Meet ZachXBT: Crypto’s Anonymous Scam-Busting Detective

Meet ZachXBT: Crypto’s Anonymous Scam-Busting Detective

Summary: Since 2021, ZachXBT has been the digital alias of a self-taught blockchain investigator renowned for uncovering nearly all major crypto scams, tracing stolen funds, and holding perpetrators accountable.

Through onchain analysis and social media sleuthing, he has helped track over $200 million across 25+ crypto hacks, exposed billion-dollar hacks linked to groups like Lazarus, and led to arrests worldwide.

Supported by community donations and bounties exceeding $410,000, ZachXBT remains crypto’s most trusted and relentless watchdog, shining light on fraud in an often opaque niche.

Who is ZachXBT?

ZachXBT is a pseudonymous blockchain investigator who gained fame on crypto Twitter for exposing scams, frauds, and bad actors in crypto. Through meticulous research and onchain analysis, he shares detailed X (Twitter) threads revealing shady token launches, NFT rug pulls, and cyber exploits.

Despite operating independently and without revealing his identity, ZachXBT’s investigations have led to the recovery of hundreds of millions in stolen crypto. His findings have also contributed to actual legal consequences, including arrests and asset seizures tied to online fraudsters.

He remains anonymous and is often depicted as a cartoon platypus in a trench coat, an avatar that has become symbolic of his presence. This anonymity serves both as a shield for personal safety and as a defining feature of his role as crypto’s unofficial, self-made detective.

ZachXBT

ZachXBT's Origin Story

ZachXBT’s journey into crypto began like many of us: with optimism and some hard lessons learned along the way. In the 2017 ICO boom, he was a regular crypto user who bought into hyped tokens and NFT projects, only to watch many disappear in classic rug pulls.

A wallet hack in 2018 cost him around $15,000, leading to a personal low that would shift his focus. Instead of walking away, he began analyzing blockchain data in detail, learning to trace wallets, follow money flows, and uncover how crypto scams actually operate.

His first major investigation came in early 2022, when he traced funds stolen through phishing scams targeting crypto users on Twitter. By combining on-chain data with Discord and Telegram intel, he identified teen scammers, leading to an FBI crypto seizure and marking his investigative debut.

ZachXBT Origin Story

How Does ZachXBT Investigate Scams?

To reveal crypto scams, ZachXBT uses a layered approach that incorporates blockchain forensics with open-source sleuthing to trace stolen funds, unmask bad actors, and connect scams across time.

Here’s how that process typically breaks down:

  • Blockchain analysis: He traces token flows using tools like Etherscan, Arkham, and Breadcrumbs, following transfers across wallets, exchanges, and mixers to map fund movement.
  • Smart contract tracking: He inspects scam contract deployments, checking for reused bytecode, recycled deployer wallets, and suspicious funding origins.
  • Wallet clustering: He connects addresses through shared gas funding, synchronized transaction patterns, and common endpoints like Binance or Coinbase.
  • Social media intelligence: He correlates wallet activity with messages, usernames, and timestamps on Twitter, Telegram, and Discord to identify recurring players.
  • Influencer monitoring: He tracks wallets tied to public figures, comparing promo posts to token buys and sell-offs to expose coordinated cashouts.
  • Identity linkage: He uses domain registrations, court filings, and breached databases to connect blockchain activity to names, emails, or other identifiers.
  • Case presentation: He assembles findings into X threads with annotated screenshots, token trails, and timestamped receipts; often handing them to law enforcement before going public.

Major Investigations and Scams Exposed by ZachXBT

ZachXBT’s track record since 2021 includes tracing billions in illicit crypto flows and directly helping recover over $200 million in stolen assets. His investigations span NFT rug pulls, phishing rings, DeFi exploits, and influencer-led pump-and-dump schemes.

1. Pixelmon NFT Rug Pull (Feb 2022)

This high-profile NFT project raised $70 million promising a Pokémon-style game, only to deliver embarrassingly low-quality art and no roadmap. ZachXBT traced hundreds of ETH diverted into a multi-sig wallet and used to purchase blue-chip NFTs rather than build the game.

  • Scam amount: Roughly $70 million in ETH raised from 7,750 investors.
  • Key facts: Funds moved to unrelated wallets; 400 ETH spent on Azukis and Bored Apes.
  • Result: Lead dev publicly apologized; pledged $2 million toward redesign but trust was lost.
Pixelmon NFT Rug Pull

2. BAYC Phishing Ring (Aug-Oct 2022)

A fake site promising “animated apes” tricked Bored Ape holders into signing transactions, draining millions in NFTs from victims. Zach mapped the wallet flows, traced suspects, and helped spark an international investigation.

  • Scam amount: Over $2.5 million in stolen NFT assets.
  • Key facts: Operation tied to five suspects aged 19-24; ran across multiple phishing domains.
  • Result: Arrests made in France; police credited Zach’s data as instrumental to the case.
BAYC Phishing Ring

3. Influencer Pump-and-Dumps (Sept 2022)

In a 17-part exposé, Zach detailed how crypto influencers like Lark Davis received private token allocations, hyped them publicly, and sold for massive profit without disclosure. The thread broke down eight cases totaling over $1.2 million in gains.

