According to @zachxbt, he receives about 1,000 requests per month for help on suspected NFT rug pulls and has researched over 30 such cases, signaling sustained reporting pressure around NFT scam allegations to his inbox; source: https://x.com/zachxbt/status/1845197031427670048; https://twitter.com/zachxbt/status/1991772466629472662. He added that this work is not enjoyable to do pro bono, indicating limited capacity for additional volunteer investigations; source: https://x.com/zachxbt/status/1845197031427670048; https://twitter.com/zachxbt/status/1991772466629472662. The post names no specific projects or tokens and provides no case details, offering no immediate project-level trading catalyst; source: https://x.com/zachxbt/status/1845197031427670048; https://twitter.com/zachxbt/status/1991772466629472662.

According to @OnchainLens, the GANA Payment project on BSC was exploited for over $3.1M. Source: Onchain Lens on X, Nov 20, 2025. The attacker sent 1,140 BNB (about $1.04M) into Tornado Cash on BSC, bridged the stolen funds to Ethereum, and deposited 346 ETH (about $1.05M) into Tornado Cash. Source: Onchain Lens on X citing ZachXBT on X. The exploiter still holds 346 ETH (about $1.046M) on Ethereum at 0x7a503e3ab9433ebf13afb4f7f1793c25733b3cca; BSC theft addresses are 0x2e8a8670b734e260cedbc6d5a05532264aae5c38 and 0xd10ed57534dc63f2ea9dc0cb0096086f3cc8fa4d. Source: Onchain Lens on X. For trading risk management, monitor these addresses for outflows to DEXs/CEXs that historically precede liquidation activity in similar cases. Source: Chainalysis Crypto Crime Report 2023; Onchain Lens on X. Note that Tornado Cash is sanctioned by the U.S. Treasury’s OFAC, which can trigger compliance screening on related inflows at regulated venues. Source: U.S. Department of the Treasury press release, Aug 8, 2022.

According to @zachxbt, a paid trading group promoter previously caught faking PnL screenshots is now claiming to have turned $700K into $20M without providing verifiable evidence. Source: ZachXBT on X, Nov 8, 2025. He states there is zero proof of multiple eight-figure positions and that the account posts many ticker charts and later references the winners, indicating cherry-picking risk. Source: ZachXBT on X, Nov 8, 2025. For traders, the post highlights credibility risks around unverified paid-group performance claims and signals caution before following trade calls or copying positions. Source: ZachXBT on X, Nov 8, 2025.

According to @zachxbt, he has recovered $250M for victims of phishing, hacks, and exploits, with most efforts conducted pro bono, stated in a post challenging accusations and urging data-backed claims; source: @zachxbt on X, Nov 6, 2025. The post provides no case-level details, token breakdowns, or transaction references, meaning no immediate, asset-specific trading signals can be derived from this announcement alone; source: @zachxbt on X, Nov 6, 2025. No specific cryptocurrencies, exchanges, or wallet addresses were mentioned, indicating no direct on-chain follow-through to monitor from this post itself; source: @zachxbt on X, Nov 6, 2025.

According to ZachXBT, full investigations into exploits like Uranium typically require 150+ hours covering law-enforcement communications, on-chain tracing, OSINT, and formal reporting, indicating that market-ready findings after a hack are not immediate (source: ZachXBT on X, Nov 6, 2025). He stated that independent researchers do not have access to every user account or internal CEX data to audit root causes, constraining definitive attribution without cooperation from exchanges and ecosystems (source: ZachXBT on X, Nov 6, 2025). He added that approaching the ecosystem where the incident occurred for future research support is reasonable, highlighting the need for coordination to accelerate clarity on losses and fund flows (source: ZachXBT on X, Nov 6, 2025). For traders, these factors suggest pricing in longer resolution windows, potential post-hack volatility, and staggered updates from on-chain forensic analysis until verified reports emerge (source: ZachXBT on X, Nov 6, 2025).

According to ZachXBT, grants from chains are one of the main ways he funds his on-chain investigation work, source: ZachXBT on X, Nov 6, 2025. According to ZachXBT, on Sept 28 he said he did not prioritize victims on the chain at that time due to few donations, citing his work solving the $50M Uranium exploit and a Discord compromise, source: ZachXBT on X, Nov 6, 2025. According to ZachXBT, the BNB Chain team later reached out asking how to best support his future investigations and incident response on BNB Chain, source: ZachXBT on X, Nov 6, 2025. According to ZachXBT, he described BNB Chain as a top-10 chain by every metric and noted its logo appears on his banner alongside Arbitrum and Optimism (OP), source: ZachXBT on X, Nov 6, 2025. According to ZachXBT, he added that those most upset often contribute nothing while asking the most from him, source: ZachXBT on X, Nov 6, 2025.

