
Key Points
- ZachXBT Bitcoin theft freeze recovers $7M from $330M heist
- Two suspects identified: ‘Nina/Mo’ and ‘W0rk’
- Elderly whale targeted using social engineering
- Over $300 million still unaccounted for
In a swift move, blockchain sleuth ZachXBT and collaborators have frozen $7 million, which is linked to a staggering $330 million Bitcoin theft. The victim? An elderly crypto whale with holdings across multiple exchanges. The theft, which unfolded on April 28, has shocked the crypto community due to its scale and unusual tactics.
According to ZachXBT, two suspectsโidentified as ‘Nina/Mo’, a Somalian running a call scam center in Camden, UK, and an accomplice known as ‘W0rk’โwere central to the operation. Both have since wiped their social media presence, but the investigation is pressing forward.
Update: So far $7M+ has been frozen with the help of @CFInvestigators, @tanuki42_, Binance Security team, and myself.
โ ZachXBT (@zachxbt) May 2, 2025
ZachXBT credited the freeze to joint efforts from CF Investigators, tanuki42_, Binanceโs Security team, and other community members. Despite recovering $7 million, a massive $323 million remains missing.
“This wasnโt a typical hack,” ZachXBT revealed. “The attackers used advanced social engineering to bypass multiple security layers, making most defenses useless.”
Update: It is confirmed to be a social engineering theft from an elderly individual in the US.
โ ZachXBT (@zachxbt) April 30, 2025
The suspects reportedly laundered part of the stolen funds through Monero, generating such significant trade volume that it briefly impacted the coinโs price.
Elderly whaleโs assets targeted through social engineering
The victim, described only as an elderly individual from the U.S., had amassed substantial Bitcoin holdings through what ZachXBT called “interesting methods.” He has declined to provide further details about how these assets were acquired.
Whatโs clear is that the attackers exploited personal data leaks, a tactic that has become increasingly common. Similar methods were used last month to target Binance users, although that incident was unrelated.
thatโs how you know itโs likely a theft
>longtime Bitcoin holder
>is a Gemini, River, Coinbase, etc user
>$330M suddenly moved today and transferred in small increments to instant exchanges, creating hundreds of orders
>gonna lose multiple 7 figs to fees / inefficient forโฆโ ZachXBT (@zachxbt) April 28, 2025
ZachXBT and his team acted quickly once the theft came to light. With Binanceโs direct involvement, they managed to freeze some of the stolen funds before they could be fully laundered. However, the majority of the $330 million remains at large, raising concerns across the industry.
Community members have praised the transparency and speed of the response. Yet, the case also highlights the growing threat of social engineering attacks, especially against older, wealthier crypto holders.
Usually they find targets from private crypto related dbs (exchanges, services, etc)
โ ZachXBT (@zachxbt) April 30, 2025
For those watching broader market movements, these incidents come at a time of Bitcoin price surge, which may have increased the appeal of targeting large Bitcoin holders.
Crypto scams rising amid shifting market trends
The $330 million ZachXBT Bitcoin theft is just the latest in a string of high-profile crypto scams. As the market matures, both institutional and individual players face increasing threats.
Some scams are tied to Ether memecoin trading firms, while others exploit newer tokens like the Move Token, which recently suffered a price drop amid controversy. Even legitimate projects, such as Sky Token, have had to implement major upgrades to improve security and user trust.
The situation also reflects a wider industry challenge. Even large corporate players like MicroStrategy have faced setbacks, as seen in their recent Q1 loss.
As the investigation continues, ZachXBTโs work serves as both a warning and a blueprint for how to respond swiftly to theft in the crypto space.