According to @zachxbt, a US-based victim lost $3.05M (1.2M XRP) after funds were drained from an Ellipal wallet, and the author published a thread tracing where the stolen XRP ultimately moved on-chain (source: @zachxbt). According to @zachxbt, the post also shares key takeaways for preventing similar thefts, making the traced paths and labeled addresses relevant for market participants tracking large XRP movements and potential routing of stolen funds (source: @zachxbt).

According to @zachxbt, the Bittensor hacker deposited 4.9 million dollars of three assets into a privacy protocol, followed almost immediately by withdrawals of the same amount and assets to an on-chain address he states is linked to a former OTF Bittensor employee. Source: @zachxbt on X, Oct 16, 2025. He added that certain investigative details are withheld for law enforcement, indicating an active inquiry that could surface additional on-chain evidence. Source: @zachxbt on X, Oct 16, 2025. For trading, the alleged clustering and 4.9 million dollar movement are material datapoints for TAO pairs; monitor the identified address and privacy protocol outflows for signs of transfers toward exchanges and track TAO spot and perp volatility around any detected movements to inform risk management. Source: @zachxbt on X, Oct 16, 2025.

According to ZachXBT, he identified a suspect tied to the $28M Bittensor (TAO) hack from 2024 by tracing anime NFT wash trades linked to a former employee and received a whitehat bounty for the work. Source: ZachXBT on X, Oct 15, 2025. The thread details how wash-traded NFT activity was used to attribute wallet clusters and connect internal links related to the 2024 exploit. Source: ZachXBT on X, Oct 15, 2025. This marks a new attribution lead in the Bittensor TAO case that traders and risk teams can reference when tracking addresses associated with the incident. Source: ZachXBT on X, Oct 15, 2025.

According to the source, on-chain investigator ZachXBT claimed the US government likely hacked or reclaimed about 127,000 BTC from vulnerable wallets identified two years ago, source: ZachXBT social media statement. The claim has not been supported by any cited announcement from the U.S. Department of Justice or U.S. Marshals Service, indicating no official confirmation was provided in the statement, source: ZachXBT social media statement. For trading, if accurate, large government-held BTC has historically introduced supply overhang risk around auction or disposition events that can impact spot liquidity, funding, and basis, source: U.S. Marshals Service auction records. Traders should monitor public on-chain records for movements in government-labeled wallets and track DOJ/USMS notices for custody or auction timelines to manage headline and gap risk, source: public blockchain records and U.S. DOJ/U.S. Marshals Service public notices.

According to @zachxbt, the U.S. government says it has custody of roughly 127,000 BTC valued near $14 billion tied to seized wallets. According to @zachxbt, those wallet addresses had been highlighted about two years ago in a Milky Sad report for vulnerable private keys. According to the U.S. Marshals Service, seized Bitcoin has historically been liquidated via public auctions, creating episodic supply that can reach the market. According to the U.S. Department of Justice disclosures in prior cases such as the Silk Road BTC seizures, sales are often executed in tranches rather than all at once, which can affect market liquidity and volatility. According to @zachxbt, the listed addresses provide clear on-chain points to watch, so any movement from these wallets could be a leading indicator for BTC price risk.

According to @zachxbt, a prior KrebsOnSecurity investigation identified Ice Blockchain/Online.io CEO Alexandru Ionut Florea, also known as Zeus, as an administrator behind the Microleaves residential proxy network that researchers alleged was powered by malware/botnet activity (source: @zachxbt; KrebsOnSecurity). According to @zachxbt, he also linked Florea and Online.io (OIO) to the 2018 OIO ICO, which he characterized as a rug, raising sponsor-vetting concerns and headline risk for any entities associated with Ice Blockchain/Online.io from a trading due-diligence standpoint (source: @zachxbt).

According to @zachxbt, BlockDAG is an investment scam that has been running a presale for over 1.5 years and is advertising fake fundraising totals, a claim that directly challenges the credibility of the project’s reported raise figures. Source: https://twitter.com/zachxbt/status/1973105321775341972 @zachxbt also questioned the due diligence of a Formula 1 partner linked to BlockDAG, highlighting concerns over partner vetting that could influence perceptions of legitimacy around the project. Source: https://twitter.com/zachxbt/status/1973105321775341972

According to @zachxbt, Crypto.com experienced incidents where user balances, names, emails, and phone numbers were leaked, which he argues is more than partial PII (source: ZachXBT on X, Sep 22, 2025). According to @zachxbt, Crypto.com CEO Kris blocked him and he requested a URL showing where these incidents were publicly disclosed (source: ZachXBT on X, Sep 22, 2025). According to @zachxbt, he posted a redacted database snippet labeled as from a CDC database showing fields including app_os android, created_at 2022-01-01, a BTC wallet with current balance 0.19693081, a VVS wallet with current balance 7347.823996202722, and a pin field value 111111 (source: ZachXBT on X, Sep 22, 2025). According to @zachxbt, the allegation directly references account-level balances and identifiers, making it trading-relevant for exchange risk management and for assets tied to Crypto.com infrastructure, including CRO, BTC, and VVS mentioned in the sample (source: ZachXBT on X, Sep 22, 2025).

