zachxbt

On-chain detective ZachXBT released an investigative report on Circle, stating that since 2022, the company has faced issues of "poor compliance enforcement" in multiple incidents involving illegal funds, with a total amount exceeding $420 million.The report points out that Circle, as the issuer of USDC, has always been known for its regulated and well-compliant system. Its token contracts also have the functionality to freeze and blacklist addresses, and it explicitly reserves the right to restrict suspicious accounts in its terms of service. However, these mechanisms were not used timely and effectively during several major security incidents.The report highlights the attack on Drift Protocol on April 1, 2026, where approximately $280 million in assets were stolen. The attacker used Circle's own cross-chain bridge CCTP to transfer over $232 million USDC from Solana to Ethereum within 6 hours, but no assets were frozen during this period. Similar situations occurred in attacks on SwapNet, Cetus Protocol, and Mango Markets, where in some cases, even after law enforcement and industry experts issued freeze requests, Circle still did not take timely action, and even processed the situation only after the assets had been transferred.Additionally, the report noted that in the money laundering investigation involving the hacker group Lazarus Group, Circle's response was significantly slower compared to other stablecoin issuers (such as Tether, Paxos, etc.). In some cases, freeze operations were delayed for several months. Similar delays were also seen in the Ledger supply chain attack and the GMX attack, where USDC remained in suspicious addresses for several hours or even longer without being frozen.ZachXBT stated in the report that this disclosure does not negate the value of Circle's products or the stablecoin itself, but emphasizes that its compliance enforcement decisions have caused "real and significant losses" to the industry.He pointed out that over the past three years, due to multiple failures to act in a timely manner, the DeFi ecosystem has accumulated losses reaching nine figures, and the $420 million is only a conservative estimate of publicly known cases, with the actual scale potentially being higher.

Renowned on-chain detective ZachXBT has once again criticized Circle, stating that the Drift hacking incident occurred during U.S. trading hours, with millions of USDC transferred from Solana to Ethereum via CCTP (Circle's cross-chain protocol), while Circle remained inactive and took no action.A few days ago, Circle casually froze at least 16 corporate hot wallets, which are still slowly being unfrozen. ZachXBT concluded, "Circle is the bad actor in this industry."

According to a warning from on-chain detective ZachXBT, the Discord link for Trust Wallet (discord[.]gg/trustwallet) has been hijacked by hackers and currently points to a phishing server.ZachXBT reminds users not to join through the Discord link in official channels such as the official website, Telegram, or blog to avoid asset loss.

According to ZachXBT, an unidentified Kraken user is suspected of losing approximately $18.2 million due to a social engineering scam.The address involved started transferring funds from Ethereum to Bitcoin through the SafePal wallet and THORChain about 45 minutes ago.

ZachXBT stated on platform X that Circle has unfrozen ckUSDC (Dfinity bridge) and two hot wallets, including one starting with the address 0x00e. Currently, 5 out of the 16 wallets that were previously frozen have been unfrozen.It stated that after the confidentiality restrictions related to the civil case in New York are lifted, information about the plaintiffs, expert witnesses, and other relevant parties will be disclosed.

On-chain detective ZachXBT stated on platform X that Circle has unfrozen two previously frozen hot wallets, marked as "500 Casino" and "Whale." Previously, due to the address being frozen, users were unable to withdraw from a certain centralized exchange to the affected business hot wallets.ZachXBT pointed out that, currently, the basic details of the case, such as the plaintiff, expert witnesses, and why Circle did not raise any objections, have not been disclosed. Earlier reports indicated that ZachXBT stated Circle, under public pressure, had unfrozen one of the 16 USDC wallets that were blacklisted.

According to market news, a wallet address (0x6926408f55c4f322ebe1a3cc7e4fff380c5543df) under the Iranian cryptocurrency exchange Wallex (wallex.ir) has been simultaneously frozen by Circle and Tether.Several hours before the aforementioned address was frozen, Wallex began consolidating cryptocurrency assets scattered across multiple hot wallets on the Tron and Ethereum networks to the BNB Chain through several cross-chain bridges. Currently, approximately 2.49 million dollars in assets are stranded at the relevant address, remaining inactive.

