Tracking down Discord & Twitter phishing scammers
Investigations By ZachXBT
0x3D50
September 1st, 2022

Since December 2021 we’ve seen 600+ Discord servers compromised & 12+ NFT related Twitter accounts hacked as well. This has resulted in millions of dollars being stolen.

Welcome to part 2 of tracking down the people responsible.

As a TLDR to those who missed the first part of the investigation, I uncovered that Cam (who previously SIM swapped $37m), sold Twitter panel access to scammers known as HZ & Popbob enabling them to hack 12+ NFT Twitter accounts.

Safe to say horror (HZ/Chase) was not too thrilled with my thread calling him out for the Twitter hacks.

Why would he ask to take them down?

Few remember that prior to the Twitter hacks HZ has been also responsible for the majority of Discord attacks working with Popbob and Two1

Back in April 2022 I mapped out their known wallets with over $3.9m in them at the time.

As of a few weeks ago HZ/Chase began flexing on Twitter an iced out Audemars Piguet watch.

Well where did he buy that watch?

I realized HZ likely paid in crypto due to the nature of how he obtained the funds.

I then asked around a few mutual friends who sell watches. This lead me to a watch seller who recently sold that AP watch for $47.5k USDC.

Inside the Discord server for the seller were two flex pics by the buyer (HZ) with the first made on 08/19/22.

What looks similar? Well the success pics inside the Discord from the buyer were the EXACT same watch and sweater as posted on Twitter by HZ.

I then chatted with the watch seller who was completely unaware of what had transpired. After learning what HZ has done they confirm it’s the same watch and have me look into the address HZ paid with.

0xdc25df861f979a175bfe4f3737d1562d45cdc5cd

Watch payment:

I then map out the flow of funds.

The address HZ used to pay the watch seller $47.5k was DIRECTLY funded by multiple addresses used to scam people with hacked Twitter accounts such as @deekaymotion @Zeneca_33 @ezu_xyz @JRNYclub

(highlighted in yellow below)

Just 1–2 hops away from this address HZ is tied to the @BoredApeYC @nansen_ai @AnataNFT @LACOSTE @TheParallaxHQ @cheebsnft Discord attacks and to @nounsdao @franklinisbored Twitter account hacks.

More attacks aren’t displayed for the sake of space.

On June 28 the JRNY Club Twitter was hacked.

In total HZ received 73.56 ETH ($114k) from the scam to the same address used to pay for the watch.

TXID:0x8879d3f03028954c406484ae818b59511d75c3eaaea8f815fe374db7aa387077

On July 14 DeekayMotion Twitter account was hacked.

In total HZ received 23.11 ETH ($36k) from the scam to the same address used to pay for the watch.

TXID:0x8bc3cdf25a31476f685aee8bd004868f90356a1219e0ae1879b9f353640ed379

On July 19 Zeneca’s Twitter was hacked.

In total HZ received 20.36 ETH ($31.7k) from the scam to the same address used to pay for the watch.

TXID:0x2ae1482e97f56c5e88a54e8457b4a1c6199341eb6deffe0fb4b865e474a5c375

(note HZ is tied to the 333 club Discord attack too)

Some of the Discord attacks like the BAYC Otherside and 333 Club ones HZ is tied to stole $300k+ worth of NFTs with each attack.

Since December 2021 @NFTherder has tracked at least 600 Discord servers that’ve been compromised (thanks for calculating this number).

Here is his latest report for August 2022:

After months and months of tracking their group it’s nice to know one of the main perpetrators (Chase Senecal) for NFT/crypto phishing attacks has been identified. Others in his group like Popbob have yet to be caught

Hopefully at some point victims will take legal action

The majority of the stolen funds haven’t been spent & sit in wallets like:

$1.27m0x9971e3efc26ce470f806c725518e51dee118202e

$730k0x5f7a8e85071e992473a016529b86c6bf0c4e50a4

$828k0xe84d4e6451119f49f24f13caf13fbda331c2245f

Some is spent on OG usernames like @skull @horror

Sources:

Chainabuse report (am advisor):chainabuse.com/report/19be733…

Breadcrumbs report (am investor):breadcrumbs.app/reports/2851

Archive:archive.ph/BSBAW

Hundreds of hours go into reports like this. If you appreciate my research please consider donating to my wallet. All my work is possible because of it.

zachxbt.eth

0x9D727911B54C455B0071A7B682FcF4Bc444B5596

bc1qqsspeghy0wenywvgvrka3krqzd3gdvq38pmf4hka6llget8kjemquk23g6

Subscribe to Investigations By ZachXBT
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
R0vxSz3w13-pr6W…iXBQ975ge3p6WU8
Author Address
0x3D502fA3C2Aac31…Bd38AB861211458
Content Digest
svL1N4xPLX5nXHr…xm4MAqmFy6zx3cw