How Did the Hardware Wallet Attack Happen?

According to information shared by ZachXBT, the attacker gained access to the victim’s hardware wallet using social engineering techniques. As a result of permissions unknowingly granted by the user, control of the wallet was compromised. Addresses identified during the attack reportedly held around 1,459 BTC and 2.05 million LTC. After the funds were seized, they were quickly transferred across multiple networks in an effort to complicate tracking.

The attacker converted a large portion of the stolen Bitcoin and Litecoin into Monero through instant swap services. Monero’s privacy-focused design and limited traceability are believed to be the main reasons it was chosen. ZachXBT noted that these rapid and heavy conversions caused unusually high transaction volumes on the Monero network.

ZachXBT stated: “Sudden conversions from BTC and LTC into Monero directly triggered the sharp rise in XMR’s price.”

ZachXBT also revealed that part of the stolen Bitcoin was bridged across different blockchains using THORChain. Through this method, the funds were not kept on a single network but were instead distributed across Ethereum, Ripple, and Litecoin networks in fragments. Experts say such multi-chain movements are intended to make fund tracking more difficult and to further complicate on-chain analysis, highlighting a deliberate effort by the attackers to cover their tracks.

XMR Price Shows Strong Surge

Following the incident, Monero climbed to nearly $800 during the week, approaching a new high and recording a striking 74% increase in a short period. This rally was supported by a sudden spike in demand and trading volume. Although the price later pulled back to around $630 at the time of reporting, the correction remained limited, with roughly 46% of the gains still intact. Analysts suggest that holding these levels indicates continued strong interest in Monero.

Assessment

This incident once again underscores how critical hardware wallet security and awareness of social engineering attacks are for the crypto ecosystem. It also clearly demonstrates how large-scale fund movements can rapidly impact market dynamics through headlines such as Monero price surge, XMR rally, and Bitcoin and Litecoin theft. The case uncovered by ZachXBT shows that similar attacks—and their effects on the market—will continue to be closely monitored.

Also, you can freely share your thoughts and comments about the topic in the comment section. Additionally, please follow us on our Telegram, YouTube and Twitter channels for the latest news and updates.

The post Shock Statement from ZachXBT: Massive Theft Sends XMR Higher! appeared first on Coin Engineer.

Bruno Skvorc: “They Stole My Money”

Polygon DevRel Bruno Skvorc revealed that WLFI froze his tokens and refused to release them, citing his wallet as “high risk.” Sharing an email from the compliance team, Skvorc accused WLFI of outright theft.

“TLDR is, they stole my money,” Skvorc posted. “And because it’s the U.S. president’s family, I can’t do anything about it. This is the new age mafia.” He also claimed at least six other investors were subjected to similar 100% lockups.

Compliance Tools Under Fire

The incident drew criticism from on-chain investigator ZachXBT, who highlighted that compliance tools often wrongly flag addresses as risky — sometimes for trivial reasons like DeFi interactions.

You Might Be Interested In: Sonic SVM Research: Can New Stablecoins Shake Up the Old Order?

In Skvorc’s case, the flags were linked to past Tornado Cash usage, indirect ties to sanctioned entities like Garantex and Netex24, and activity with a blacklisted dashboard.

Justin Sun’s WLFI Tokens Frozen

The controversy deepened when Tron founder Justin Sun revealed that his WLFI tokens were also frozen after blockchain trackers flagged a $9 million transfer. Sun called the freeze “unreasonable” and said it violated blockchain’s core values, insisting tokens should be “sacred and inviolable.”

These developments raise fresh concerns over WLFI’s operations and may erode investor confidence in the Trump-linked project.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Developer Says Trump-Linked WLFI Stole His Money! appeared first on Coin Engineer.

A major development has shaken the crypto investment world. Well-known on-chain investigator ZachXBT has claimed that the so-called “Hyperliquid whale,” who trades with 50x leverage on the Hyperliquid exchange, is in fact a cybercriminal gambling with stolen funds.

This whale managed to survive liquidation attempts by crypto investors and secured an impressive $9 million in net profit. ZachXBT emphasized that this whale has no connection to the North Korea-backed Lazarus Group. Earlier this year, in February 2025, ZachXBT had linked the $1.5 billion Bybit hack to that hacker collective. Now, he has followed the trail to this Hyperliquid whale.

