ETF listed on DTCC under ticker $ETHV

Crypto sleuth debunks 3 biggest misconceptions about the FTX hack

Coin Telegraph
Crypto sleuth debunks 3 biggest misconceptions about the FTX hack
Bahamian officials

Blockchain detective ZachXBT has provided evidence refuting recent speculation about the identity of the FTX hacker and their supposed memecoin activity.

On-chain sleuth ZachXBT has shared his findings on what he sees as the three most common misconceptions about the FTX hack — taking to Twitter to correct a "ton of misinformation" about the event and the possible culprits. 

In a lengthy Nov. 20 post on Twitter, the self-proclaimed “on-chain sleuth” debunked speculation that Bahamian officials were behind the FTX hack, that exchanges knew the hacker's true identity, and that the culprit is trading memecoins.

On the same day that FTX filed for bankruptcy on Nov. 11, the crypto community began flagging suspicious transactions on wallets associated with FTX, with more than $650 million transferred off the wallet. 

While there was no official culprit has been identified, a Nov. 17 statement from the Securities Commission of the Bahamas (SCB) that stated it had ordered the transfer of all digital assets of FTX to a digital wallet owned by the commission around that time prompted some to believe the SCB was behind the supposed "hack." 

However, ZachXBT argued that the “0x59” wallet address associated with the hacker was a blackhat address and not affiliated with either the FTX team or the SCB because it "began selling tokens for ETH, DAI, and BNB and using a variety of bridges so crypto couldn't be frozen on 11/12."

"The fact 0x59 was dumping tokens and bridging sporadically was very different behavior from the other addresses who withdrew from FTX and instead sent to a multisig on chains like Eth or Tron,” he added.

Zach also notes that the blackhat wallet also had contact with another wallet, 0x24, which he suggests "has very [suspicious] behavior on-chain using sketchy services."

"This behavior completely differs what was said about the Debtors moving assets to cold storage or Bahamian government moving assets to Fireblocks."

ZachXBT says his final clue was the wallet address selling Ether (ETH) for renBTC and then using RenBridge, which he says will most likely end with the funds being sent to "a mixer at some point in the future."

Blockchain analytics firm Chainalysis came to a similar conclusion in a Nov. 20 post, noting that:

"Reports that the funds stolen from FTX were actually sent to the Securities Commission of The Bahamas are incorrect. Some funds were stolen, and other funds were sent to the regulators."

FTX has also commented on the recent fund movements, posting a warning to exchanges "that certain funds transferred from FTX Global and related debtors without authorization on 11/11/22 are being transferred to them through intermediate wallets."

ZachXBT also highlighted the potential misinformation surrounding the claim the hacker's identity had been discovered by "Kraken or other exchanges."

The rumor had been circulating since Kraken's chief security officer claimed in a Nov.12 post that“We know the identity of the user.”

Zach says "In reality" the user identified as the hacker was likely just the FTX group securing assets to a multi-signature wallet on Tron, using Kraken due to the FTX hot wallet being out of gas for transactions., stating: 

"The withdrawals to these multisigs also matched what Ryne Miller (FTX GC) had said at the time. This took place hours after the initial 0x59 withdrawals."

Related: FTX funds on the move as thief converts thousands of ETH into Bitcoin

As his last point, ZachXBT took aim at the rumor that the FTX hacker is trading memecoins, which was first noted by blockchain analytics firm CertiK.

Instead, the blockchain detective claims the transfers have been "spoofed" on the Ethereum network, citing a March blog by Etherscan community member, Harith Kamarul explaining how transactions can be faked.

Read more
VanEck's Ethereum spot ETF listed on DTCC under ticker $ETHV

VanEck’s Ethereum spot ETF listed on DTCC under ticker $ETHV

Phishing scammer Monkey Drainer has pilfered as much as $1M in ETH

Coin Telegraph
Phishing scammer Monkey Drainer has pilfered as much as M in ETH
Chainabuse

Four addresses have been flagged relating to Monkey Drainer, including the monkey-drainer.eth address, with Chainabuse showing a long list of reported victims relating to these accounts.

