ZachXBT has exposed another ruthless cryptocurrency and NFT scammer and is sharing information with victims for possible legal action against the criminals.
Popular on-chain detective ZachXBT has uncovered another cryptocurrency scammer that stole millions of dollars in digital assets using sophisticated phishing attacks.
The thieves targeted the Discord services of DeFi projects such as Orbiter Finance and Pika Protocol.
Impersonation and seizure
In a Twitter post published on Monday, ZachXBT explained that the attacker, Soup (aka Dan), carried out the scam by impersonating Luke Hamlton, an employee of crypto media outlet Decrypt.
Soup worked with other scammers to lure members of various crypto project teams into joining fake Decrypt Discord servers. He then tricked them into submitting KYC information during a fake application and interview process, and later embedded phishing attacks into "elaborate attempts to steal their Discord tokens."
A Discord token is an alphanumeric string that represents a user's login credentials, giving them access to any server they own or belong to.
The scammers compromised the Pika Protocol Discord server on May 30, 2023, posting malicious links in the announcement channel, thereby stealing $220,000 in cryptocurrency. Dan admitted in a private DM that he took 15% of the scammers' profits.
The next day, scammers attacked Orbiter Finance and stole another $760,000 using a malicious link. Soup admitted to receiving 30% of the stolen funds, of which 7.5 ETH was found in one of his known addresses.
Soup used some of the proceeds from his crimes to purchase five-figure sums worth of exclusive Roblox merchandise.
ZachXBT added that Soup was involved in the theft of Mutant Ape Yacht Club (MAYC NFT #21080) last year. The two worked with his scam partner Faint to mint a fake MAYC and offered to exchange it with the victim for real MAYC, which the victim accepted.
Soup also stole Cryptopunk#6983in January of this year.
ZachXBT wrote, "Soup admitted that he made $1 million in profits, while his partners made even more, and he appears to have shown no remorse for his actions after causing financial damage to the project and people."
Connect to Blue
ZachXBT was able to track down one of Soup’s addresses because the scammer accidentally leaked it when proving that the ENS address Purplelobster.eth was controlled by Blue (another scammer ZachXBT exposed last week), who sent $25 worth of ETH at the time.
Blue is a former YouTuber turned NFT scammer who is also connected to Monkey Drainer, known for stealing more than $24 million in digital collectibles and bragging about his thefts online. In some recent phishing attacks, Blue has taken more than $200,000 in cryptocurrencies and NFTs from the addresses yancy.eth and LoveMake.eth.
“It’s sickening to see these phishing scammers show zero remorse and spend funds on tasteless items,” ZachXBT said at the time.