According to @zachxbt, a paid trading group promoter previously caught faking PnL screenshots is now claiming to have turned $700K into $20M without providing verifiable evidence. Source: ZachXBT on X, Nov 8, 2025. He states there is zero proof of multiple eight-figure positions and that the account posts many ticker charts and later references the winners, indicating cherry-picking risk. Source: ZachXBT on X, Nov 8, 2025. For traders, the post highlights credibility risks around unverified paid-group performance claims and signals caution before following trade calls or copying positions. Source: ZachXBT on X, Nov 8, 2025.

According to @zachxbt, he has recovered $250M for victims of phishing, hacks, and exploits, with most efforts conducted pro bono, stated in a post challenging accusations and urging data-backed claims; source: @zachxbt on X, Nov 6, 2025. The post provides no case-level details, token breakdowns, or transaction references, meaning no immediate, asset-specific trading signals can be derived from this announcement alone; source: @zachxbt on X, Nov 6, 2025. No specific cryptocurrencies, exchanges, or wallet addresses were mentioned, indicating no direct on-chain follow-through to monitor from this post itself; source: @zachxbt on X, Nov 6, 2025.

According to ZachXBT, full investigations into exploits like Uranium typically require 150+ hours covering law-enforcement communications, on-chain tracing, OSINT, and formal reporting, indicating that market-ready findings after a hack are not immediate (source: ZachXBT on X, Nov 6, 2025). He stated that independent researchers do not have access to every user account or internal CEX data to audit root causes, constraining definitive attribution without cooperation from exchanges and ecosystems (source: ZachXBT on X, Nov 6, 2025). He added that approaching the ecosystem where the incident occurred for future research support is reasonable, highlighting the need for coordination to accelerate clarity on losses and fund flows (source: ZachXBT on X, Nov 6, 2025). For traders, these factors suggest pricing in longer resolution windows, potential post-hack volatility, and staggered updates from on-chain forensic analysis until verified reports emerge (source: ZachXBT on X, Nov 6, 2025).

According to ZachXBT, grants from chains are one of the main ways he funds his on-chain investigation work, source: ZachXBT on X, Nov 6, 2025. According to ZachXBT, on Sept 28 he said he did not prioritize victims on the chain at that time due to few donations, citing his work solving the $50M Uranium exploit and a Discord compromise, source: ZachXBT on X, Nov 6, 2025. According to ZachXBT, the BNB Chain team later reached out asking how to best support his future investigations and incident response on BNB Chain, source: ZachXBT on X, Nov 6, 2025. According to ZachXBT, he described BNB Chain as a top-10 chain by every metric and noted its logo appears on his banner alongside Arbitrum and Optimism (OP), source: ZachXBT on X, Nov 6, 2025. According to ZachXBT, he added that those most upset often contribute nothing while asking the most from him, source: ZachXBT on X, Nov 6, 2025.

According to ZachXBT, he has posted multiple community warnings about trading on bucket shops such as KCEX. Source: ZachXBT on X, Nov 5, 2025. According to ZachXBT, KCEX continues to send him BD affiliate offers despite these warnings, signaling ongoing aggressive marketing outreach. Source: ZachXBT on X, Nov 5, 2025. Based on ZachXBT’s warning, traders may reassess venue selection, enforce stricter due diligence, and limit exposure on platforms he labels as bucket shops until concerns are resolved. Source: ZachXBT on X, Nov 5, 2025.

According to @PeckShieldAlert, ZachXBT reported that Garden Finance was exploited for more than $5.5 million across multiple chains (source: @PeckShieldAlert on X; source: ZachXBT on X). @PeckShieldAlert also states the exploiter is in the process of swapping the stolen assets for ETH, confirming active on-chain conversions linked to the incident (source: @PeckShieldAlert on X). @PeckShieldAlert did not specify the affected chains or the exact assets stolen beyond the move into ETH (source: @PeckShieldAlert on X). For traders, the attacker’s ongoing swaps into ETH indicate exploit-related sell flow is currently moving through ETH pairs on-chain, allowing real‑time tracking of transaction activity during the incident window (source: @PeckShieldAlert on X).