An alleged phishing scammer going by the pseudonym Monkey Drainer has reportedly swiped around $1 million worth of Ether (ETH) via dubious copycat nonfungible token (NFT) minting websites this week. 

Well-known blockchain sleuth ZachXBT was one of the first to track and highlight the activity, outlining on Oct. 26 that:

“Over the past 24 hrs ~700 ETH ($1m) has been stolen by the phishing scammer known as Monkey Drainer. They recently surpassed 7300 transactions from their drainer wallet after being around for only a few months.”

“The two largest victims over the past day include 0x02a & 0x626 who collectively lost $370k from signing transactions on malicious phishing sites,” ZachXBT added.

The blockchain scam investigator also went on to assert that longer term, Monkey Drainer has allegedly stolen more than $3.5 million from their schemes, with “that number rapidly increasing by each day.”

Phishing scams often involve criminals sharing links to websites impersonating real projects or companies designed to dupe victims into handing over private credentials by offering an exciting buying opportunity or free promotion.

Four addresses, in particular, have been flagged relating to Monkey Drainer, including the monkey-drainer.eth address.

Upon searching these addresses on blockchain community-driven Web3 security network Chainabuse, it currently shows a long list of reports relating to airdrop scams, NFT scams and phishing attacks.

The reported incidents include airdrop scams via the Astrobot Society discord channel, a Fake Wolf Game and Bored Ape Yacht Club marketplace and a fake Aptos Airdrop, to name a few.

Web3 security community Wallet Guard also responded to ZachXBT’s Twitter thread and stated that it had “spotted several other mint sites recently created” that had Monkey Drainer on the backend, including a fake Garbage Friends whitelist link that was a phishing website.

Related: FTX to give a ‘one-time’ $6M compensation to phishing victims

ZachXBT has become a respected independent blockchain investigator over the past couple of years, bringing to light a lot of nefarious behavior in the space.

Earlier this month, the deputy chief of France’s national cyber unit, Christophe Durand, even cited ZachXBT’s work for helping officials track phishing scams of five people suspected of stealing $2.5 million worth of NFTs.

Read more
VanEck's Ethereum spot ETF listed on DTCC under ticker $ETHV

VanEck’s Ethereum spot ETF listed on DTCC under ticker $ETHV

French police use Twitter crypto sleuth’s research to catch scammers

Coin Telegraph
<div>French police use Twitter crypto sleuth's research to catch scammers</div>
Agence France Presse

The alleged fraudsters built a BAYC and MAYC NFT focused website that masqueraded as a service to animate the apes but instead phished victims details to steal their NFTs.

French authorities have reportedly utilized research from pseudonymous blockchain sleuth ZachXBT to charge five people on suspicion of stealing $2.5 million worth of nonfungible tokens (NFTs) via phishing scams.

According to an Oct. 12 report from the Agence France Presse (AFP) shared by Barron’s, the alleged fraudsters built a website that masqueraded as a service that animates the static artwork from people’s Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) NFTs.

Unfortunately for the victims, they had their credentials swiped and their NFTs stolen via the phishing website instead. 

The five young suspects are said to be in their mid to late 20s, and had allegedly conducted the scheme between late 2021 and early 2022.

The charges against the five include fraud committed as part of a criminal gang, concealing fraud and criminal association.

Two of the suspects are thought to be the ring leaders, and prosecutors have requested for them to be held in pre-trial detention.

ZachXBT provides key info

Christophe Durand, the deputy chief of France’s national cyber unit told the AFP that it got clued into the incident after observing an investigation from the self-proclaimed "on-chain sleuth" ZachXBT on Twitter.

Durand explained that ZachXBT had launched into an investigation in response to requests from "the community of owners of the Bored Ape Yacht Club series” that had their tokens swiped.

Over on Twitter, ZachXBT noted that they were “very pleased” to see that French authorities had taken action against the alleged scammers. The sleuth was also happy to see their work was officially credited online, given that they are an independent investigator that is funded by community donations.

