A Twitter user with the handle, @zachxbt recently helped a cryptocurrency investor recover $50,000 out of $240,000 worth of stolen funds. Zachxbt a self-named crypto ‘detective’ has become popular for tapping into on-chain data to expose cryptocurrency influencers who fail to disclose their investment in certain assets that they promote to their audience.
On this occasion, a crypto investor with the Twitter handle @0xfxnction was a victim of a hack and lost a total of 2349 SOL (appr. $240k at the time) on the Solana network. The investor took the case to his Twitter page last month, outlining different possible scenarios that could have caused the hack.
Yesterday morning at 1:30 AM, my wallet was compromised for 2349 $SOL.
First off, I know this is gone. Nothing can be done. Not looking to hunt it down or throw a pity party.
I’m more interested in learning what happened so it doesn’t happen again.
Let’s take a look 👇
— fxnction 🟠 (@0x_fxnction) April 19, 2022
The Twitter community drew the attention crypto ‘detective,’ Zachxbt who proceeded to investigate the theft. On Tuesday, Zachxbt shared the details of his investigation via a Twitter thread and has been able to recover $50,000 from the total funds stolen.
1/ Recently @0x_fxnction had his wallet compromised for $240k (2349 SOL). Shortly after my notifications blew up with people tagging me to investigate.
Here’s the story of where the funds went, how I was able to recover a portion of it, & who’s potentially behind the attack https://t.co/n16aRbszhd pic.twitter.com/toZXnxj1qH
— zachxbt (@zachxbt) May 3, 2022
Zachxbt traced the transactions made from the compromised wallet at the time of the hack through different wallets until it got sent to Wormhole Bridge, a gateway between Solana and other blockchain networks like Ethereum.
In this case, the hacker moved the funds to the Ethereum network, converting them from SOL to 40 ETH and 102,000 DAI. The funds were then deposited into Tornado, a privacy-preserving protocol for transactions on Ethereum.
However, the attacker left a trail. An address with the prefix 0xc7 withdrew the exact amount of ETH and DAI from Tornado Cash shortly after the earlier deposit. Following a trail of freshly withdrawn funds, Zachxbt learned that the funds were transferred to crypto exchange platforms ChangeNOW and LocalCoinSwap.
The funds sent to ChangeNOW were withdrawn by the hacker, but $50,000 sent to LocalCoinSwap were frozen in escrow after the platform was notified about the source of the funds.
Who was behind the attack?
Zachxbt noted that the attacker’s wallet address tagged “0xc7” is heavily tied to a wallet address owned by a user with the Twitter handle @CryptoNoah, who is an influencer known for making a lot of money from memecoin Saitama. This led Zachxbt to assume CryptoNoah to be the attacker or an associate of the attacker.
Efforts made to reach out to CryptoNoah proved futile until Tuesday. When Noah consented to a discussion, he noted that the wallet address under question was his, but he claimed he got scammed while trying to make an Amazon warehouse investment. But there was no proof to make his claim true. Further investigations are being carried out alongside the Federal Bureau of Investigation (FBI).
Stolen Crypto Funds Recovery
The nascent nature of the crypto space makes it a fertile ground for hackers. While significant sums continue to be stolen from targeted security breaches, some success has been reported in attempts to recover stolen assets..
An earlier report confirmed that popular cryptocurrency exchange Binance had recovered about $6 million worth of stolen funds associated with the recent hack of Axie Infinity, a popular blockchain gaming project. Overall, Changpeng Zhao (CZ), the CEO of Binance noted that the company has helped to recover over $200 million worth of stolen crypto funds.