According to @PANewsCN, on-chain analyst ZachXBT reported that cross-chain yield platform Garden Finance suffered a multi-chain exploit with losses exceeding $5.5 million. source: @PANewsCN; ZachXBT The stolen assets were rapidly swapped into non-freezable tokens, limiting freeze-and-recovery options. source: @PANewsCN; ZachXBT The attacker-associated address is 0x98BCc6c34A489CEfdD9DfA8d792CFEFb02Ea2D12. source: @PANewsCN; ZachXBT Garden Finance sent an on-chain notice offering a 10% white-hat bounty for the return of funds and assistance in patching the vulnerability, providing a designated return address and contact. source: @PANewsCN ZachXBT also noted days earlier that Garden Finance ignored user refund requests and that 25%+ of its platform activity was linked to stolen funds from incidents involving Bybit and Swissborg. source: @PANewsCN; ZachXBT As of now, no formal public response has been issued by the project regarding the exploit. source: @PANewsCN

According to @PANewsCN, on-chain investigator ZachXBT alleged on X that Gurhan Kiziloz is a de facto co-founder of Blockdag, that Antony Turner was hired as the public-facing representative, and that retail presale funds worth several million dollars were routed via Middle East OTC brokers and moved away from the project, with details posted on Oct 29, 2025 (source: @PANewsCN; source: ZachXBT on X, Oct 29, 2025). According to @PANewsCN, the allegations center on the redirection of retail presale proceeds and identify specific individuals and intermediaries, which is material information for any exposure to Blockdag-related fundraising flows (source: @PANewsCN; source: ZachXBT on X, Oct 29, 2025).

According to @zachxbt, Gurhan Kiziloz is alleged to be the hidden co-founder behind Blockdag, with Antony Turner acting as the public face, and that millions in Blockdag presale funds were routed through Middle Eastern OTC brokers, creating immediate headline and counterparty risk for presale participants and related OTC flows (source: https://twitter.com/zachxbt/status/1983470700003516903). According to @zachxbt, these claims were posted as an allegation on X, and traders with exposure to Blockdag’s presale should recognize elevated reputational and operational risk linked to the allegation itself, pending any independent verification or official response (source: https://twitter.com/zachxbt/status/1983470700003516903).

According to @zachxbt, past Ka1to/1nfoFi campaigns primarily drive inorganic fraudulent activity, and the issue is not limited to a single post but is also evident on other posts including a pinned post from two weeks ago (source: ZachXBT on X, Oct 27, 2025). For traders, this claim signals that engagement or growth metrics tied to those campaigns may be unreliable for sentiment or discovery models and merit heightened diligence before trading on such signals (source: ZachXBT on X, Oct 27, 2025).

According to @zachxbt, a US-based victim lost $3.05M (1.2M XRP) after funds were drained from an Ellipal wallet, and the author published a thread tracing where the stolen XRP ultimately moved on-chain (source: @zachxbt). According to @zachxbt, the post also shares key takeaways for preventing similar thefts, making the traced paths and labeled addresses relevant for market participants tracking large XRP movements and potential routing of stolen funds (source: @zachxbt).

According to @zachxbt, the Bittensor hacker deposited 4.9 million dollars of three assets into a privacy protocol, followed almost immediately by withdrawals of the same amount and assets to an on-chain address he states is linked to a former OTF Bittensor employee. Source: @zachxbt on X, Oct 16, 2025. He added that certain investigative details are withheld for law enforcement, indicating an active inquiry that could surface additional on-chain evidence. Source: @zachxbt on X, Oct 16, 2025. For trading, the alleged clustering and 4.9 million dollar movement are material datapoints for TAO pairs; monitor the identified address and privacy protocol outflows for signs of transfers toward exchanges and track TAO spot and perp volatility around any detected movements to inform risk management. Source: @zachxbt on X, Oct 16, 2025.

According to ZachXBT, he identified a suspect tied to the $28M Bittensor (TAO) hack from 2024 by tracing anime NFT wash trades linked to a former employee and received a whitehat bounty for the work. Source: ZachXBT on X, Oct 15, 2025. The thread details how wash-traded NFT activity was used to attribute wallet clusters and connect internal links related to the 2024 exploit. Source: ZachXBT on X, Oct 15, 2025. This marks a new attribution lead in the Bittensor TAO case that traders and risk teams can reference when tracking addresses associated with the incident. Source: ZachXBT on X, Oct 15, 2025.

According to the source, on-chain investigator ZachXBT claimed the US government likely hacked or reclaimed about 127,000 BTC from vulnerable wallets identified two years ago, source: ZachXBT social media statement. The claim has not been supported by any cited announcement from the U.S. Department of Justice or U.S. Marshals Service, indicating no official confirmation was provided in the statement, source: ZachXBT social media statement. For trading, if accurate, large government-held BTC has historically introduced supply overhang risk around auction or disposition events that can impact spot liquidity, funding, and basis, source: U.S. Marshals Service auction records. Traders should monitor public on-chain records for movements in government-labeled wallets and track DOJ/USMS notices for custody or auction timelines to manage headline and gap risk, source: public blockchain records and U.S. DOJ/U.S. Marshals Service public notices.