According to ZachXBT, he has posted multiple community warnings about trading on bucket shops such as KCEX. Source: ZachXBT on X, Nov 5, 2025. According to ZachXBT, KCEX continues to send him BD affiliate offers despite these warnings, signaling ongoing aggressive marketing outreach. Source: ZachXBT on X, Nov 5, 2025. Based on ZachXBT’s warning, traders may reassess venue selection, enforce stricter due diligence, and limit exposure on platforms he labels as bucket shops until concerns are resolved. Source: ZachXBT on X, Nov 5, 2025.

According to @PeckShieldAlert, ZachXBT reported that Garden Finance was exploited for more than $5.5 million across multiple chains (source: @PeckShieldAlert on X; source: ZachXBT on X). @PeckShieldAlert also states the exploiter is in the process of swapping the stolen assets for ETH, confirming active on-chain conversions linked to the incident (source: @PeckShieldAlert on X). @PeckShieldAlert did not specify the affected chains or the exact assets stolen beyond the move into ETH (source: @PeckShieldAlert on X). For traders, the attacker’s ongoing swaps into ETH indicate exploit-related sell flow is currently moving through ETH pairs on-chain, allowing real‑time tracking of transaction activity during the incident window (source: @PeckShieldAlert on X).

According to @PANewsCN, on-chain analyst ZachXBT reported that cross-chain yield platform Garden Finance suffered a multi-chain exploit with losses exceeding $5.5 million. source: @PANewsCN; ZachXBT The stolen assets were rapidly swapped into non-freezable tokens, limiting freeze-and-recovery options. source: @PANewsCN; ZachXBT The attacker-associated address is 0x98BCc6c34A489CEfdD9DfA8d792CFEFb02Ea2D12. source: @PANewsCN; ZachXBT Garden Finance sent an on-chain notice offering a 10% white-hat bounty for the return of funds and assistance in patching the vulnerability, providing a designated return address and contact. source: @PANewsCN ZachXBT also noted days earlier that Garden Finance ignored user refund requests and that 25%+ of its platform activity was linked to stolen funds from incidents involving Bybit and Swissborg. source: @PANewsCN; ZachXBT As of now, no formal public response has been issued by the project regarding the exploit. source: @PANewsCN

According to @PANewsCN, on-chain investigator ZachXBT alleged on X that Gurhan Kiziloz is a de facto co-founder of Blockdag, that Antony Turner was hired as the public-facing representative, and that retail presale funds worth several million dollars were routed via Middle East OTC brokers and moved away from the project, with details posted on Oct 29, 2025 (source: @PANewsCN; source: ZachXBT on X, Oct 29, 2025). According to @PANewsCN, the allegations center on the redirection of retail presale proceeds and identify specific individuals and intermediaries, which is material information for any exposure to Blockdag-related fundraising flows (source: @PANewsCN; source: ZachXBT on X, Oct 29, 2025).

According to @zachxbt, Gurhan Kiziloz is alleged to be the hidden co-founder behind Blockdag, with Antony Turner acting as the public face, and that millions in Blockdag presale funds were routed through Middle Eastern OTC brokers, creating immediate headline and counterparty risk for presale participants and related OTC flows (source: https://twitter.com/zachxbt/status/1983470700003516903). According to @zachxbt, these claims were posted as an allegation on X, and traders with exposure to Blockdag’s presale should recognize elevated reputational and operational risk linked to the allegation itself, pending any independent verification or official response (source: https://twitter.com/zachxbt/status/1983470700003516903).

According to @zachxbt, past Ka1to/1nfoFi campaigns primarily drive inorganic fraudulent activity, and the issue is not limited to a single post but is also evident on other posts including a pinned post from two weeks ago (source: ZachXBT on X, Oct 27, 2025). For traders, this claim signals that engagement or growth metrics tied to those campaigns may be unreliable for sentiment or discovery models and merit heightened diligence before trading on such signals (source: ZachXBT on X, Oct 27, 2025).

According to @zachxbt, a US-based victim lost $3.05M (1.2M XRP) after funds were drained from an Ellipal wallet, and the author published a thread tracing where the stolen XRP ultimately moved on-chain (source: @zachxbt). According to @zachxbt, the post also shares key takeaways for preventing similar thefts, making the traced paths and labeled addresses relevant for market participants tracking large XRP movements and potential routing of stolen funds (source: @zachxbt).