ZachXBT also linked back to their original Aug. 9 article that he said helped kick off the investigation.

A key part of the research revolved around the alleged scammers' use of Tornado Cash to mix and withdraw the funds.

ZachXBT outlined that the “mathys.eth” address in particular left revealing breadcrumbs, as they often withdrew intervals of 10 ETH that added up to the value the NFTs were sold for, around the time they were stolen.

“While the scammer did make an attempt to hide their breadcrumb trail by depositing the stolen funds into Tornado Cash, they were not careful about covering their tracks when it came to withdrawing the funds from Tornado.”

ZachXBT has posted a series of on-chain investigations focused on rug pulls, scams, hacks and pump and dumps, and has developed a strong Twitter following of 303,200 for their efforts.

Related: Bored Ape creators and other NFT projects investigated by SEC probe

At the start of this month, ZachXBT launched an investigation into the $450,000 Beeple Discord hack to find the people responsible. Cointelegraph also reported on ZachXBTs recent research and allegations from Sept. 29 accusing Crypto influencer Lark Davis of shilling a series of “low cap projects” just to dump on “them shortly after.”

Read more
VanEck's Ethereum spot ETF listed on DTCC under ticker $ETHV

VanEck’s Ethereum spot ETF listed on DTCC under ticker $ETHV

‘I’ve done nothing wrong’ — Lark Davis denies ‘pump-and-dump’ allegations

Coin Telegraph
<div>‘I've done nothing wrong’ — Lark Davis denies ‘pump-and-dump’ allegations</div>
Blockchain data

Davis claimed he received nothing for free from the projects it's alleged he profited from, and the amounts he sold weren’t enough to “dump the price.”

Crypto influencer Lark Davis has refuted new allegations from Twitter “on-chain sleuth” ZachXBT of shilling “low cap projects” to his audience “just to dump them shortly after.”

Davis was responding to a Twitter thread posted by Zach on Sept. 29, containing allegations that he profited over $1.2 million through selling tokens from crypto projects which he was allegedly paid to promote without disclosing.

In a 17-part thread, Zach pointed to eight examples of what is supposedly Davis’ crypto wallet receiving tokens from new crypto projects, with Davis subsequently tweeting or posting a video on them, and then selling the tokens shortly after.

Speaking to Cointelegraph, Zach said he received requests from multiple people who lost money on the tokens shared by Davis asking to “take a closer look” at him.

“Lark managed to dump with size on low cap projects time after time,” Zach said, adding they’ve investigated other crypto influencers, but the alleged amount was “never at this magnitude.”

Zach alleged in the thread that the largest gain to Davis came from receiving 120,000 SHOPX tokens, with Davis tweeting hours later about the project whilst apparently simultaneously selling the tokens, gaining $435,000.

This example along with seven others Zach presented purportedly shows Davis making over $1.2 million in a similar pattern.

“Participating in seed rounds & sharing projects you genuinely like is completely fine as long as it’s done in a transparent manner,” Zach tweeted, adding:

“This is not the case as Lark has a pattern of dumping his discounted launchpad bags right after shills across YT (YouTube), Twitter, & [his] newsletter.”

Cointelegraph requested comment from Davis and was directed to a series of tweets posted late on Sept. 29 in which Davis calls the allegations made by Zach “ridiculous” and provided a response to each example Zach alleged he profited from.

Related: ‘Far too easy’ — Crypto researcher’s fake Ponzi raises $100K in hours

“I got nothing for free,” Davis tweeted to his over one million followers, adding his token sale investments are “always disclosed” on his YouTube channel of 485,000 subscribers and shared with his followers “well before the launch."

Davis added he was following an investing strategy he teaches, selling the tokens upon launch, which he claims is a common investing practice for token sales. Davis said the amounts he sold were “nowhere near enough to dump the price” of the tokens.