According to @zachxbt, the U.S. government says it has custody of roughly 127,000 BTC valued near $14 billion tied to seized wallets. According to @zachxbt, those wallet addresses had been highlighted about two years ago in a Milky Sad report for vulnerable private keys. According to the U.S. Marshals Service, seized Bitcoin has historically been liquidated via public auctions, creating episodic supply that can reach the market. According to the U.S. Department of Justice disclosures in prior cases such as the Silk Road BTC seizures, sales are often executed in tranches rather than all at once, which can affect market liquidity and volatility. According to @zachxbt, the listed addresses provide clear on-chain points to watch, so any movement from these wallets could be a leading indicator for BTC price risk.

According to @zachxbt, a prior KrebsOnSecurity investigation identified Ice Blockchain/Online.io CEO Alexandru Ionut Florea, also known as Zeus, as an administrator behind the Microleaves residential proxy network that researchers alleged was powered by malware/botnet activity (source: @zachxbt; KrebsOnSecurity). According to @zachxbt, he also linked Florea and Online.io (OIO) to the 2018 OIO ICO, which he characterized as a rug, raising sponsor-vetting concerns and headline risk for any entities associated with Ice Blockchain/Online.io from a trading due-diligence standpoint (source: @zachxbt).

According to @zachxbt, BlockDAG is an investment scam that has been running a presale for over 1.5 years and is advertising fake fundraising totals, a claim that directly challenges the credibility of the project’s reported raise figures. Source: https://twitter.com/zachxbt/status/1973105321775341972 @zachxbt also questioned the due diligence of a Formula 1 partner linked to BlockDAG, highlighting concerns over partner vetting that could influence perceptions of legitimacy around the project. Source: https://twitter.com/zachxbt/status/1973105321775341972

According to @zachxbt, Crypto.com experienced incidents where user balances, names, emails, and phone numbers were leaked, which he argues is more than partial PII (source: ZachXBT on X, Sep 22, 2025). According to @zachxbt, Crypto.com CEO Kris blocked him and he requested a URL showing where these incidents were publicly disclosed (source: ZachXBT on X, Sep 22, 2025). According to @zachxbt, he posted a redacted database snippet labeled as from a CDC database showing fields including app_os android, created_at 2022-01-01, a BTC wallet with current balance 0.19693081, a VVS wallet with current balance 7347.823996202722, and a pin field value 111111 (source: ZachXBT on X, Sep 22, 2025). According to @zachxbt, the allegation directly references account-level balances and identifiers, making it trading-relevant for exchange risk management and for assets tied to Crypto.com infrastructure, including CRO, BTC, and VVS mentioned in the sample (source: ZachXBT on X, Sep 22, 2025).

According to @zachxbt, OpenVPP ($OVPP) claimed it was working with the US government on energy tokenization, but SEC Commissioner Hester Peirce replied that she does not work alongside or endorse private crypto projects, and OpenVPP then hid her reply, signaling the claim is unverified and contested, source: @zachxbt. @zachxbt also reports that accounts promoting OVPP are the usual influencer suspects, indicating the rollout is driven by influencer marketing rather than verifiable partnerships, source: @zachxbt. For traders, the disputed partnership claim and hidden reply create headline and reputational risk that can elevate OVPP volatility and execution slippage, warranting caution on entries, sizing, and stops until independently verifiable disclosures are provided, source: @zachxbt.

According to @zachxbt, a blockchain explorer he reviewed is unreadable due to lacking data filters, address labels, and third-party integrations, which limits on-chain analysis for traders, source: @zachxbt on X, Sep 15, 2025. According to @zachxbt, Figure and its team attempted to pressure DefiLlama to change how Total Value Locked is calculated and cited numbers they could not verify, highlighting a potential TVL methodology dispute relevant to market participants tracking protocol metrics, source: @zachxbt on X, Sep 15, 2025. According to @zachxbt, recent IPOs with even remote crypto affiliation since Circle are pumping, signaling momentum in crypto-adjacent equities that traders may monitor for sentiment read-through, source: @zachxbt on X, Sep 15, 2025. According to @zachxbt, VanrEkt has not produced research papers or built novel protocols despite positioning as crypto natives, underscoring the need to verify team track records before relying on claims, source: @zachxbt on X, Sep 15, 2025. For traders, these claims point to data reliability and methodology risks around TVL and on-chain analytics, warranting extra diligence when evaluating assets or reports tied to Figure, DefiLlama TVL figures, or the unnamed explorer’s datasets, source: @zachxbt on X, Sep 15, 2025.