Famous crypto trader ZachXBT recently revealed details on X (Twitter) about a complex crypto theft that saw $243 million stolen in August 2024.
The attack, carried out by a group of cybercriminals including Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano), was one of the largest crypto heists in recent history.
The investigation, led by ZachXBT and several other key partners, has already resulted in multiple arrests and millions in stolen funds being frozen.
$243M Was Stolen in a Sophisticated Social Engineering Attack
The attackers targeted only a single Genesis creditor on August 19, 2024. They began their extremely skilled strategy by pretending to be Google Support in order to access the victim’s personal accounts. They then pretended to be representatives of Gemini Exchange and persuaded the victim to reset their two-factor authentication (2FA).
As a result, the attackers were able to access the victim’s Gemini funds and move them to a wallet that was compromised, ZachXBT noted.
The attack was then intensified by the hackers, who took over the victim’s screen via the use of AnyDesk, a remote desktop program. From here, they were able to obtain the victim’s private keys via Bitcoin Core, further reducing the victim’s assets. The primary theft, which had a value of $238 million, happened at 4:05 AM UTC and involved 4064 BTC.
ZachXBT released a secret video clip that captured the hackers’ reactions as soon as they got the money.
Upon preliminary tracking, it was discovered that the pilfered money was distributed among the group members in various ways, with segments being promptly moved to more than fifteen distinct exchanges.
After that, the money was transferred between Litecoin, Ethereum, Monero, and Bitcoin, making it challenging to follow.
Wiz (Veer Chetal), who unintentionally revealed his entire name during a screenshare session, was a key player in the theft. The fact that accomplices addressed him by his first name in chats provided more proof that he was involved in the crime.
Wiz had a substantial portion of the pilfered money, $34.5 million in his wallet. His buddy Light/Dark assisted him in using eXch and Thorswap and other platforms to launder the stolen assets.
Where did the Attackers Spent the Money?
Social media posts helped investigators locate Greavys (Malone Iam), who flaunted his ill-gotten wealth by buying over ten luxury cars and throwing lavish parties in Los Angeles and Miami, where he reportedly spent up to $500,000 per night. $3.5 million of Greavys’s funds were tied to a specific wallet address.
Box (Jeandiel Serrano) posed as a representative from Gemini during the attack and was tied to multiple platforms like Discord and Telegram. His involvement led to the recovery of $18 million. Another accomplice, Danny Trauma (Danish), was associated with the crime, though his role is less clear.
Funds Frozen, Recovery Efforts and Binance’s Efforts
More than $9 million was frozen as a result of the investigation, which was supported by ZeroShadow, the Binance Security Team, and Crypto Forensic Investogators.
Furthermore, the victim has already received a return of $500,000. Box and Greavys were taken into custody by police in Miami and Los Angeles, respectively, and more arrests are anticipated as the investigation continues.
Binance reacted to the investigation on X, stating, “We are proud to have played a role in supporting this investigation. In collaboration with industry partners, our efforts resulted in a sizeable amount of stolen funds being tracked and frozen. The investigation is ongoing.”
This incident serves as a reminder of how sophisticated social engineering attacks are becoming in the cryptocurrency space. Even though part of the money that was stolen has been found, the investigation is still ongoing, and it’s unclear how much more can be given back to the victim.