“I teach this concept frequently to you all, none of this should be a surprise if you have been paying attention,” he tweeted. “What you choose to do with my opinions is completely up to you.”

Read more
VanEck's Ethereum spot ETF listed on DTCC under ticker $ETHV

VanEck’s Ethereum spot ETF listed on DTCC under ticker $ETHV

Defi Attacker Siphons $570,000 From Curve Finance, Crypto Exchange Fixedfloat Freezes 112 Ethereum

Bitcoin.com
Defi Attacker Siphons 0,000 From Curve Finance, Crypto Exchange Fixedfloat Freezes 112 Ethereum
$6.13 billion TVL
Defi Attacker Siphons 0,000 From Curve Finance, Crypto Exchange Fixedfloat Freezes 112 EthereumReports indicate that the decentralized finance (defi) protocol Curve was hacked for $570,000 in ethereum after people noticed that Curve’s front end was exploited. The attackers then tried to launder the funds via the crypto exchange Fixedfloat, and the trading platform’s team managed to freeze $200K worth of the stolen funds. Curve Finance Exploited for […]
Read more
VanEck's Ethereum spot ETF listed on DTCC under ticker $ETHV

VanEck’s Ethereum spot ETF listed on DTCC under ticker $ETHV

High-profile BAYC collector denies allegations of wrongdoing brought by DeFi detective

Coin Telegraph
High-profile BAYC collector denies allegations of wrongdoing brought by DeFi detective
Blockchain Analytics

At the time of publication, it is not clear how the DeFi detective allegedly connected wallets with questionable activities to Jeff Huang.

On Thursday, ZachXBT, a cyber detective in the decentralized finance, or DeFi, realm, accused prominent Taiwanese musician and blockchain personality Jeff Huang, also known as Machi Big Brother, of misconduct in 10 different cryptocurrency projects. Machi Big Brother is known outside of Taiwan as an avid collector of Bored Ape Yacht Club nonfungible tokens and possessed a collection worth an estimated $8.26 million at the peak of the crypto bull market last year. 

Though numerous, the main spearhead of the allegations was directed toward Huang's alleged involvement in the whereabouts of 22,000 Ether (ETH) raised during the initial coin offering for tokens of Formosa Financial (FMF), a Taiwanese treasury management platform built for blockchain companies, in 2018.

After the ICO, FMF tokens quickly plunged in price, partly due to the severe cryptocurrency bear market at the time. Jeff Huang had served as an advisor for the company before eventually relinquishing his role. In 2019, Taiwanese news outlet Block Tempo reported that Formosa Financial merged with Philippines-based crypto exchange CEZEX and ICO crowdfund syndicate Katalyse.io. 

As told by ZachXBT, on June 22, 2018, just three weeks after the FMF ICO, two withdraws of 11,000 ETH were made out of Formosa Financial's treasury wallet. At the same time, multiple executives at Formosa Financial allegedly authorized a share buyback of the company.

There is significant uncertainty regarding the outflows of the said 22,000 ETH. ZachXBT alleged that the funds went first to George Hsieh, Formosa Financial's former CEO, and Jeff Huang, and then to wallet addresses allegedly linked to their associates. However, the DeFi detective did not back up their claims with evidence as to how they came to associate the said addresses with Jeff and George.

On-chain data can only confirm that two withdrawals of 11,000 ETH took place from what appears to be Formosa Financial treasury on June 22, 2018. To establish a connection between a blockchain transaction and a real-world recipient, either additional know-your-customer (KYC) information or that of doxing would be required. For example, such a link can be established by comparing the recipient's address with that of a Twitter Verified (where I.D. confirmation is generally required) user's profile displaying the said address. However, such evidence was not present in ZachXBT's analysis. 

