1/
In 2018, a man in Colorado was tricked into downloading malware which resulted in his BTC, ~95% of his net wealth, being stolen.
In 2021, he sued two teens for stealing his BTC.
His investigation offers a rare glimpse into crypto forensics methods.
BitBoy: "Give the evidence. This is your moment. Prove [unintelligible]"
Lady Zach: "So you can just go and check all the evidence posted by
@zachxbt
"
BB: "That thread's from a year ago"
LZ: "It doesn't matter if it was a year ago"
BB: "You're a child molester"
🤣🤣
This dude was involved in almost every big early crypto investigation:
Gox hack
Silk Road corruption
Welcome2Video (CSAM site)
VIP Twitter ATO
as well as countless smaller cases he doesn't get public credit for.
Total travesty here. I feel so terrible for him and his family.
@ConstitutionDAO
core team is either incompetent or malicious.
They're making internal decisions that are causing insane volatility. The type that insiders could easily trade on.
Anybody know an on-chain analyst who knows what to look for?
Amazing to see the culmination of over a year of Zach's hard work.
Zach links over 25 hacks to Lazarus Group, who was laundering money via pretty much the same path for 3 years!
Z's investigation beautifully illustrates something that the security community has understood for
Rode my bike by SBF's parents house.
Campus police closed off the street (and even the trail behind it).
Apparently he hasn't arrived yet but there's a few journalists and camera people waiting to catch a glimpse of him.
Take a look at North Dimension Inc.
I found 2 North Dimension Inc websites. One looks like what I'd expect, just a "financial services company".
The other is an electronics retailer that doesn't actually sell stuff and shares an address with FTX US.
Take a look at North Dimension Inc.
I found 2 North Dimension Inc websites. One looks like what I'd expect, just a "financial services company".
The other is an electronics retailer that doesn't actually sell stuff and shares an address with FTX US.
Alchemy/Infura have a lot of data that can be used to deanonymize DeFi users.
People will start realizing this in a couple hours.
And then we'll have a twitter space around Tuesday-Thursday where thought leaders act like they've been working to fix this all along.
Market rate for a Zach-tier sleuth is ~$750-$2.5k/hr, depending on details, with a sizable retainer.
Many of the investigations he does for free would cost 6-figs.
But most wouldn't be economically viable because they're many small victims instead of 1 big one that pays.
Hot take: All this Tornado stuff is actually Ronin's fault because they handed 174k ETH to DPRK.
Even Chris Blec could've told them that their multi-sig scheme was inadequate.
@BillLou95
I try not to dunk on victims of crime but when you say things like "FUCK METAMASK" and "my wallet would have LITERALLY caught it" you open the door to that.
Here's what Nest Wallet shows when I visit that phishing site and the most valuable thing in my wallet is stETH (not ETH
@LukeDashjr
Really sorry to hear this.
I'm sure a lot of people would be very interested to hear technical details of the attack once you have had a chance to investigate.
@zachxbt
@MartiniGuyYT
How to achieve financial independence:
1. Buy illiquid shitcoin.
2. Shill to your 500k+ followers.
3. Dump shitcoin on followers.
People always ask "How can I learn to trace crypto?" and the answer we give is "look up known cases and try to repeat them".
This one is a great example. If you can link these rugs on-chain then you are a solid EVM tracer.
Was fun to work on. Stay safe friends.
Community Alert: The group of scammers who stole 8 figs with Magnate, Kokomo, Lendora, Solfire, etc is back with a new project on Blast
@Leaperfinance
Last week they funded an address on Blast with ~$1M of laundered funds from the previous rugs and have begun adding liquidity
At one point, users were told to deposit and withdraw money to it in order to get funds on FTX.
Maybe FTX was planning on pivoting into electronics retail. Or maybe this was a way to get around some banking issues.
Archive everything you find, friends.
🚨 Big news from us at
@uncipheredLLC
: We've publicly disclosed vulnerabilities in BitcoinJS-based wallets generated between 2011 and 2016.
The coordinated disclosure has gone smoothly so far. Vendors have notified over a million wallet holders! (please migrate your crypto from
Experts discover flaw leaving $1 billion in bitcoin and other cryptocurrencies exposed for stealing from early software wallets. Free link to my story in the The Post:
🧵(1/27)
Privacy and sovereignty over personal data are important to me.
This is part of why I'm deeply upset about the Tornado Cash sanctions.
In 2017 I got sim swapped. Some kids tricked Verizon to port my cell number to a phone they controlled.
@KyleLDavies
I recommend that you send a copy of all of 3AC's books, transaction history, internal messages, etc to
@zachxbt
so he can audit them and clear your name.
@sungjae_han
here's a list of all 317 addresses that ever deposited exactly 200 ETH to so who knows, maybe they were sloppy and are on it. That's pretty small anonymity set
Sorry don't have time to filter it by time
I just published an article describing how it was able to trace
@monero
(XMR) transactions associated with the 2017 WannaCry ransomware attack using publicly-available data.
(1/n)
I've done a lot of forensic analysis on tornado.
Here's a research project I was a part of.
I'm still trying to process this but I am very confident this will only hurt honest people and will not stop criminals/rogue states.
Suffice to say, people in the discord channel are livid.
I feel bad for people where this was their first experience with DeFi.
The "core team" are not representative of the DeFi space as a whole. Simply put, this is *not* how DAO governance works.
Address poisoners have started sending real money in order to evade Etherscan and some wallets' blocking measures.
Some users are baiting the address poisoners for profit.
The normal flow is:
1. Victim address with large USDC/USDT balance sends a test transaction (usually $1,
Just to reiterate, decentralization is a spectrum. Some DAOs are quite centralized.