On-chain analyst ZachXBT stated that Russian over-the-counter intermediary Aleksandr Khinkis (Aleks) has been accused of assisting a ransomware group in laundering money through a single cryptocurrency exchange account since July 2025. The related funds come from three suspected ransom payments, totaling 796 BTC, equivalent to over 4.7 million USD.On-chain forensics show that some of the Bitcoin was transferred to Avalanche via a cross-chain bridge, then split into about 75 transactions into his exchange deposit address 0xa756...06e. Additionally, approximately 16.6 million USD in related funds remains stored at the relevant addresses or platforms. ZachXBT stated that he has provided clues regarding the aforementioned addresses and fund flows to compliance and law enforcement agencies.

Renowned on-chain investigator ZachXBT released a report today stating that a Russian over-the-counter (OTC) broker named Aleksandr (Aleks) Khinkis is suspected of assisting ransomware groups in laundering over $4.7 million since 2025 through a single cryptocurrency trading platform account.The related funds involve three suspicious ransom payments, totaling approximately 796 bitcoins (BTC). The investigation shows that these funds were transferred in batches to his trading platform's deposit address (0xa756) after being bridged between Bitcoin and Avalanche, completing a total of 75 transactions from 2025 to 2026. Additionally, approximately $16.6 million is currently still held in Aave and is being gradually liquidated.ZachXBT pointed out multiple ransom transactions: a ransom payment of about 72 BTC in September 2025 was bridged to the related address; a ransom of about 164 BTC was also discovered in October 2025 and converted to approximately $3.8 million. Some related addresses were blacklisted by Tether in November 2025, and the subsequently frozen USDT was destroyed three weeks ago, indicating that law enforcement and compliance agencies have intervened.Earlier in 2023, this account was also involved in a ransom transaction of about 560 BTC, which was circulated through multiple intermediary addresses and trading platforms before being bridged back to the Avalanche network in 2024. Furthermore, the investigation pointed out that the source addresses of the related bitcoins have a high correlation with multiple ransomware addresses, suspected of serving as payment transit nodes. Although some funds remain dormant, ZachXBT warned that they may still be laundered in the future and urged victims to report related addresses promptly to freeze the funds.

On-chain detective ZachXBT disclosed today that a collaborative network consisting of at least 10 accounts is generating traffic on social platform X by creating panic-inducing content related to wars and ultimately directing it to cryptocurrency scam projects.This network acquires accounts with an existing follower base, frequently posts sensational "apocalyptic" content, and amplifies dissemination by having multiple secondary accounts retweet each other, quickly gaining millions of views and significant interactions. Investigations show that these accounts also utilize AI to generate fake personas, such as fabricating an "Asian version of Mario Nawfal" to enhance credibility. After gaining traffic, the relevant accounts promote fake airdrop events or cryptocurrency project scams, including a concentrated promotion of a pump-and-dump project named ORAMAMA on February 22, 2026, which is then no longer mentioned.On-chain data indicates that this operation has brought six-figure profits to the team behind it. Meanwhile, many genuine large accounts inadvertently engage in interactions through comments and retweets, further amplifying the content dissemination effect. ZachXBT warns that this combination model of "traffic farms + AI content + cryptocurrency scams" has become highly mature and is easily replicable. If similar mechanisms are exploited by higher-level organizations, their potential impact will far exceed the realm of financial fraud and may even evolve into a tool for public opinion manipulation.ZachXBT calls for platforms to strengthen regulation, implementing bans and legal accountability for such manipulative behaviors. He also advises users to carefully verify account histories and information sources before engaging in interactions to combat the increasingly rampant phenomenon of false content and "interaction bait."