“Crypto Twitter Is Speculating, But the Truth Is More Sinister”

ZachXBT made the following statement on X (Twitter):

“It’s funny watching CT speculate on the ‘Hyperliquid whale’ when in reality it’s just a cybercriminal gambling with stolen funds.”

Responding to a follower’s question regarding potential ties to the Lazarus Group, ZachXBT replied:

“No, there’s no connection to Lazarus.”

Some users asked ZachXBT to reveal the whale’s identity. However, he responded by saying:

“We’ll see, it’s just not enjoyable posting investigations on X/Twitter anymore.”

Failed Attempts to Liquidate the Whale

For weeks, the crypto market has speculated about who the Hyperliquid whale is and how they could be stopped. The whale had opened 40x and 50x short positions on Bitcoin (BTC) and Ethereum (ETH), drawing massive attention.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The whale notably opened a $450 million short position on BTC, which triggered a major reaction across the market. Traders attempted to counter this by aggressively buying up BTC, trying to force a liquidation. However, they ultimately failed. According to Lookonchain, the whale deposited an additional $5 million USDC to increase margin and avoid liquidation.

Aside from BTC and ETH, the whale also opened a $31 million short position on Chainlink (LINK) with 10x leverage and placed short orders on GMX.

A Major Threat in the Crypto Market: Stolen Funds and High-Leverage Trades

ZachXBT’s comments have reignited concerns about stolen funds re-entering circulation through decentralized finance (DeFi) protocols. The situation also highlights how cybercriminals exploit high-leverage trading to gamble with illicit funds, posing a significant risk to the overall market.

While the true identity of this whale remains undisclosed, the broader question for the crypto ecosystem is how to address these high-risk scenarios and prevent bad actors from destabilizing the markets.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Big Bet from ZachXBT on Whale in Hyperliquid! appeared first on Coin Engineer.

Lazarus Group’s Link Between the Bybit and Phemex Hacks Uncovered

The North Korean cybercrime organization, Lazarus Group, is suspected to be behind both the $1.4 billion Bybit hack and the $29 million Phemex hack, according to the latest onchain evidence.

The February 21st Bybit exchange hack led to the largest crypto theft in history, with attackers stealing $1.4 billion worth of liquid-staked Ether, Mantle Staked ETH (mETH), and other ERC-20 tokens.

Blockchain security analysts, including Arkham Intelligence and onchain researcher ZachXBT, have traced the attack to Lazarus Group.

New onchain findings revealed that the same Lazarus Group-affiliated wallets were also behind the $29 million Phemex hack in January.

Lazarus Group Uses Crypto Mixers to Combine Funds from Bybit and Phemex Hacks

In a February 22nd X post, ZachXBT wrote, “Lazarus Group directly linked the Bybit hack to the Phemex hack by commingling funds from both incidents’ initial stolen addresses.”

According to onchain data, $29 million worth of digital assets was drained from Phemex’s hot wallets through over 125 transactions recorded across 11 blockchain networks. The attackers then used crypto mixers like Tornado Cash to convert the funds into Ether, making them harder to trace.

The Bybit hack alone accounted for more than half of the $2.3 billion stolen in crypto-related hacks in 2024, marking a significant setback for the industry.

Cyvers’ Meir Dolev noted the similarities between this attack and the $230 million WazirX hack and the $58 million Radiant Capital hack. Dolev explained that Bybit’s Ethereum multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change.

“It seems that Bybit’s ETH multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change,” he said.

Lazarus Group Steals $1.34 Billion Worth of Crypto in 2024

Lazarus Group is known for being behind some of the largest crypto heists. The group is the main suspect in the infamous $600 million Ronin Network hack and the $230 million WazirX exchange hack.

Throughout 2024, North Korean hackers stole $1.34 billion worth of digital assets across 47 incidents. This represents a 102% increase from the $660 million stolen in 2023, accounting for 61% of all crypto stolen in 2024.

The United States, Japan, and South Korea issued a joint warning on January 14th, citing the growing threat of North Korean hackers targeting the crypto industry.

Over the past year, North Korean hackers were also responsible for the $305 million DMM Bitcoin hack, the $50 million Upbit hack, the $50 million Radiant Capital hack, and the $16 million Rain Management hack.

