Polymarket loses $700,000 to private key compromise
Crypto sleuth zachxbt identified that "A Polymarket admin address appears to have been compromised on Polygon", writing that $520,000 had been drained as of the time of his post. The theft ultimately amounted to around $700,000, and Polymarket confirmed that a "wallet used for internal top-up operations" had been compromised. They did not provide further details as to how the compromise happened, though the company's VP of Engineering later said that the private key was six years old and that all private keys would be replaced with a managed key going forward.
RaveDAO accused of pump-and-dump as token crashes 98%
Binance and BitGet have confirmed they are investigating allegations that RaveDAO orchestrate a pump-and-dump to push its RAVE token price from around $0.25 to more than $27 over the past few weeks, before the token price plummeted back down to $0.66. Concerns were first raised by blockchain investigator zachbxt, who called on the exchanges to investigate. He later wrote, "While it's good the exchanges responded, I find it unlikely this activity wasn't spotted internally before I raised it publicly."
RaveDAO describes itself as a "community-driven global rave powerhouse", and sells NFT tickets to rave events.
RaveDAO has denied any responsibility for the recent price movements, but did not address allegations of enormous token concentration with the project's team or large transfers to exchanges around the time of the price jump.
Thief of millions in seized U.S.-controlled crypto alleged to be government crypto contractor's son
Two crypto thieves decided to settle an argument over who was wealthier by screensharing as they transferred crypto between wallets to prove ownership. In doing so, one of them — known online as "Lick" — revealed a wallet address that crypto sleuth zachxbt quickly tied to the theft of around $40 million from US government wallets containing seized crypto assets, including a $20 million theft zachxbt reported in October 2024. Lick's wallets contained around $90 million in total, including the stolen government assets and those stolen from other victims.
zachxbt has alleged that "Lick" is a man named John Daghita. After reporting Daghita's identity, "Lick" appeared to try to scrub his Telegram account, then dusted zachxbt's public crypto wallet from one of the theft addresses.
Daghitia is reportedly the son of Dean Daghita, the owner of Command Services & Support (CMDSS). In October 2024, CMDSS landed a contract with the US Marshals to manage seized crypto assets, which is still active. After zachxbt linked the younger Daghita to his father and CMDSS, CMDSS also scrubbed its online presence. Around that time, Lick began trolling zachxbt again, and later sent 0.6767 ETH (~$1,900) of the stolen funds to zachxbt.
CMDSS' website boasts that they are "a proven provider of mission-critical services to the Department of Defense and Department of Justice".
Crypto holder loses $283 million to scammer impersonating wallet support
A crypto holder has lost $282 million in bitcoin and litecoin after a scammer impersonating a customer support employee for the Trezor hardware wallet manufacturer successfully convinced them into revealing their seed phrase. After gaining access to the assets, they quickly swapped them to the Monero privacycoin. The volume of assets was so large that the Monero price spiked as the scammer laundered the finds. The scammer also swapped assets using the THORChain project, which boasted on social media about the "World record speedrun. ⚡️" (presumably without realizing they were bragging about a thief using their project to launder money).
Around $700,000 of the stolen assets were frozen thanks to intervention by a security firm called ZeroShadow, although this represents only 0.2% of the total loss.
GANA Payment hacked for $3.1 million
An attacker stole approximately $3.1 million from the BNB chain-based GANA Payment project. The thief laundered about $1 million of the stolen funds through Tornado Cash shortly after. The attacker was able transfer ownership of the GANA contract to themselves, possibly after a private key leak.
The theft was first observed by crypto sleuth zachxbt. Not long after, the project acknowledged on its Twitter account that "GANA's interaction contract has been targeted by an external attack, resulting in unauthorized asset theft."
Garden hacked for $11 million
The Garden bitcoin bridge suffered a roughly $11 million loss after one of its solvers was compromised. These solvers essentially act as market makers for the protocol. Some blockchain sleuths have questioned whether the affected solver, which Garden described as a separate entity, may actually be operated by the same team as Garden.
There wasn't much sympathy to be had for Garden after this exploit. The protocol had recently announced hitting a milestone of bridging more than $2 billion in assets, but the celebration was criticized after zachxbt pointed out that a substantial portion of the bridged funds were proceeds of crimes being laundered to evade detection and recovery.
SBI Crypto likely suffers $21 million theft
Crypto sleuth zachxbt observed $21 million in "suspicious outflows" from SBI Crypto, a crypto mining subsidiary of the Japanese SBI Group. The money was quickly laundered through instant exchanges and Tornado Cash, in ways zachxbt observed were similar to tactics of North Korean crypto thieves.
SBI Crypto has not made any public statements addressing the apparent theft.
Crypto exchange BitoPro belatedly discloses $11.5 million hack
The Taiwanese cryptocurrency exchange BitoPro disclosed that they had suffered a theft from one of their hot wallets, which they said occurred during a system upgrade in which they were transferring assets between wallets.
The theft was originally noticed by crypto sleuth zachxbt, who observed a suspicious transfer of around $11.5 million in crypto assets on May 8. The funds sold on decentralized exchanges and then laundered through various cryptocurrency mixing services.
BitoPro originally only told customers that the platform was offline for "maintenance", but disclosed the theft on June 2 after zachxbt published his findings.
- Telegram post by zachxbt [archive]
- Telegram announcement by BitoPro (in Chinese) [archive]
$330 million in Bitcoin apparently stolen; laundering spikes Monero price by over 40%
3,250 BTC (~$330 million) were apparently stolen from a bitcoin holder and then quickly moved through multiple exchanges and swapped for the Monero privacycoin. Such a massive swap into Monero was apparently enough to cause the Monero price to spike from around $230 to as high as around $330, before retracting somewhat.
Coinbase customer loses $35 million in bitcoin theft
A Coinbase customer reportedly lost 400 BTC (~$35 million) in a scam identified by blockchain sleuth zachxbt. While investigating the massive theft from the single customer, he also observed at least $11 million in thefts from various other Coinbase customers throughout March.
zachxbt has previously accused Coinbase of not doing enough to protect customers from hundreds of millions of dollars in scams, and he noted that in these cases, Coinbase had not marked the thief wallets as malicious in various cryptocurrency compliance tools.
- Telegram post by zachxbt [archive]