ZachXBT
Summary
ZachXBT (legal name Zachary Wolk, revealed through 2023 court filings) is a pseudonymous American blockchain investigator and OSINT researcher who has operated since 2021, publishing forensic investigations into cryptocurrency fraud, scams, and large-scale thefts. He is widely regarded as one of the most consequential independent crypto investigators, credited with helping recover over $350 million in stolen assets and contributing evidence that has led to multiple arrests across several countries. He maintains strict anonymity and has no formal law enforcement affiliation, though he joined Paradigm as an incident response advisor in February 2025.
No evidence submitted yet — be the first.
Editorial decisions, corrections, and updates are anchored on Solana.
Identity and Background
ZachXBT operates pseudonymously under a cartoon platypus avatar wearing a detective's trench coat. His legal name, Zachary Wolk, was revealed involuntarily through court filings in the 2023 defamation case Huang v. Wolk (No. 1:23-cv-00683) in the United States District Court for the Western District of Texas. He has never publicly confirmed his identity or disclosed his appearance. ZachXBT has stated that he entered the crypto space around 2017 during the initial coin offering boom, lost money to fraudulent projects, and subsequently began self-taught blockchain analysis. A wallet hack in 2018 reportedly cost him approximately $15,000. He has described his investigative skills as entirely self-taught, with no formal training in law enforcement or financial investigation. He has been active on X (formerly Twitter) since 2021 and maintains a Telegram channel under @investigations for longer-form investigative content.
- [1]MEDZachXBT - Wikipediaother
- [2]MEDCrypto Sleuth ZachXBT Sued, Doxxed by Former Target - Decryptnews article
- [3]MEDFrom victim to whistleblower: The story of ZachXBT - PANewsnews article
Investigative Methodology
ZachXBT's investigative approach combines blockchain forensics with open-source intelligence (OSINT) techniques. His documented methods include tracing fund flows across wallets and exchanges, address clustering to identify related accounts, and cross-referencing on-chain data with public records such as domain registrations, court filings, and social media activity. He also monitors Telegram and Discord channels where cybercriminals congregate. His analyses typically include transaction evidence, wallet tracing, timestamp analysis, and publicly verifiable on-chain data. He has described his toolkit publicly and has been observed by colleagues such as Nick Bax (Five I's founder) manually analyzing hundreds of transactions within hours of a theft. Security researcher Taylor Monahan of MetaMask has noted that ZachXBT's published findings increasingly lead to real-world arrests. He generally provides investigative services without charge but has accepted paid engagements from victims of major thefts.
Notable Investigations and Law Enforcement Outcomes
ZachXBT has published investigations across a wide range of crypto fraud categories. Selected cases with documented law enforcement outcomes include: (1) Bored Ape Yacht Club Phishing Ring (2021) — ZachXBT tracked a five-person phishing ring that stole over $2.5 million in NFTs from BAYC holders. All five individuals were subsequently arrested and convicted by French authorities, with AFP explicitly citing ZachXBT's posts on X as contributing to identification of the main suspects. (2) $243 Million Genesis Creditor Theft (August 2024) — ZachXBT detected an unusually large Bitcoin transaction and identified three perpetrators: Malone Lam, Jeandiel Serrano, and Veer Chetal. Lam and Serrano were arrested on September 18, 2024 in Miami and Los Angeles respectively. Veer Chetal was arrested in March 2025. A fourth British suspect, Danish Zulfiqar, was reportedly arrested in Dubai in late 2025. Over $9 million in stolen funds was frozen and more than $500,000 returned to the victim. (3) Bybit Exchange Hack Attribution (February 2025) — Following the theft of approximately $1.46 billion in Ethereum-linked assets from Bybit on February 21, 2025 — the largest single cryptocurrency theft at the time — ZachXBT submitted forensic analysis to Arkham Intelligence within hours attributing the attack to North Korea's Lazarus Group. His evidence included test transaction analysis, connected wallet forensics, and timing analysis linking the attack to prior Lazarus operations. The FBI confirmed Lazarus Group responsibility on February 27, 2025. (4) U.S. Marshals Service Crypto Theft (January 2026) — ZachXBT published an investigation alleging that John Daghita (operating as 'Lick'), son of Dean Daghita (president of CMDSS, a USMS contractor), stole approximately $46 million in seized cryptocurrency from U.S. government wallets. ZachXBT discovered the case after obtaining a Telegram recording of a private dispute in which a participant inadvertently revealed control of government-linked wallets. John Daghita was arrested on the island of Saint Martin on March 5, 2026 in a joint FBI and French Gendarmerie operation, with FBI Director Kash Patel publicly announcing the arrest.
