In the pursuit of being a crypto detective, ZachXBT remains a figure shrouded in anonymity. Recently, he cracked a staggering $243 million Bitcoin theft—potentially the largest single-victim cryptocurrency heist ever. Remarkably, he has never shown his face.
On August 19, a man in his twenties, known online as ZachXBT, was preparing to board a flight. He chose not to disclose which airport or his real name. Just as he was about to check in, he received an alert on his phone: a significant Bitcoin transfer had been made to a small cryptocurrency exchange he monitors for signs of illegal laundering. This transaction, valued at around $600,000, was notable for being ten times the typical amount seen on that platform.
As he reached the boarding gate, another alert indicated a transaction exceeding $1 million at the same exchange, soon followed by one of $2 million. Standing in line, ZachXBT quickly traced the funds from one Bitcoin address to another, marking suspicious transactions. With only half an hour before takeoff and limited internet connectivity until the plane’s Wi-Fi activated, he determined that the funds originated from a dormant wallet dating back to 2012. This significant sum was being hastily liquidated on the exchange, incurring exorbitant fees—an operation unlikely for a patient investor.
To ZachXBT, these transactions screamed theft. After verifying the details multiple times, it became clear that someone had stolen approximately $243 million in Bitcoin from an unfortunate victim. “It’s an extraordinarily large amount taken from a single victim,” he remarked to Wired. “I had to make sure I wasn’t mistaken.”
Once airborne and connected to Wi-Fi, ZachXBT began to track the stolen funds further as they were moved across various exchanges and currency conversion services in what appeared to be an effort to obfuscate their trail. Over the following hours, he meticulously mapped out these transactions, revealing that the thieves had moved the Bitcoin through over ten platforms, seemingly attempting to hide their tracks.
As he traced the funds back to the victim, ZachXBT discovered that a portion of the money originated from the now-defunct Genesis cryptocurrency exchange. He contacted the exchange’s administrators via X (formerly Twitter) to help reach the victim, who ultimately hired him to track down the stolen funds.
By the time his flight landed, ZachXBT had identified three major leads concerning the theft, pointing to what he believed were three suspects. He also alerted his 650,000 followers on X about the ongoing heist on the blockchain. Soon after, he received messages claiming to hold key information about the identity of the thieves. In the following week, he worked tirelessly, averaging four to five hours of sleep, frequently sharing his findings with law enforcement.
He eventually identified two suspects—twenty-somethings Malone Lam and Jeandiel Serrano (another suspect was confirmed but not named due to lack of arrest or charges). ZachXBT even obtained a video allegedly showing one suspect’s screen, capturing the moment they celebrated their unexpected windfall after completing the theft.
During this whirlwind investigation, he traced the suspects’ activities on Instagram and TikTok, noting lavish purchases, including luxury cars and private jets, and nightclub spending of up to $500,000 in one night. Less than a month after receiving the initial alert, two of the suspects were arrested and faced criminal charges.
When ZachXBT saw one suspect’s booking photo, he felt a brief rush of adrenaline, quickly overshadowed by a sense of normalcy. “I don’t feel particularly accomplished,” he reflected. “I just treat it like any other case.”
A Public Service Crypto Detective
For ZachXBT, tracking a $243 million theft might seem like just another day at the office. Over the past three years, he has become one of the most active independent cryptocurrency detectives in the world. Since starting amateur investigations in 2021, he has tracked billions of dollars in stolen funds and scams.
According to spreadsheets he shared with Wired, his investigations have directly helped recover around $210 million in stolen cryptocurrency, with an additional $225 million confiscated, while he has indirectly assisted victims in reclaiming some of their losses. He has exposed influencers promoting tokens through “pump and dump” schemes, traced the masterminds behind large-scale cryptocurrency thefts, and revealed North Korean hackers’ multiple attacks on crypto firms, even infiltrating these companies as employees.
Throughout this journey, he has primarily relied on cryptocurrency donations to sustain his operations, including funding from crypto organizations and contributions from strangers through addresses listed on his social media. Since 2021, he has raised approximately $1.3 million. “He represents a new generation of investigators serving the public,” said Joe McGill, an analyst with the U.S. Secret Service who has collaborated with ZachXBT. “His success hinges entirely on the success of his investigations.”
Despite his growing prominence as a crypto detective, ZachXBT has maintained his anonymity. Online, he only presents a cartoon image of a platypus in a detective coat or sometimes wearing a hoodie. To avoid retaliation from crypto criminals, he has never revealed his real name or exact age and only agreed to an interview with Wired under the condition that his identity would remain concealed.
McGill recalls that in early conference calls, ZachXBT not only turned off his camera but also used a voice changer app that sometimes made him sound like a character from South Park or a low, horror movie-style voice. “It felt strange at first,” McGill said, then working at the crypto tracking company TRM Labs, “but I respected his privacy because this anonymous guy has done remarkable work.”
