Lightnews — Scholar-powered news

ZachXBT @zachxbt1.bsky.social · 18d

Theft addresses:
0x40d76a78ddba2ea81fb0f9fba147a08bcfc2b866
bc1qx0a2kfjd7eweczv8xqjm6rggm40v0nkhfss78l
qpv9nh5ktagsmtkqle8z2w4dd3mksskpmy499z7c9k
ltc1qjyrn9p803efj3p8a0g3fmlevs45kq704ns363t
DRiEQuJ9pt3GgNraQmHVTjNg4B7uv1XuGb

h/t to Cyvers for helping investigate.

1

ZachXBT @zachxbt1.bsky.social · 18d

Interestingly several indicators share similiarities to other known DPRK attacks.

SBI Crypto is a mining pool that's a subsidiary of SBI Group, a publicly traded company in Japan.

As of now it does not appear they have publicly disclosed the incident.

1 1

ZachXBT @zachxbt1.bsky.social · 18d

On September 24, 2025 addresses linked to SBI Crypto saw ~$21M in suspicious outflows on Bitcoin, Ethereum, Litecoin, Doge, & Bitcoin Cash.

The stolen funds were transferred to five instant exchanges and deposited to Tornado Cash.

1 1 1

ZachXBT @zachxbt1.bsky.social · 29d

A new Bloomberg article on Scattered Spider revealed that the centralized exchange Crypto[.]com previously had a breach and never publicly disclosed the incident that exposed the personal information for a portion of its users.

#crypto #bloomberg #scatteredspider #cryptodotcom

Reposted by ZachXBT

Lubeckk @ananox.bsky.social · Sep 18

Vorab analysierte Kryptowährung...

Kredit @zachxbt1.bsky.social
_

#Kryptowährung #Krypto #Kryptographie #RCMP #Kryptografie

1 2

ZachXBT @zachxbt1.bsky.social · Sep 19

In a press release, RCMP just confirmed they seized 56M CAD in assets from TradeOgre.

#crypto #cryptonews #rcmp #tradeogre

1 2

ZachXBT @zachxbt1.bsky.social · Sep 18

Update: The OpenVPP team made a statement and says the reply was accidentally hidden by a 24/7 intern.

ZachXBT @zachxbt1.bsky.social · Sep 18

OpenVPP then hid her reply from the post.

I reviewed the accounts promoting OpenVPP and it’s the usual influencer suspects.

1 1 1

ZachXBT @zachxbt1.bsky.social · Sep 18

This week the project @OpenVPP ($OVPP) claimed to be working with the US government on the tokenization of energy.

12 hrs ago Hester Pierce replied saying she does not work alongside or endorse private crypto projects.

1 1

ZachXBT @zachxbt1.bsky.social · Sep 13

Theft address
0x37cDB6B40861F350E23AA5733E75755fCBed739F

Currently majority of the stolen funds sit at 0x7abc09ab94d6015053f8f41b01614bb6d1cc7647

1

ZachXBT @zachxbt1.bsky.social · Sep 13

JP (THORChain co-founder & Vultisig co-founder) had a personal wallet drained for $1.35M by DPRK on September 9, 2025 after a meeting call scam on Telegram.

Ironically JP and his products have benefited significantly financially from the laundering of DPRK exploits/hacks such as Bybit in the past.

1 1

ZachXBT @zachxbt1.bsky.social · Sep 11

Yesterday an unknown victim was exploited for ~3.047M USDC on Ethereum.

The attacker swapped USDC for ETH and immediately deposited the funds to Tornado.

Theft address
0xf0a6c5b65a81f0e8ddb2d14e2edcf7d10c928020

#crypto #usdc #ethereum #scamawareness

2 3

ZachXBT @zachxbt1.bsky.social · Sep 9

SwissBorg experienced an incident a few hours ago and 192.6K SOL ($41.5M) was stolen on Solana

Theft address
TYFWG3hvvxWMs2KXEk8cDuJCsXEyKs65eeqpD9P4mK1

2

ZachXBT @zachxbt1.bsky.social · Sep 9

A few hours ago the funds were split four ways and transferred between intermediary addresses before being sent to multiple instant exchanges.

The team has since turned off replies on X (Twitter) for all posts.

Presale address
4Ea23VxEGAgfbtauQZz11aKNtzHJwb84ppsg3Cz14u6q

1

ZachXBT @zachxbt1.bsky.social · Sep 9

It appears the Solana project 'Aqua' has likely rug pulled 21.77K SOL ($4.65M) after being promoted by teams such as Meteora, Quill Audits, Helius, SYMMIO, Dialect, and many influencers.

1 1

ZachXBT @zachxbt1.bsky.social · Sep 2

NEW LEAK: Price sheet of 200+ crypto influencers and their wallet addresses from a project they were recently contacted by to promote.

From 160+ accounts who accepted the deal I only saw <5 accounts actually disclose the promotional posts as an advertisement.

#crypto

1 1

ZachXBT @zachxbt1.bsky.social · Aug 23

Coincidentally this theft happened on the one year anniversary of the $243M Genesis Creditor theft.

Theft txn hash
da598f2a941ee3c249a3c11e5e171e186a08900012f6aad26e6d11b8e8816457
Theft address
bc1qyxyk4qgyrkx4rjwsuevug04wahdk6uf95mqlej

1

ZachXBT @zachxbt1.bsky.social · Aug 23

On Aug 19, 2025 a victim fell for a social engineering scam and lost 783 BTC ($91M) after exchange and hardware wallet customer support were impersonated.

The stolen funds began to peel off and deposits to Wasabi were made by the threat actor.

1 1