- [1]HIGHPolice Arrest Two People Related to $243M Crypto Heist Targeting Genesis Creditor - CoinDesknews article
- [2]HIGHBybit Loses $1.5B in Hack but Can Cover Loss, CEO Confirms - CoinDesknews article
- [3]HIGHInternet Crime Complaint Center (IC3) - North Korea Responsible for $1.5 Billion Bybit Hackregulatory
- [4]HIGHSon of contractor managing seized crypto for U.S. Marshals arrested in France over alleged $46m theft - CoinDesknews article
- [5]MEDJohn Daghita aka 'John/Lick' Arrested - TRM Labs Blogresearch
- [6]MEDZachXBT - Wikipediaother
Defamation Lawsuit: Huang v. Wolk (2023)
On June 15, 2023, Jeffrey Huang (known online as 'Machi Big Brother'), a Taiwanese-American musician and tech executive, filed a federal defamation lawsuit against ZachXBT in the United States District Court for the Western District of Texas (case no. 1:23-cv-00683). The lawsuit arose from a June 2022 investigation ZachXBT published alleging Huang had embezzled 22,000 ETH (approximately $37.8 million at time of writing) from Formosa Financial, a cryptocurrency treasury management platform Huang co-founded. Huang's complaint characterized the allegations as 'categorically false' and alleged 'absence of proof,' arguing that Huang had never had control of Formosa Financial funds. The lawsuit was significant in that, to file it, Huang's legal team ascertained ZachXBT's legal name and residential jurisdiction, which were then visible in public court filings — effectively doxxing the pseudonymous investigator. ZachXBT characterized the suit as 'baseless' and 'an attempt to chill free speech.' His legal defense was handled by Brown Rudnick partner Stephen Palley. Within days, ZachXBT's community raised over $1.1 million in legal defense donations through approximately 18,000 Ethereum transactions; prominent supporters included Binance CEO Changpeng Zhao, Kraken co-founder Jesse Powell, and artist Beeple. On August 14, 2023, Huang voluntarily withdrew the lawsuit. As part of the resolution, ZachXBT made material alterations to his original investigative article: allegations of embezzlement were removed, a claim that Huang had 'launched over 10 failed pump and dump tokens and NFT projects' was removed, and additional context provided by Huang regarding Cream Finance was added. ZachXBT stated he would return all unused legal defense funds to donors.
- [1]HIGHCrypto Detective ZachXBT Faces Defamation Lawsuit - CoinDesknews article
- [2]MEDCrypto Sleuth ZachXBT Sued, Doxxed by Former Target - Decryptnews article
- [3]HIGHJeffrey 'Machi Big Brother' Huang drops defamation suit against crypto sleuth ZachXBT - The Blocknews article
- [4]MEDZachXBT, Machi Big Brother defamation suit has been dropped - Blockworksnews article
- [5]MEDCrypto sleuth ZachXBT raises $1.1 million for legal defense - Blockworksnews article
Accuracy, Retractions, and Methodology Concerns
ZachXBT's investigative record is broadly regarded as credible within the crypto security community, with numerous findings subsequently confirmed by law enforcement agencies including the FBI. However, the Huang v. Wolk defamation matter raised accuracy concerns. As part of the August 2023 resolution, ZachXBT materially amended his investigative article to remove embezzlement allegations and soften other characterizations, indicating that at least some claims in that investigation were not substantiated to a degree that could survive legal scrutiny. Huang's complaint specifically argued that ZachXBT had made accusations without sufficient proof of the core embezzlement allegation. A second incident involved ZachXBT backing off claims against an NFT trader to avoid a potential second lawsuit, according to Decrypt reporting. These episodes suggest that, while ZachXBT's on-chain analysis is generally technically grounded, his narrative conclusions can occasionally outpace the evidence. ZachXBT himself has no formal journalistic training, no institutional editorial process, and publishes findings on a self-directed timeline. Some of his investigations are based in part on Tier 3 sources such as private Telegram recordings and unverified social media activity. The overall accuracy record, weighed against the volume of investigations and confirmed law enforcement outcomes, is considered positive by major security researchers and publications including Wired, which named him 'the most prolific independent crypto-focused detective in the world' in August 2024.
- [1]MEDCrypto Sleuth ZachXBT Avoids Lawsuit After Backing Off Claims Against NFT Trader - Decryptnews article
- [2]MEDZachXBT, Machi Big Brother defamation suit has been dropped - Blockworksnews article
- [3]MEDZachXBT - Wikipediaother
Funding and Affiliations
ZachXBT's primary historical funding source has been community donations and Gitcoin Grants quadratic funding rounds. Gitcoin grant records show that across multiple rounds, thousands of contributors donated amounts totaling several thousand dollars per round, supplemented by quadratic match funding. His legal defense fund in 2023 raised over $1.1 million in cryptocurrency, though he pledged to return unused portions. In February 2025, ZachXBT announced he had joined Paradigm — a major cryptocurrency venture capital firm — as an incident response advisor. Paradigm co-founder Matt Huang stated that ZachXBT had helped recover over $350 million for hack and scam victims. ZachXBT stated he would continue his independent investigative work alongside the Paradigm role. In August 2025, ZachXBT was announced as a launch partner for the Beacon Network, a real-time fund-freezing coordination platform developed by blockchain intelligence firm TRM Labs. The Paradigm affiliation has been noted by observers as a potential consideration for bias assessment, given that Paradigm is a significant investor in multiple crypto protocols and companies; ZachXBT has stated that his independence will be maintained.