According to @zachxbt, OpenVPP ($OVPP) claimed it was working with the US government on energy tokenization, but SEC Commissioner Hester Peirce replied that she does not work alongside or endorse private crypto projects, and OpenVPP then hid her reply, signaling the claim is unverified and contested, source: @zachxbt. @zachxbt also reports that accounts promoting OVPP are the usual influencer suspects, indicating the rollout is driven by influencer marketing rather than verifiable partnerships, source: @zachxbt. For traders, the disputed partnership claim and hidden reply create headline and reputational risk that can elevate OVPP volatility and execution slippage, warranting caution on entries, sizing, and stops until independently verifiable disclosures are provided, source: @zachxbt.

According to @zachxbt, a blockchain explorer he reviewed is unreadable due to lacking data filters, address labels, and third-party integrations, which limits on-chain analysis for traders, source: @zachxbt on X, Sep 15, 2025. According to @zachxbt, Figure and its team attempted to pressure DefiLlama to change how Total Value Locked is calculated and cited numbers they could not verify, highlighting a potential TVL methodology dispute relevant to market participants tracking protocol metrics, source: @zachxbt on X, Sep 15, 2025. According to @zachxbt, recent IPOs with even remote crypto affiliation since Circle are pumping, signaling momentum in crypto-adjacent equities that traders may monitor for sentiment read-through, source: @zachxbt on X, Sep 15, 2025. According to @zachxbt, VanrEkt has not produced research papers or built novel protocols despite positioning as crypto natives, underscoring the need to verify team track records before relying on claims, source: @zachxbt on X, Sep 15, 2025. For traders, these claims point to data reliability and methodology risks around TVL and on-chain analytics, warranting extra diligence when evaluating assets or reports tied to Figure, DefiLlama TVL figures, or the unnamed explorer’s datasets, source: @zachxbt on X, Sep 15, 2025.

According to ZachXBT, a project's co-founder attacked an honest actor after the actor did not cite the project's own stated numbers, which he claims are not fully verifiable on-chain (source: ZachXBT on X, Sep 13, 2025). According to ZachXBT, he is just getting started targeting TradFi participants who do not respect crypto-native standards (source: ZachXBT on X, Sep 13, 2025). Based on ZachXBT’s claims about unverifiable metrics, traders should prioritize on-chain proof of reserves, TVL verification, and treasury wallet flow analysis before relying on reported figures to manage headline and data-integrity risk (source: ZachXBT on X, Sep 13, 2025). No specific token or project was named in the post (source: ZachXBT on X, Sep 13, 2025).

According to @zachxbt, a company is trying to publicly pressure DefiLlama using proprietary metrics that are not 100% verifiable on-chain. Source: X post by @zachxbt dated Sep 13, 2025. The post provides a link to a related statement by 0xngmi for additional context. Source: X post by @zachxbt dated Sep 13, 2025. For traders who rely on DeFi dashboards and on-chain analytics to screen protocols by TVL and rankings, this allegation underscores the risk of discrepancies when metrics lack full on-chain proof and warrants caution when comparing datasets across vendors. Source: X post by @zachxbt dated Sep 13, 2025.

According to @lookonchain, JP (@jpthor), the co-founder of THORChain and Vultisig, was scammed out of approximately 1.3 million dollars by North Korean hackers via a conference call scam, with a referenced transfer at Etherscan transaction 0x348c67dd3f9c4a8cdfbf526511820b73e58fbd01fe84355713351b5889f82ba0 (source: @lookonchain; source: Etherscan). According to @zachxbt, JP and his products have benefited from helping North Korean hackers launder funds, linking the allegation to THORChain and Vultisig activity (source: @zachxbt). For traders, the directly related crypto asset is THORChain’s token RUNE and the associated wallet product Vultisig, with verification via the cited on-chain transaction hash for due diligence and monitoring (source: @lookonchain; source: Etherscan).

According to @PeckShieldAlert, @zachxbt reports SwissBorg suffered an exploit on Solana with 192.6K SOL valued at about $41.5M stolen (source: @PeckShieldAlert). According to @PeckShieldAlert, the attacker deposited 100 SOL to Bitget, indicating exchange touchpoint activity relevant for tracing flows (source: @PeckShieldAlert).