According to @zachxbt, the Bittensor hacker deposited 4.9 million dollars of three assets into a privacy protocol, followed almost immediately by withdrawals of the same amount and assets to an on-chain address he states is linked to a former OTF Bittensor employee. Source: @zachxbt on X, Oct 16, 2025. He added that certain investigative details are withheld for law enforcement, indicating an active inquiry that could surface additional on-chain evidence. Source: @zachxbt on X, Oct 16, 2025. For trading, the alleged clustering and 4.9 million dollar movement are material datapoints for TAO pairs; monitor the identified address and privacy protocol outflows for signs of transfers toward exchanges and track TAO spot and perp volatility around any detected movements to inform risk management. Source: @zachxbt on X, Oct 16, 2025.

According to ZachXBT, he identified a suspect tied to the $28M Bittensor (TAO) hack from 2024 by tracing anime NFT wash trades linked to a former employee and received a whitehat bounty for the work. Source: ZachXBT on X, Oct 15, 2025. The thread details how wash-traded NFT activity was used to attribute wallet clusters and connect internal links related to the 2024 exploit. Source: ZachXBT on X, Oct 15, 2025. This marks a new attribution lead in the Bittensor TAO case that traders and risk teams can reference when tracking addresses associated with the incident. Source: ZachXBT on X, Oct 15, 2025.

According to the source, on-chain investigator ZachXBT claimed the US government likely hacked or reclaimed about 127,000 BTC from vulnerable wallets identified two years ago, source: ZachXBT social media statement. The claim has not been supported by any cited announcement from the U.S. Department of Justice or U.S. Marshals Service, indicating no official confirmation was provided in the statement, source: ZachXBT social media statement. For trading, if accurate, large government-held BTC has historically introduced supply overhang risk around auction or disposition events that can impact spot liquidity, funding, and basis, source: U.S. Marshals Service auction records. Traders should monitor public on-chain records for movements in government-labeled wallets and track DOJ/USMS notices for custody or auction timelines to manage headline and gap risk, source: public blockchain records and U.S. DOJ/U.S. Marshals Service public notices.

According to @zachxbt, the U.S. government says it has custody of roughly 127,000 BTC valued near $14 billion tied to seized wallets. According to @zachxbt, those wallet addresses had been highlighted about two years ago in a Milky Sad report for vulnerable private keys. According to the U.S. Marshals Service, seized Bitcoin has historically been liquidated via public auctions, creating episodic supply that can reach the market. According to the U.S. Department of Justice disclosures in prior cases such as the Silk Road BTC seizures, sales are often executed in tranches rather than all at once, which can affect market liquidity and volatility. According to @zachxbt, the listed addresses provide clear on-chain points to watch, so any movement from these wallets could be a leading indicator for BTC price risk.

According to @zachxbt, a prior KrebsOnSecurity investigation identified Ice Blockchain/Online.io CEO Alexandru Ionut Florea, also known as Zeus, as an administrator behind the Microleaves residential proxy network that researchers alleged was powered by malware/botnet activity (source: @zachxbt; KrebsOnSecurity). According to @zachxbt, he also linked Florea and Online.io (OIO) to the 2018 OIO ICO, which he characterized as a rug, raising sponsor-vetting concerns and headline risk for any entities associated with Ice Blockchain/Online.io from a trading due-diligence standpoint (source: @zachxbt).

According to @zachxbt, BlockDAG is an investment scam that has been running a presale for over 1.5 years and is advertising fake fundraising totals, a claim that directly challenges the credibility of the project’s reported raise figures. Source: https://twitter.com/zachxbt/status/1973105321775341972 @zachxbt also questioned the due diligence of a Formula 1 partner linked to BlockDAG, highlighting concerns over partner vetting that could influence perceptions of legitimacy around the project. Source: https://twitter.com/zachxbt/status/1973105321775341972

According to @zachxbt, Crypto.com experienced incidents where user balances, names, emails, and phone numbers were leaked, which he argues is more than partial PII (source: ZachXBT on X, Sep 22, 2025). According to @zachxbt, Crypto.com CEO Kris blocked him and he requested a URL showing where these incidents were publicly disclosed (source: ZachXBT on X, Sep 22, 2025). According to @zachxbt, he posted a redacted database snippet labeled as from a CDC database showing fields including app_os android, created_at 2022-01-01, a BTC wallet with current balance 0.19693081, a VVS wallet with current balance 7347.823996202722, and a pin field value 111111 (source: ZachXBT on X, Sep 22, 2025). According to @zachxbt, the allegation directly references account-level balances and identifiers, making it trading-relevant for exchange risk management and for assets tied to Crypto.com infrastructure, including CRO, BTC, and VVS mentioned in the sample (source: ZachXBT on X, Sep 22, 2025).