Huang, whose public wallet came online only about two years ago, has denounced ZachXBT's allegations as misinformation. Cointelegraph was not able to independently verify Huang's alleged role in other projects as the DeFI detective's report did not present the needed KYC information linking wallet addresses to Huang. However, Huang did give the following remarks regarding Mithril and Cream Finance -- both of which are projects mentioned in ZachXBT's report, in an interview with local news outlet Heaven Raven earlier this year. The excerpt was translated by Cointelegraph: 

"In 2018, I started out with [decentralized social media platform] Mithril. We even rolled out community mining, encouraging users to upload pictures or videos of their mining rigs. But it was too ahead of the times, and additionally, we were ignorant about many details. As a result, the token price collapsed. It was a pity, but we gained much experience and then moved on to Cream Finance."

Cream Finance is a major DeFi lending platform that suffered a series of flash loan exploits last year. It has vowed to repay users with protocol fees until their lost principal have been recouped. Regarding his involvement in the project, Huang said: 

"At the time, we lost nearly $140 million during the exploit. But afterwards, we tried to reimburse the clients. And now Cream is steadily profitable. In November 2020, I passed on control of Cream Finance to Andre Cronje. After that, due to the coronavrius pandemic, I mostly stayed at home and began focusing on nonfungible tokens."

 Jeff Huang outright denied the allegations against him via a twitter post on Thursday stating, "This is misinformation. If he wasn't anon, I'd sue him for defamation."

Read more
VanEck's Ethereum spot ETF listed on DTCC under ticker $ETHV

VanEck’s Ethereum spot ETF listed on DTCC under ticker $ETHV

TreasureDAO engineer alleged to have past involvement in questionable NFT projects

Coin Telegraph
TreasureDAO engineer alleged to have past involvement in questionable NFT projects
Blockchain

Twitter sleuth Zachxbt’s investigation raises greater questions in the blockchain community about how important developers’ past histories are in their current roles.

On Wednesday, decentralized finance (DeFi) detective Zachxbt published a long thread on Twitter about TreasureDAO’s front-end engineer Just Cheese, or JC, and his alleged past involvement in several nonfungible token (NFT) projects. According to its white paper, TreasureDAO is a “decentralized NFT ecosystem on Arbitrum that is built specifically for metaverse projects.” Listed projects use the ecosystem’s native token, MAGIC, for transactions, with TreasureDAO governing the emission of MAGIC. 

As told by Zachxbt, the story began when JC shared his wallet address in the TreasureDAO Discord last November. The DeFi detective then claimed to have backtraced a key series of inflows, totaling 134.66 Ether (ETH), into JC’s wallet to several NFT/token projects, including but not limited to Mutant Cats, ZombieToadz and Yuta/YYYY — all projects that Zachxbt says went quiet after launch.

In an official announcement in the TreasureDAO Discord, the project team offered the following explanation:

“From what we understand, Cheese did some UI/FE work for a few projects created by these bad actors on a contract basis while breaking into web3, but they abandoned the projects long after he’d already delivered and had been paid for his work. The DAO cannot comment on the details of the work as it was outside of Treasure.”

The team went on to say:

“We can comment on his [JC’s] efforts while at Treasure, which has been amazing, contributing to all the UI/FE for TreasureDAO sites and products to date.”

Zachxbt is known in the blockchain community for his forensic methods in investigating the past conduct of blockchain developers. Last month, the DeFi detective alleged that Michael Patryn, co-founder of defunct Canadian crypto exchange QuadrigaCX, was running DeFi project Wonderland’s treasury as its anonymous chief financial officer. Users’ opinions on the matter remain divided on social media, with Cryptopantone, TreasureDAO’s “evangelist” and moderator, tweeting:

Meanwhile, Josh11#3105, a member of TreasureDAO’s official Discord, attempted to highlight the importance of accountability for the project, writing:

“Seriously, but can we use DAO funds to pay Zach [Zachxbt] to do an internal background check on all team members’ wallets so we can deal with everything in-house and get all the bullshit done and dusted at once so we can move forward?”
Read more
VanEck's Ethereum spot ETF listed on DTCC under ticker $ETHV

VanEck’s Ethereum spot ETF listed on DTCC under ticker $ETHV

WordPress Theme by cactus.com
Close

Share this video