Three individuals executed a $243 million crypto theft from a single Genesis creditor in August, employing advanced social engineering tactics, according to blockchain investigator ZachXBT. The perpetrators, identified as Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano), orchestrated a multi-step attack that compromised the victim’s personal and exchange accounts.
On Aug. 19, the attackers initiated contact by impersonating Google Support through a spoofed phone number, successfully gaining access to the victim’s personal accounts. Following this, they posed as Gemini support representatives, convincing the victim that their exchange account was compromised. They manipulated the individual into resetting two-factor authentication and transferring funds to a wallet under their control.
The attackers further exploited the situation by persuading the victim to use AnyDesk, a remote desktop application. This allowed them to access the victim’s screen and extract private keys from Bitcoin Core, leading to the theft of a substantial amount of Bitcoin. Transaction hashes provided by ZachXBT include a transfer of 4064 BTC on Aug. 19 at 4:05 A.M. UTC, recorded under hash 4b277b…fbe9090.
A private video obtained by ZachXBT shows the threat actors reacting in real time upon receiving $238 million. Initial blockchain tracing revealed that the $243 million was quickly divided among the parties involved. The funds were dispersed across over 15 exchanges, rapidly converted between Bitcoin, Litecoin, Ethereum, and Monero to obfuscate the trail.
One of the individuals, Wiz (Veer Chetal), reportedly received a significant portion of the stolen assets. According to ZachXBT, Chetal inadvertently revealed his full name during a screen-sharing session amid the theft. Further evidence was gathered as accomplices referred to him as “Veer” in both audio recordings and chat messages. Approximately $34.5 million of his funds are currently located in the Ethereum wallet 0x3c7a5f2795e73d2b94a9120a643f608cfc45c935.
The sophisticated nature of the attack highlights the evolving tactics used by cybercriminals in the crypto space. Social engineering remains a potent tool, exploiting human vulnerabilities rather than technical flaws. The incident highlights the necessity for enhanced security measures and user vigilance, even among experienced participants in the crypto industry.
ZachXBT’s investigation has contributed to multiple arrests and the freezing of millions in assets. The collaborative efforts between blockchain analysts and law enforcement demonstrate the increasing effectiveness of tracing illicit activities on the blockchain. As reported by ZachXBT, the incident serves as a stark reminder of the risks associated with digital assets and the importance of robust security protocols.
The victim was not named, but notably, Mark Cuban’s Google account was compromised using a similar technique in June. He posted,
“Hey @google @sundarpichai. I just got hacked at my [email protected] because someone named noah at your 650-203-0000 called and said I had an intruder and spoofed recovery methods[…] If anyone gets anything from [email protected] after 3:30pm pst it’s not me.”
Cuban is a known crypto advocate and ultra-high-net-worth individual. Cuban’s Google account was recovered within 24 hours. However, no information has been released to indicate Cuban was the victim of the crime.