Investigation on a $243M theft from last month which lead to multiple arrests and $9M+ frozen.

An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen.

Incident Summary: On August 19, 2024 the threat actors targeted a single Genesis creditor by:

1) Calling as Google Support via spoofed number to compromise personal accounts
2) Calling after as Gemini support claiming account is hacked
3) Social engineered victim into resetting 2FA and sending Gemini funds to compromised wallet
4) Got victim to use AnyDesk to share screen and leaked private keys from Bitcoin core.

Gemini txn hash
59.34 BTC – Aug 19 at 1:48 am UTC
e747b963a463334c164b0a8fff844f73693272bb2b331adbe2147d70ec196360
14.88 BTC – Aug 19 at 2:30 am UTC
7c7ebed785f0b4d4335d559b14b8215862fbe29db329e3ee0f2a7e64a16ce9e3

An initial tracing showed $243M split multiple ways between each party before funds quickly peeled off to 15+ exchanges immediately swapping back and forth between Bitcoin, Litecoin, Ethereum, and Moner

Related Posts

April 29, 2024

How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020–2023

February 16, 2023

Loyalist: $4m stolen from over 400 victims

November 1, 2022

Gone phishing for $5m