Nick Bax, founder of the crypto investigation company Five I’s, noted that ZachXBT frequently uncovers crypto scams and thefts faster than law enforcement, leading to jokes that he might be a robot. “He’s like a machine,” Bax recalled. Last year, during their investigation of a $60 million theft from the AnubisDAO crypto project, Bax provided ZachXBT with a list of 500 transactions that needed manual analysis and correlation with related blockchain addresses.
“I thought it would keep him busy for days,” Bax said. But by the next afternoon, ZachXBT had sorted all the transactions and identified which were related to the theft. “I was shocked; he must have been sitting in front of his computer for 12 hours straight.”
Many of ZachXBT’s findings are shared directly on his X account. However, over time, his investigations have attracted more attention from law enforcement—he often shares his findings with multiple agencies before posting. As a result, an increasing number of criminals are facing real consequences for their actions.
“As Zach’s influence grows, so do the economic and legal repercussions,” said Taylor Monahan, a security researcher at the cryptocurrency firm MetaMask and one of ZachXBT’s closest collaborators, including on the $243 million theft case. “If Zach posts an investigation about someone and it’s solid, that person is likely to get arrested.”
From Victim to Whistleblower
So how does ZachXBT, without formal training or organizational support, track and expose crypto crimes faster than law enforcement’s crypto investigators? Even he isn’t entirely sure. “That’s a tough question to answer.
I don’t know why I’m good at it,” he told Wired. He attributes his success to a willingness to work around the clock—after all, the crypto market never sleeps—and his familiarity with blockchain transactions accumulated through years of research. “The more time you spend studying the blockchain, even while eating, sleeping, or breathing, the clearer it becomes over time,” he said. “You start to see those connections. I can look at a wallet and tell within seconds if it’s a bad actor.”
ZachXBT’s expertise stems from his years as a crypto enthusiast and trader, having once been a victim himself. In 2017, he naïvely purchased thousands of dollars’ worth of tokens, which later plummeted in value—often due to so-called “pump and dump” schemes where the creators sold off their holdings after inflating prices, leaving remaining investors with worthless assets. “I thought, ‘This is going to change the world.’ I held these tokens and never sold,” ZachXBT recounted. “In the end, I was the one who got scammed.”
By 2018, not only had these investments collapsed, but ZachXBT’s Electrum wallet was also hacked due to a malicious update, leading to a further loss of nearly $15,000. At that point, he decided to step back and reassess his strategy. He began analyzing blockchain transactions instead of merely buying and holding tokens, observing how more successful investors traded and attempting to mimic their strategies.
Through this analysis, by 2020, he had become skilled enough to spot scams in progress that ordinary investors would miss. He would see influencers promoting a particular crypto asset to thousands of followers, inflating its price, then track their funds on the blockchain, discovering they were selling their holdings immediately after promoting it—a classic “pump and dump” scenario. “It felt more like being a whistleblower,” ZachXBT said. “I’d notice these activities and think, ‘This reminds me of when I got scammed in 2017 and 2018. Why not post about it?’ And those posts gained traction.”
When the NFT craze hit later that year, ZachXBT began scrutinizing NFT projects like Bored Bunny and Billionaire Dogs Club, revealing where the funds flowing into these projects actually went. NFT sellers could often raise millions simply with a few cartoon images, promising buyers exclusive perks like access to events or club memberships. However, through blockchain analysis, ZachXBT discovered that sellers were merely pocketing the funds. Occasionally, he would find that an NFT seller was merely a rebranded version of a previously proven scam.
Some of ZachXBT’s posts about NFT sellers successfully deterred
potential buyers, leading to substantial losses for the scammers. This, in turn, drew the ire of various crypto influencers and scammers alike, who began mocking him online or attempting to undermine his investigations. “People in this space don’t like when you expose their scams,” ZachXBT remarked.
In 2021, after an influencer faced scrutiny for promoting a suspected scam token, he began receiving messages about other possible scams and thefts, marking a pivotal moment in his career. “People started to reach out to me, saying, ‘Hey, I think this is a scam. Can you look into it?'” he recounted. Since then, he has been inundated with messages asking for assistance, either from people who have fallen victim to scams or from those who suspect ongoing thefts.
Though he appreciates the attention he receives, he emphasizes that his main goal is to assist victims rather than to seek fame. “I want to help people and expose bad actors in the space. That’s my focus,” he insisted. “The larger narrative in the crypto industry is that everyone is a scammer, and it shouldn’t be that way.”
Conclusion
In a rapidly evolving cryptocurrency landscape rife with scams and thefts, ZachXBT’s relentless commitment to uncovering fraud has made him a beacon of hope for many victims. While remaining shrouded in anonymity, he continues to demonstrate that one individual can indeed make a difference in a world often characterized by deception and distrust.
As the boundaries between law enforcement and private investigation blur, the crypto community looks to him as a modern-day Robin Hood, seeking to restore justice one case at a time.
-
-
-
-
-
-
-
-