You can freely share your thoughts and comments about the topic in the comment section. Additionally, please don’ t forget to follow us on our Telegram, YouTube and Twitter channels for the latest news.

The post Lazarus Group Merges Bybit Funds with Phemex Hacker Wallet appeared first on Coin Engineer.

According to data shared on February 3, between December 2024 and January 2025 alone , Coinbase users lost $65 million. However, the researchers noted that complaints that were reported to the police but could not be accessed were not included in the calculations, so the actual losses could be much higher.

Coinbase Users Targeted

According to the report, most of these scams were carried out by India-based threat actors targeting US users.

While Coinbase warned its users not to use VPNs, it turned out that the scammers were automatically blocking VPNs and redirecting Coinbase users to fake sites. “This suggests that Coinbase failed to diagnose the real problem, ” the researchers said.

In particular, the following vulnerabilities were reportedly exploited:

• Use of legacy API keys
• An error in the verification code system
• Laundering stolen funds through Coinbase

ZachXBT criticized Coinbase for

• Failure to properly report stolen wallet addresses
• Ineffective customer support team
• Lack of support in non-US time zones

The researchers emphasized that Coinbase needs to take urgent measures because millions of dollars are going to scammers every month.

Scammers’ Revelations Shocking

In November 2024, a Coinbase phishing scammer admitted to making at least five figures a week by targeting company executives and software engineers.

Nick Neuman, CEO of Bitcoin wallet provider Casa, quoted a scammer as telling him:
“We made $35,000 two days ago. We’re doing this for a reason, there’s big money in it.”

The scammer also stated that they only target people with at least $50,000 in assets.

The inability of Coinbase’s security policies to prevent such attacks once again highlights the platform’s weaknesses in user security.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Coinbase Loses Users $300 Million Annually Due to Vulnerabilities appeared first on Coin Engineer.

This situation arose after ZachXBT used the Zora protocol in August to issue open-edition NFTs called “243M Theft” as a free token related to his investigation into a $243 million theft. Unbeknownst to ZachXBT, the Zora protocol automatically converted these open-edition NFTs into ERC-20 tokens, allowing these tokens to be traded as memecoins on decentralized exchanges.

ZachXBT clarified that the intent behind the digital collectible was to permanently archive investigative content on the blockchain. He likened this approach to his previous articles hosted on Mirror. However, he emphasized that the Zora user interface did not clearly indicate that an ERC-20 token would be issued after the NFT minting process.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

In response to a post by crypto influencer Ansem regarding the token, ZachXBT stated, “The Zora UI currently does not inform creators that an ERC-20 token will also be launched at the end of an open edition NFT mint.” He also shared screenshots as evidence of the lack of information on this critical aspect of the user interface.

Zach minted his most recent Zora investigation using the “ERC20z” token standard, resulting in the creation of approximately 3,500 tokens on the Base network.

Zora’s automatic liquidity function is implemented through an extension of ERC-1155 called ERC20z. This standard allows NFTs to be wrapped into ERC-20 tokens or unwrapped back into ERC-1155 tokens. This enables seamless trading on decentralized exchanges like Uniswap, similar to the functionality offered by token creation platforms such as pump.fun. Apparently, Zora has made this standard the default option for all new minting processes. However, the provision of automatic liquidity led to the token being bought and sold on secondary markets, contrary to ZachXBT‘s intention.

Initially valued at nearly zero, the token’s market cap rose dramatically, reaching a total market cap of $3.4 million with a current valuation of $970 per token at the time of writing.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post ZachXBT’s Unintentionally Created Token Reaches Incredible Values! appeared first on Coin Engineer.

According to data on GitHub, at least 15 offline crypto theft incidents have been recorded in the last year, and this number reached 17 in 2023. In 2021, 32 incidents were recorded. ZachXBT also claims that a user who was subjected to a $4.3 million crypto theft in June 2024 lost his personal information due to a data leak and that this was used for the robbery. After researching the victim’s address, the thieves entered the victim’s house under the pretext of a cargo delivery and threatened them to transfer the cryptocurrencies in their wallets to two addresses.

Following the increase in such incidents, ZachXBT warned that sharing personal information on social media should be avoided and crypto assets should be kept safe. He said that sharing information about crypto assets, especially with friends or on social media, can make a person a target.