According to ZachXBT, a leaked price sheet lists 200+ crypto influencers and their wallet addresses from a project that contacted them for paid promotion (source: ZachXBT on X, Sep 1, 2025). According to ZachXBT, 160+ accounts accepted the deal, yet fewer than five disclosed the posts as advertisements (source: ZachXBT on X, Sep 1, 2025). According to ZachXBT, the presence of identifiable wallet addresses tied to paid promotions enables traders to monitor these wallets on-chain around the timing of promotional posts to evaluate short-term flow and transparency risks (source: ZachXBT on X, Sep 1, 2025). According to ZachXBT, traders can use the leaked wallet list as a watchlist to track transfers involving newly promoted tokens and to detect coordinated activity across multiple influencer accounts (source: ZachXBT on X, Sep 1, 2025).

According to @OnchainLens, a victim lost 783.75 BTC (about $91.4M) on Aug 19, 2025 after a social engineering scam that impersonated exchange and hardware wallet support (source: Onchain Lens on X, Aug 29, 2025; citing ZachXBT on X). The post states the theft occurred exactly one year after the $243M Genesis Creditor hack (source: Onchain Lens on X, Aug 29, 2025). The post also references a transaction hash tied to the theft (source: Onchain Lens on X, Aug 29, 2025). Based on the figures provided, the implied BTC price is roughly $116.6k ($91.4M ÷ 783.75 BTC), helping traders size potential on-chain movement if these coins are later traced (source: calculation from data in Onchain Lens post).

According to @zachxbt, actors tied to a prior theft routed stolen crypto to a centralized service, signaling an attempted laundering and potential cash-out path (source: @zachxbt on X, Aug 28, 2025). According to @zachxbt, the same parties attempted partial payments and targeted escrow mechanisms to exploit counterparties, which he describes as bad-faith tactics (source: @zachxbt on X, Aug 28, 2025). According to @zachxbt, the parties are applying social media pressure while funds are traceable to a centralized venue, highlighting exposure to compliance review at centralized services that could affect fund movement timing (source: @zachxbt on X, Aug 28, 2025).

According to @zachxbt, the X account @web3 is linked to a team member involved with the Squiggles NFT rug and Raichu, signaling elevated counterparty risk for any @web3-associated mints, promotions, or partnerships (source: @zachxbt on X, Aug 28, 2025). The post includes an image and a link referencing a prior investigation thread, indicating this alert is tied to previously documented concerns around Squiggles and Raichu (source: @zachxbt on X, Aug 28, 2025). For trade execution, participants should halt or reduce exposure to @web3-led NFT drops until team identities, project provenance, and fund flows are independently verified, prioritizing cold-start listings and escrow controls where feasible (source: @zachxbt on X, Aug 28, 2025). Market participants should reassess risk models for secondary trading liquidity and listing venues connected to @web3 to mitigate potential rug-pull exposure and reputational spillover across related collections (source: @zachxbt on X, Aug 28, 2025).

According to @zachxbt, Coinbase’s Jesse and a team engaged with an individual named Sahil despite widely shared warnings about his alleged record of celebrity coin rug pulls on Solana documented on X and referenced by Coffeezilla on YouTube, signaling elevated counterparty and reputational risk around celebrity SOL tokens for traders and partners alike; Source: @zachxbt on X, August 25, 2025. According to @zachxbt, traders should treat the post as a red flag for celebrity memecoins on Solana and prioritize independent verification over perceived endorsements, given that prior warnings were easily discoverable via public threads; Source: @zachxbt on X, August 25, 2025. According to @zachxbt, practical trading diligence here includes checking the deployer wallet’s past token launches, reviewing liquidity lock status, and scanning prior allegations tied to the promoter before taking exposure to low-liquidity SOL memecoins; Source: @zachxbt on X, August 25, 2025.

According to @zachxbt, a new Solana meme coin presale received 150+ promotional posts from lower-tier influencers with millions of botted followers and likes but raised only 65 SOL, with few disclosure labels on the posts. Source: ZachXBT on X, Aug 23, 2025, https://twitter.com/zachxbt/status/1959237311880966480. He characterizes the campaign as destined for failure due to the mismatch between heavy influencer promotion and minimal presale funding, alongside disclosure gaps. Source: ZachXBT on X, Aug 23, 2025, https://twitter.com/zachxbt/status/1959237311880966480. For traders, undisclosed paid endorsements are noncompliant with the FTC Endorsement Guides, creating regulatory enforcement risk around such promotions. Source: Federal Trade Commission Endorsement Guides, ftc.gov. The SEC has warned investors about celebrity and influencer promotions of crypto offerings and urges independent due diligence before purchasing tokens advertised online. Source: SEC Office of Investor Education and Advocacy Investor Alert on celebrity endorsements of crypto offerings, investor.gov (2017).