On August 19, a young man in his twenties known online as ZachXBT was walking through an airport when a notification lit up his phone. A Bitcoin transaction, worth around $600,000, had just moved to a small cryptocurrency exchange. This was over ten times the usual transaction size on that platform—a potential red flag.
By the time he reached his gate, a second alert signaled another transfer: over $1 million. Then a third, for $2 million. Working quickly before his flight took off, ZachXBT traced the funds backward through one Bitcoin address after another. He soon identified the source: a crypto wallet that had held hundreds of millions in Bitcoin since 2012. Now, its funds were moving rapidly through high-fee exchanges—not the behavior of a long-term investor.
This looked like a major theft. In fact, it appeared that someone had stolen approximately $243 million in Bitcoin from a single victim, potentially the largest cryptocurrency theft from an individual ever recorded.
Once in the air and back online, ZachXBT continued mapping the flow of stolen funds as they moved across exchanges and swapping services. By the time his flight landed, he had identified three major streams of transactions and shared his findings with his hundreds of thousands of followers. Soon, a tipster reached out with information about the thieves’ identities.
Over the next week, ZachXBT worked around the clock, collaborating with law enforcement and identifying two of the primary suspects: Malone Lam and Jeandiel Serrano. Less than a month after that initial alert, both were arrested and charged.
To ZachXBT, it was all in a day’s work.
The People’s Crypto Detective
Tracking a quarter-billion-dollar theft might seem like a typical day for ZachXBT because, over the past three years, he has become one of the world’s most active independent crypto detectives. Since beginning as a hobbyist investigator in 2021, he has tracked billions in stolen and scammed cryptocurrency.
According to records he shared, his work has directly contributed to the recovery of approximately $210 million and assisted in the return of another $225 million. He has exposed influencers behind “pump-and-dump” schemes, tracked cybercriminals behind major crypto heists, and uncovered North Korean hacking campaigns targeting crypto firms.
He operates almost entirely on cryptocurrency donations, which have totaled around $1.3 million since 2021. “He’s a new generation of investigator. He works for the people,” said Joe McGill, a special agent with the US Secret Service who has worked with ZachXBT.
ZachXBT always works behind a mask. Online, he appears only as a cartoon platypus wearing a detective’s trench coat. To protect himself from retaliation, he has never revealed his real name, age, or location.
In early video calls, McGill recalled, ZachXBT not only kept his camera off but also used a voice modulator—sometimes sounding like a high-pitched cartoon character, other times adopting a deep, movie-villain tone. “It was strange at first,” McGill said, “but I respect his privacy. The work he does is incredible.”
How ZachXBT Operates
So how does a self-taught investigator routinely outperform law enforcement agencies? Even ZachXBT isn’t entirely sure. He credits his success to relentless effort—crypto markets never close—and years of experience analyzing public blockchain ledgers.
“The more you look, the more it becomes like eating, sleeping, breathing. Over time, it starts to make sense,” he said. “You begin to notice patterns. I can look at a wallet and within seconds tell you if it belongs to a bad actor.”
His familiarity with blockchain analysis grew out of his own experience as a crypto trader—and as a victim. Around 2017, he invested thousands in cryptocurrencies that eventually became worthless, often due to “rug pull” scams where developers abandon a project and cash out. Then, in 2018, he lost nearly $15,000 more when his Electrum wallet was compromised by a malicious software update.
That’s when he shifted his focus from investing to investigating. He began analyzing blockchain data to understand how successful traders operated—and to spot the scams others missed.
When the NFT boom took off in 2020, ZachXBT applied the same techniques to projects like Bored Bunny and Billionaire Dogs Club. He regularly uncovered evidence that developers were diverting funds or rebranding earlier failed schemes. In some cases, his reporting discouraged buyers and disrupted suspicious sales.
But over time, he grew frustrated. Despite his efforts, no one faced legal consequences.