İlginizi çekebilir: What is BabyDoge?

Such robberies are on the rise around the world. For example, a man in Florida was convicted in June 2023 for a series of violent home invasions between late 2022 and mid-2023. In these incidents, victims were threatened and forced to transfer their cryptocurrencies. As ZachXBT emphasizes, offline crypto thefts pose a serious threat and crypto owners need to step up their security measures.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post ZachXBT Says He Received Messages from Crypto Victims appeared first on Coin Engineer.

ZachXBT tweeted to their Telegram channel, “The project Truflation was hacked a few hours ago for $5M+ on multiple chains from the Treasury multisig and personal wallets.”

Truflation reported in a post on X about the same time that it had suffered a malware attack and detected some abnormal activity. The initiative reported, “We are currently monitoring the situation and are taking measures to protect funds while we are investigating and working with law enforcement.”

Truflation also mentioned, “Staking is unavailable at this time, and there is limited liquidity on DEXs.”

What is Truflation?

Supported by Coinbase and Chainlink, Truflation—a leading DRP (definite reference point protocol)—for economic truth is driving the tokenization of Real World Assets using its independent, open, real-time financial data. Tracking over 13 million objects, Truflation’s accessible and censorship-resistant data indexes provide the required data infrastructure to enable systemic changes in the DeFi economy, therefore enabling dApps like DEXs to open almost endless marketplaces. From speculating on prices of orange juice and uranium to enabling BTC-denominated oil, gas, and maize prices, Truflation offers the key to unlocking a wide spectrum of financial markets and instruments in the Web3 world.

The TRUF token controls and guarantees the Truflation system and pays its users for their involvement. Platform governance, node operation, rewards and payment for data provision and access use the token.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Truflation Hacked for $5M via Treasury and Personal Wallets appeared first on Coin Engineer.

ZachXBT claimed Thursday morning in a long thread exposing insider chats discussing the breach and measures to hide allegedly stolen monies, so last night the two were arrested in their individual houses in Miami and Los Angeles.

Charged with conspiracy to steal and launder money, Lam, also known as Anne Hathaway,” “$$$,” and Serrano, who makes use of “VersaceGod” and “@SkidStar,” were ZachXBT-identified Veer Chetal, sometimes known as “Wiz,” however he was not a listed person investigated by the FBI.

The FBI claims the offenders spent the money—thought to have been pilfers from an early bitcoin investor and creditor of failing loan company Genesis—on international travel, nightclubs, luxury cars, watches, jewelry, designer purses, and rental properties.

ZachXBT first observed the suspected theft of 4,101 bitcoins in August, then started working with authorities and security organizations Cryptoforensic Investigators and ZeroShadow to track the cash, the pseudonymous research wrote on X.

He said of the financial forensic probe, “one of my best… of all time.”

Currently pursuing an “ongoering investigation, which might involve others,” are the U.S. Attorney’s Office for the District of Columbia, the FBI’s Washington Field Office, and the IRS-Criminal Investigation Washington Field Office.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post $230 Million Bitcoin Theft Leads to Two Arrests appeared first on Coin Engineer.

In his message to his followers, ZachXBT stated that assets worth $14.8 million may have been stolen from the stock market on April 29, 2024. He based his conclusion on external transfers from the exchange’s Bitcoin, Ethereum, Solana and XRP wallets, which he argued were suspicious.

Claiming that the stolen assets were moved to other exchanges and converted into BTC and ETH, ZachXBT claimed that the stolen assets are currently collected in two addresses: 137.9 BTC and 1881 ETH.

ZachXBT stated the addresses where the stolen assets were located as bc1q53aawrkpt5lvk2e30z36unvmhqqdru7q4rprp2 for BTC and 0x197bc094f990261fd6841342901c451858756c28 for ETH.

Cryptocurrency exchange named Rain operates especially in the Middle East region, and Turkey is also included in this region. Other countries where the company operates include Bahrain, United Arab Emirates and Pakistan.

There is no confirmed or official statement about the hack attack yet. An update from Rain officials will be added to the news.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post ZachXBT Claims That Popular Crypto Exchange May Have Been Hacked! appeared first on Coin Engineer.