Tracking down Discord & Twitter phishing scammers

Since December 2021 we’ve seen 600+ Discord servers compromised & 12+ NFT related Twitter accounts hacked as well. This has resulted in millions of dollars being stolen.

Welcome to part 2 of tracking down the people responsible.

As a TLDR to those who missed the first part of the investigation, I uncovered that Cam (who previously SIM swapped $37m), sold Twitter panel access to scammers known as HZ & Popbob enabling them to hack 12+ NFT Twitter accounts.

Safe to say horror (HZ/Chase) was not too thrilled with my thread calling him out for the Twitter hacks.

Why would he ask to take them down?

Few remember that prior to the Twitter hacks HZ has been also responsible for the majority of Discord attacks working with Popbob and Two1

Back in April 2022 I mapped out their known wallets with over $3.9m in them at the time.

As of a few weeks ago HZ/Chase began flexing on Twitter an iced out Audemars Piguet watch.

Well where did he buy that watch?

I realized HZ likely paid in crypto due to the nature of how he obtained the funds.

I then asked around a few mutual friends who sell watches. This lead me to a watch seller who recently sold that AP watch for $47.5k USDC.

Inside the Discord server for the seller were two flex pics by the buyer (HZ) with the first made on 08/19/22.

What looks similar? Well the success pics inside the Discord from the buyer were the EXACT same watch and sweater as posted on Twitter by HZ.

I then chatted with the watch seller who was completely unaware of what had transpired. After learning what HZ has done they confirm it’s the same watch and have me look into the address HZ paid with.


Watch payment:

I then map out the flow of funds.

The address HZ used to pay the watch seller $47.5k was DIRECTLY funded by multiple addresses used to scam people with hacked Twitter accounts such as @deekaymotion @Zeneca_33 @ezu_xyz @JRNYclub

(highlighted in yellow below)

Just 1–2 hops away from this address HZ is tied to the @BoredApeYC @nansen_ai @AnataNFT @LACOSTE @TheParallaxHQ @cheebsnft Discord attacks and to @nounsdao @franklinisbored Twitter account hacks.

More attacks aren’t displayed for the sake of space.

On June 28 the JRNY Club Twitter was hacked.

In total HZ received 73.56 ETH ($114k) from the scam to the same address used to pay for the watch.


On July 14 DeekayMotion Twitter account was hacked.

In total HZ received 23.11 ETH ($36k) from the scam to the same address used to pay for the watch.


On July 19 Zeneca’s Twitter was hacked.

In total HZ received 20.36 ETH ($31.7k) from the scam to the same address used to pay for the watch.


(note HZ is tied to the 333 club Discord attack too)

Some of the Discord attacks like the BAYC Otherside and 333 Club ones HZ is tied to stole $300k+ worth of NFTs with each attack.

Since December 2021 @NFTherder has tracked at least 600 Discord servers that’ve been compromised (thanks for calculating this number).

Here is his latest report for August 2022:

After months and months of tracking their group it’s nice to know one of the main perpetrators (Chase Senecal) for NFT/crypto phishing attacks has been identified. Others in his group like Popbob have yet to be caught

Hopefully at some point victims will take legal action

The majority of the stolen funds haven’t been spent & sit in wallets like:




Some is spent on OG usernames like @skull @horror


Chainabuse report (am advisor)…

Breadcrumbs report (am investor)

Hundreds of hours go into reports like this. If you appreciate my research please consider donating to my wallet. All my work is possible because of it.




Subscribe to Investigations By ZachXBT
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
This entry has been permanently stored onchain and signed by its creator.