Then, in early 2022, he began tracking a group of hackers hijacking high-profile Twitter accounts to post phishing links. These scams drained victims’ wallets, resulting in losses totaling tens of millions. ZachXBT combined blockchain analysis with intelligence from Discord and Telegram channels frequented by young thieves. Eventually, he identified several suspects—teenagers who were openly flaunting their illicit gains.
His work soon drew law enforcement attention. In one case, French authorities arrested five suspects after ZachXBT publicized his findings. “Seeing law enforcement act on the information I shared felt incredibly satisfying,” he said. “It made me feel like what I was doing might actually matter.”
A Turning Point
In the two years that followed, the scale—and consequences—of ZachXBT’s work grew significantly. He helped track stolen funds from crypto projects like Platypus and Uranium Finance. He assisted in the recovery of $12 million after the Scattered Spider hacking group extorted Caesars Entertainment. He also exposed a network of North Korean IT workers who had infiltrated tech firms, including one who stole $62 million from NFT company Munchables.
Still, the $243 million theft in August was one of the largest he had ever investigated.
After returning from his trip, ZachXBT continued tracing the funds while monitoring social media for clues. One suspect, Malone Lam (aka “Greavys”), appeared to be living large—posting photos of luxury cars, diamond watches, and private jets. He even gave away Hermès Birkins worth $30,000 to $50,000 each.
“It seemed like all they did was party and steal,” ZachXBT said.
Within days, a tipster sent him a screen-recorded video of the hackers celebrating the heist. In the clip, they addressed each other by name and exposed personal information. “Oh my god! $243 million! This is insane!” one exclaimed. “Do you know how much money that is?”
On September 18, Lam was arrested at a Miami waterfront rental costing $68,000 a month. Serrano was detained at LAX after a vacation in the Maldives. He was wearing a $500,000 watch at the time of arrest. Both admitted involvement in multiple cryptocurrency thefts.
So far, $79 million of the stolen funds have been seized or frozen. Prosecutors say over $100 million remains missing.
Frequently Asked Questions
Who is ZachXBT?
ZachXBT is an anonymous cryptocurrency investigator known for tracking stolen funds and exposing scams. Using blockchain analysis and open-source intelligence, he has helped recover hundreds of millions of dollars and assisted in multiple arrests.
How does ZachXBT trace stolen crypto?
He analyzes public blockchain transactions to follow the flow of funds across wallets and exchanges. By combining this data with tips from online sources, he identifies suspicious patterns and links them to real-world individuals or groups.
Is ZachXBT affiliated with law enforcement?
No. He operates independently but regularly collaborates with agencies like the FBI and Secret Service by sharing evidence and analysis. Many of his investigations have led to arrests and asset recovery.
Why does ZachXBT remain anonymous?
Due to the sensitive nature of his work and the potential for retaliation by criminal groups, he conceals his identity for safety reasons. He relies on donations and does not seek personal fame.
Can anyone learn to track cryptocurrency transactions?
Yes. Blockchain data is public, and many tools exist for analysis. However, effective investigation requires patience, practice, and a deep understanding of crypto ecosystems. Those interested can explore more strategies for getting started.
What was ZachXBT’s biggest case?
His investigation into the theft of $243 million in Bitcoin from a single victim led to two arrests and the recovery of $79 million. It is one of the largest individual crypto thefts ever recorded.
Conclusion
ZachXBT represents a new kind of digital sleuth—one who uses public data and community trust to hold bad actors accountable. What began as personal curiosity has evolved into a mission to protect others from the pitfalls he once experienced.
Though he may transition toward more formal paid work, his driving motivation remains unchanged: to restore stolen funds to victims and ensure that crime in the crypto space doesn’t go unanswered. As he continues to uncover, analyze, and expose, ZachXBT isn’t just tracking transactions—he’s building a safer ecosystem for all.
For those looking to deepen their understanding of blockchain security, you can view real-time tools and educational resources available online.