cointelegraph.com
French authorities have reportedly utilized research from pseudonymous blockchain sleuth ZachXBT to charge five people on suspicion of stealing $2.5 million worth of nonfungible tokens (NFTs) via phishing scams.
According to an Oct. 12 report from the Agence France Presse (AFP) shared by Barron’s, the alleged fraudsters built a website that masqueraded as a service that animates the static artwork from people’s Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) NFTs.
Unfortunately for the victims, they had their credentials swiped and their NFTs stolen via the phishing website instead.
The five young suspects are said to be in their mid to late 20s, and had allegedly conducted the scheme between late 2021 and early 2022.
The charges against the five include fraud committed as part of a criminal gang, concealing fraud and criminal association.
Two of the suspects are thought to be the ring leaders, and prosecutors have requested for them to be held in pre-trial detention.
ZachXBT provides key info
Christophe Durand, the deputy chief of France’s national cyber unit told the AFP that it got clued into the incident after observing an investigation from the self-proclaimed on-chain sleuth ZachXBT on Twitter.
Durand explained that ZachXBT had launched into an investigation in response to requests from the community of owners of the Bored Ape Yacht Club series” that had their tokens swiped.
Over on Twitter, ZachXBT noted that they were “very pleased” to see that French authorities had taken action against the alleged scammers. The sleuth was also happy to see their work was officially credited online, given that they are an independent investigator that is funded by community donations.
Here’s the working link to my article that started it all!https://t.co/HkR0GLyaUU
— ZachXBT (@zachxbt) October 12, 2022
ZachXBT also linked back to their original Aug. 9 article that he said helped kick off the investigation.
A key part of the research revolved around the alleged scammers' use of Tornado Cash to mix and withdraw the funds.
ZachXBT outlined that the “mathys.eth” address in particular left revealing breadcrumbs, as they often withdrew intervals of 10 ETH that added up to the value the NFTs were sold for, around the time they were stolen.
“While the scammer did make an attempt to hide their breadcrumb trail by depositing the stolen funds into Tornado Cash, they were not careful about covering their tracks when it came to withdrawing the funds from Tornado.”
ZachXBT has posted a series of on-chain investigations focused on rug pulls, scams, hacks and pump and dumps, and has developed a strong Twitter following of 303,200 for their efforts.
At the start of this month, ZachXBT launched an investigation into the $450,000 Beeple Discord hack to find the people responsible. Cointelegraph also reported on ZachXBTs recent research and allegations from Sept. 29 accusing Crypto influencer Lark Davis of shilling a series of “low cap projects” just to dump on “them shortly after.”
18/ All my work is possible because of donations so if you like my investigative threads such as this one please consider donating to my ENS or sharing this thread!
— ZachXBT (@zachxbt) October 4, 2022
0x9D727911B54C455B0071A7B682FcF4Bc444B5596
zachxbt.eth
Thanks to @beeple for making this sick 1 of 1. https://t.co/V8aAGFWFHX