ZachXBT has uncovered a significant Bitcoin theft of an OG Bitcoiner who lost 3,520 BTC in a social engineering attack. Worth $330 million, it is one of the biggest single-wallet robberies in cryptocurrency history. The case highlights human weakness and difficulties in tracking privacy coins. The investigators, such as ZachXBT, followed the laundering trail and found suspects, but most of the stolen money is still unrecovered.
The Social Engineering Trap
The OG Bitcoiner, a senior U.S. citizen, had possessed the funds since 2017 with little movement. Attackers likely employed phishing or impersonation strategies to deceive the victim into exposing private keys or seed phrases. ZachXBT pointed out that the scam aimed at specifically older security habits. Even with an enormous fortune, the OG Bitcoiner allegedly didn’t have multi-factor protection or wallet segmentation.
ZachXBT Tracks the Laundering Technique
On April 28, 2025, the stolen Bitcoin was transferred in two rapid transactions. Attackers employed “peel chains,” splitting large amounts into smaller amounts and spreading them across more than 300 wallets. These were channeled through 20 exchanges, with Binance among them. ZachXBT assisted in identifying this laundering scheme and highlighted the attackers’ attempt to obscure the trail at each point.
Key Suspects
ZachXBT and other researchers associated the operation with two suspects. The first, known as ‘Nina/Mo,’ is a Somalian citizen operating a phishing scam call center in Camden, UK. The second, ‘W0rk,’ dealt with technicalities like phishing site setup and wallet establishment. Both suspects deleted their social media accounts following the public discovery, which made it more difficult for officials to track them down.
OG Bitcoiner Funds Moved Into Monero
The attackers converted large amounts of the stolen Bitcoin into Monero (XMR), an anonymous cryptocurrency. This hid the fund movements and artificially increased Monero’s price by 12.85% to $311.09 temporarily. The volume was soaked up by decentralized exchanges and automated market makers (AMMs), preventing volatility. The conversion, however, made blockchain forensics impossible after that.
ZachXBT Helps with Partial Recovery
Assisted by Binance’s compliance unit, ZachXBT and other crypto sleuths followed the money to exchange-controlled wallets totaling approximately $7 million. Binance froze this amount by correlating Know Your Customer (KYC) information and IP addresses. Although it retrieves only 2.1% of the loot, it is a singular success in thefts involving privacy coins.
Conclusion
The hack shows that even OG Bitcoiners can get compromised due to old security. ZachXBT’s work also highlights the potential for collaboration between blockchains investigators and exchanges. Future long-term holders need to implement better custody technology such as hardware wallets, MFA, and whitelisted addresses. Regulators should also review privacy coin policy to find a balance between financial privacy and anti-money laundering.
ZachXBT’s work highlights the way that decentralized justice in crypto is changing—but when Bitcoin turns into Monero, recovery opportunities disappear. In a system where there’s no trust, human error still costs the most.