However, this is *not* a DAO. This is people who used smart contracts to raise funds with the stated intention of forming a DAO.
But the behavior here was *not* DAO-like at all.
highlight of that space was definitely
@ameensol
telling zooko what we were all thinking: that nobody actually uses zcash and it'd be banned in a heartbeat if NK actually used it.
People don't talk about this enough.
@Tether_to
blocked the Ledger Exploiter's address.
@circle
didn't, and about a half hour ago they converted the stolen USDC to something unfreezeable.
This happens frequently and has resulted in many millions of preventable thefts.
@BillHughesDC
@Tether_to
People love to think that Tether is scared of US or some shit LOL guys *Circle* is what you get when you are US-focused, scared of USG, and fully compliant.
USG should seriously ask itself why Tether does more to stop illicit flows than their homegrown baby, Circle.
Media outlets are eager to trade your safety for their clickbait.
It's obvious that this will make creditors cyber targets.
"absent evidence of a genuine threat to the safety of the creditors"
Here's some evidence
@lopp
has compiled wrt physical safety
@nntaleb
>Nobody among users/institutions noticed
Incorrect.
A lot of people noticed and much earlier than they would've if this had been an opaque Madoff-style ponzi.
Some people even explained the attack on twitter and medium, and debated it with Do Kwon in public.
Allegations that
@AzukiOfficial
's BEANZ launch was sniped by insiders were made yesterday and were amplified by some popular NFT accounts 🙄
Using the
@Honest_NFT
shenanigan scanning tools, I took a very close look at this drop. 🧵(1/14)
Got invited to make a
@Sismo_eth
account.
First thing I do with any protocol I'm testing is kick the tires a bit.
Gotta say, I'm *very* impressed that they caught this common mistake/reveal before I even registered.
First time I've ever seen a UI warning like this.👏
If you're a
@ConstitutionDAO
insider and have interesting information, feel free to make a burner protonmail e-mail and contact me:
magicamulets at protonmail dot com.
Look through my twitter feed first, figure out what I'm about.
Any info will be 100% confidential.
Machi made a lot of sloppy and easily disprovable allegations in his complaint.
The purpose of this suit was likely a combination of blatant SLAPP (to silence Zach) and to vindictively dox Zach.
I'll put down thoughts below as I read through it.
1/ It’s unfortunate I have to make this thread but I am being sued by MachiBigBrother for an article I published in June 2022.
Today Machi filed the defamation lawsuit. The lawsuit is baseless and an attempt to chill free speech. I intend to fight back & defend free speech.
This means anybody who had ETH in the uniswap-v3 pool who didn't see the discord announcement (recently edited so I can't screenshot it) was essentially getting rug pulled.
Spending Saturday with your family and not checking your computer? Observing the Sabbath? Tough luck
🚨 OFAC VIOLATION DETECTED🚨
Deposits
#63
and
#80
in came from the OFAC sanctioned goerli ETH tornado cash contracts...
please exclude them when you withdraw!
more info about these deposits here:
Pleased to share that today I begin a new role at
@uncipheredLLC
as Director of Analytics where I'll be doing what I always do: analyzing blockchains.
If you're locked out of your crypto wallet, that's something we can definitely help with.
7/7
The article and court docs show additional evidence which further corroborates the plaintiff's findings.
The case is hanging in the balance as novel questions related to jurisdiction and statute of limitations related to crypto thefts are resolved.
Thanks for reading!
Zach elegantly demonstrates that criminals still make mistakes when laundering stolen crypto.
He makes this analysis look straight but forward but it's the result of a *lot* of hard labor (and only a few people can even do it at all).
looks like Certik did return ~2.6M to Kraken on Ethereum mainnet today. 0xa172342297f6E6d6E7fe5df752CbdE0aa655E61C is the deposit address they used on Polygon.
If you have a
@gridplus
wallet that you use as cold storage, it is imperative that you update it, otherwise it will brick itself.
I used this device as cold storage so it sat unused under my desk for 2 years and yesterday it bricked itself.
I wish they had notified me...
If you don't like taking risks with your money, get that shit out of the ConstitutionDAO's juicebox project ASAP.
These are all open smart contracts, this one has a 11,000+ E bounty on it right now.
Or find someone other than I that can look through the code and run tests.
@CMichaelGibson
Yes. N95 masks should be reserved for HCPs until they're more widespread but even simple homemade masks can lower the spread of the virus.
The head of the Chinese CDC says that the virus is shed by droplets emitted during speech.
@Bitboy_Crypto
@Pluto_Alliance
I took a quick look at
@Pluto_Alliance
using
@Honest_NFT
tools and noticed a few red flags.
1. The API is down so I had to scrape rarity data from
2. The NFTs appear to not be randomly distributed
3. One account clearly "anomalously lucky".
@CMichaelGibson
Furthermore, Asian countries, which have less of a stigma against wearing masks in public, have been able to slow the spread much more than any Western countries (obviously there are other things they're doing right as well) but the masks certainly can't hurt.
@banterlytics
@SebsDead_
@0xShitTrader
@LooksRareNFT
CT yesterday: LOL WHAT A DUMBASS WHY WOULD YOU PUT $160M IN YOUR PUBLIC ENS HAVE FUN GETTING HACKED
CT today: LOL WHY WOULD YOU SEND $70M TO TORNADO CASH IF YOU WERENT EXIT SCAMMING
I haven't taken a close look at the on-chain activity yet. 🔎
It will certainly uncover the winners and the losers, but attaching real world names to accounts is challenging and it will be difficult to prove that the "winners" of this game weren't just lucky.