defioasis.eth posted on platform X that over 3,630 Polymarket addresses placed bets on "Axiom" during the insider investigation by on-chain detective ZachXBT, with 56.2% of addresses achieving positive profits. Among the top 10 addresses with significant profits, 8 are considered insider addresses, collectively earning over $1.2 million, and these addresses have very few market transactions, sometimes just one.Three addresses made profits exceeding $100,000, each only trading in this single market, specifically:predictorxyz profited $411,600;0x054ec2f0ccfdae941886a3ed306635068c716639 profited $354,000;0xe56526b27b96f009b31ddb46558a134047bfce48 profited $144,000.Additionally, 47 addresses profited between $10,000 and $100,000, with a total profit of $1.34 million. In terms of maximum exit liquidity, 2 addresses lost over $100,000, with a total loss of $366,000; there are also 50 addresses that lost between $10,000 and $100,000, with a total loss of $1.239 million.

According to Lookonchain, the trader "predictorxyz" (possibly an insider) bet $658,000, believing that Axiom would be charged with insider trading. At that time, the odds were only 13.8%, and he netted $4.114 million.On-chain detective ZachXBT also found the deposit of $70,000 USDC into a newly created prediction market account suspicious, and thus investigated the funding source of the user "predictorxyz." ZachXBT stated that the related Solana address is an active user of Axiom, with the username "JustADegen" on Fomo. They have recently also bundled CRABS tokens, and it would be great if someone could help identify them.

According to monitoring by Lookonchain, many insiders have made huge profits by betting on Polymarket that ZachXBT will expose which cryptocurrency company is involved in insider trading. A total of 12 suspected insider wallet addresses have been identified, which have collectively profited $1.02 million.

According to on-chain detective ZachXBT, multiple employees of the cryptocurrency trading platform Axiom Exchange have been accused of exploiting internal tool access vulnerabilities to view sensitive user information and track private wallet activities since early 2025, allegedly engaging in insider trading. ZachXBT specifically pointed out that employee Broox Bauer is one of the individuals involved.Axiom was founded by Mist and Cal in 2024 and completed Y Combinator incubation in the winter of 2025, becoming one of the most profitable companies in the field, having generated over $390 million to date. ZachXBT stated that he was hired to investigate the platform's misconduct allegations after receiving reports.

Regarding the community users' question about whether the prediction market will no longer provide advance notice of investigation information, "on-chain detective" ZachXBT responded in a post on platform X that it will depend on the type of investigation, implying that they will not completely stop releasing investigation notices.Previously, ZachXBT announced that a report on insider trading would be released soon, which sparked widespread discussion in the community. Some believe that the parties under investigation, upon learning that they have been identified, could theoretically use this information to position themselves in the prediction market in advance, thus creating new insider trading. ZachXBT admitted that due to the involvement of multiple individuals in the case interviews, information leaks may be unavoidable.

On-chain detective ZachXBT posted on platform X, stating that due to the need to question many people during the investigation, the information regarding the crypto project related to insider trading planned for release on February 26 may have "inevitably" been leaked.In response to community users, ZachXBT also mentioned that he did not expect the prediction market to be so popular, nor did he anticipate that after his announcement, the prediction market would immediately launch related event contracts. He also noted that he had never experienced a single announcement tweet receiving 8 million views and 27,000 likes.Data from the Polymarket website shows that the event trading volume for "Which company will ZachXBT expose for insider trading" has surpassed $10 million, with Meteora currently at a 30% probability, ranking first; Axiom at an 18% probability, rising to second; and MEXC at a 15% probability, ranking third.

On-chain detective ZachXBT posted on platform X, stating that due to the need to interview many people during the investigation process, the information regarding insider trading in cryptocurrency projects planned for release on February 26 may have "inevitably" been leaked.In response to community users, ZachXBT also mentioned that he did not expect the prediction market to be so popular, nor did he anticipate that after his announcement, the prediction market would immediately launch related event contracts. He also noted that he had never experienced a single announcement tweet receiving 8 million views and 27,000 likes.Data from the Polymarket website shows that the event trading volume for "Which company will ZachXBT expose for insider trading" has surpassed $10 million, with Meteora currently at a 30% probability, ranking first; Axiom at an 18% probability, rising to second; and MEXC at a 15% probability, ranking third.