  • Scam amount: At least $1.2 million in combined influencer profits.
  • Key facts: Wallet evidence aligned with promo tweets; some dumps happened within minutes.
  • Result: Public backlash and increased scrutiny of paid crypto endorsements.
Influencer Pump-and-Dumps

4. Machi Big Brother (Jeff Huang) Exposé (2022-2023)

Zach published a detailed report alleging that Jeff Huang withdrew 22,000 ETH from a treasury wallet linked to one of his past projects. The post outlined a broader pattern of sketchy ventures and missing funds tied to Huang’s name.

  • Scam amount: 22,000 ETH (~$17 million) allegedly misappropriated.
  • Key facts: Article highlighted failed projects, shadowy team members, and repeated fund outflows.
  • Result: Huang sued for defamation but later dropped the case; Zach stood by his findings.
Machi Big Brother (Jeff Huang) Exposé

5. Other Notable Investigations

ZachXBT’s work extends far beyond high-profile headlines; he has uncovered dozens of smaller yet highly damaging schemes across NFTs, DeFi, phishing, and insider abuse.

  • Rogue Society Soft Rug (Apr 2022): He identified the anonymous founder behind a slow-drain exit scam where funds were siphoned gradually before the project shut down.
  • Logan Paul Token Promotions (2022): He revealed that Logan Paul promoted tokens like Elongate and Dink Doink while profiting over $100,000, without disclosing holdings or timing of sales.
  • BitBoy Crypto Paid Shills (2022): He exposed Ben “BitBoy” Armstrong for accepting $2,500 to $40,000 per project to promote tokens and NFTs, many of which turned out to be scams.
  • Boneheads NFT Rug Pull (2022-2023): He exposed a $3.1 million NFT scam where the team vanished post-mint, spending funds on luxury NFTs, which later led to a Canadian class-action lawsuit.
  • DeGods NFT Phishing Recovery (May 2023-Feb 2024): He investigated the theft of a 99 ETH DeGods NFT, traced the attacker’s wallet, and helped recover most of the stolen value for the victim.
  • $243M Bitcoin Heist (Aug-Sep 2024): He traced 4,064 BTC stolen in a sophisticated social engineering attack, identified the perpetrators, helped freeze $9 million, and contributed to two arrests in the U.S.
  • Coinbase Phishing Support Scam (2024-2025): He traced a $4 million scam led by Christian “Daytwo” Nieves, linked stolen funds to gambling, and identified over 30 additional victims.
Coinbase Phishing Support Scam

ZachXBT and Lazarus Group

ZachXBT has been instrumental in tracing funds tied to Lazarus Group, the North Korean hacking unit behind several major crypto exploits. His involvement gained traction in 2022 as Lazarus began targeting cross-chain bridges and DeFi infrastructure.

In mid-2022, he analyzed transactions from the $100 million Horizon Bridge hack, uncovering how funds were funneled through Tornado Cash and dispersed across newly created wallets. He published visual breakdowns showing how Lazarus moved assets across blockchains to avoid detection.

By early 2024, Zach had mapped out laundering activity related to the $625 million Ronin Bridge exploit, linking fresh wallets to prior Lazarus movements. His work helped raise awareness of how DeFi tools were being weaponized by state-affiliated actors to bypass sanctions and obscure stolen crypto.

ZachXBT Net Worth

ZachXBT has no confirmed net worth and publicly denied a $250 million claim, explaining it was based on a misattributed exchange wallet. His actual income stems from community donations, legal crowdfunding exceeding $1 million, and bounties for high-impact investigations.

In 2024, he earned a $150,000 bounty from Arkham for exposing Martin Shkreli as the creator of Donal Trump-linked DJT, $31,500 for linking Lazarus Group to the Bybit hack, another 5000 $ARK for tracing the WazirX breach, and 150,000 OP tokens from Optimism RetroPGF distribution.

ZachXBT Net Worth OP Tokens

ZachXBT Challenges and Controversies

It hasn’t all been wins and praise for ZachXBT. Being crypto’s most visible onchain investigator has drawn legal fire, community scrutiny, and even taunts from the very criminals he exposes.

Here are some of the most notable challenges he’s faced:

Final Thoughts

ZachXBT’s rise from an anonymous crypto user to the industry’s most trusted scam tracker is nothing short of cyber folklore. With no formal training, he’s solved cases worth hundreds of millions using nothing but curiosity, blockchain data, and relentless precision.

His work reminds us that even in the chaos of crypto, accountability is possible when someone is willing to follow the trail. As long as scams exist onchain, ZachXBT will be there to expose them… one thread at a time.

Frequently asked questions

How does ZachXBT fund his investigations?

What tools does ZachXBT use to investigate scams?

Why does ZachXBT stay anonymous?

Does ZachXBT collaborate with law enforcement?

What impact has ZachXBT had on the crypto space?

Written by 

Antony Bianco

Head of Research

Antony Bianco, co-founder of Datawallet, is a DeFi expert and active member of the Ethereum community who assist in zero-knowledge proof research for layer 2's. With a Master’s in Computer Science, he has made significant contributions to the crypto ecosystem, working with various DAOs on-chain.