- [1]HIGHOnchain sleuth ZachXBT joins crypto VC firm Paradigm as incident response advisor - The Blocknews article
- [2]MEDParadigm taps ZachXBT as adviser - CoinTelegraphnews article
- [3]MEDZachxbt Joins Paradigm as Incident Response Advisor - The Defiantnews article
- [4]MEDGitcoin: ZachXBTother
- [5]MEDZachXBT Uncovers Crypto Theft Network Linked to US Government Seizure Funds - TRM Labs Blogresearch
Pseudonymity, Security Posture, and Impersonation Risks
ZachXBT maintains strict pseudonymity. His legal name (Zachary Wolk) entered the public record involuntarily via the 2023 court filings and has not been publicly confirmed by ZachXBT. His physical appearance, precise location, and other personal details remain undisclosed. The doxxing incident in 2023 raised concerns within the crypto investigation community about the physical safety risks faced by individuals who investigate organized fraud networks and nation-state hacking groups. CoinTelegraph has reported that ZachXBT impersonators actively target potential victims, using his reputation to run social engineering scams. Consumers and researchers should verify that communications attributed to ZachXBT originate from his verified X account and Telegram channel (@investigations) before acting on any claims or warnings.
- [1]MEDZachXBT impersonators on the prowl for potential victims - CoinTelegraphnews article
- [2]MEDCrypto Sleuth ZachXBT Sued, Doxxed by Former Target - Decryptnews article
Recognition and Industry Standing
ZachXBT has received recognition from major publications and industry bodies. Wired Magazine described him in August 2024 as 'the most prolific independent crypto-focused detective in the world.' CoinDesk included him on its Most Influential 2024 list. His work has been cited in legal proceedings, including a Canadian NFT rug pull class-action lawsuit. Law enforcement agencies including the FBI have publicly credited his investigative contributions, with FBI Director Kash Patel specifically mentioning ZachXBT's role in the Daghita arrest in March 2026. His following on X stands at approximately 700,000 accounts. He has collaborated with blockchain intelligence firms including Arkham Intelligence and TRM Labs on specific investigations and platforms.
- [1]MEDZachXBT - Wikipediaother
- [2]MEDZachXBT's research cited in Canadian NFT rug pull class-action lawsuit - CoinTelegraphnews article
- [3]MEDWho is ZachXBT, the Crypto Sleuth Exposing Scams? - BeInCryptonews article
Timeline
2017-01-01
ZachXBT enters the crypto space during the ICO boom and begins losing money to fraudulent projects, which later motivates his investigative work.
ZachXBT - Wikipedia2018-01-01
ZachXBT suffers a wallet hack losing approximately $15,000, which he has cited as a turning point toward self-taught blockchain analysis.
Who is ZachXBT? - BeInCrypto2021-01-01
ZachXBT begins publishing investigative threads on X (Twitter), establishing his presence as a pseudonymous blockchain investigator.
ZachXBT - Wikipedia2021-01-01
ZachXBT tracks a five-person phishing ring targeting BAYC NFT holders; all five are later arrested and convicted by French authorities.
ZachXBT - Wikipedia2022-06-01
ZachXBT publishes investigation alleging Jeffrey 'Machi Big Brother' Huang embezzled 22,000 ETH (~$37.8 million) from Formosa Financial.
Crypto Detective ZachXBT Faces Defamation Lawsuit - CoinDesk2023-06-15
Jeffrey Huang files federal defamation lawsuit (Huang v. Wolk, 1:23-cv-00683) in U.S. District Court for the Western District of Texas; court filings reveal ZachXBT's legal name Zachary Wolk.
Crypto Sleuth ZachXBT Sued, Doxxed by Former Target - Decrypt2023-06-16
ZachXBT launches legal defense fund; raises over $1.1 million in cryptocurrency within days from approximately 18,000 Ethereum transactions.
Crypto sleuth ZachXBT raises $1.1 million for legal defense - Blockworks2023-08-14
Jeffrey Huang voluntarily withdraws defamation lawsuit. ZachXBT amends his investigative article, removing embezzlement allegations and other sharp characterizations. ZachXBT pledges to return unused defense funds.
ZachXBT, Machi Big Brother defamation suit has been dropped - Blockworks2024-08-19
ZachXBT detects an unusually large Bitcoin transaction while preparing to board a flight, triggering his investigation into the $243 million Genesis creditor theft.
ZachXBT - Wikipedia2024-08-19
Wired Magazine describes ZachXBT as 'the most prolific independent crypto-focused detective in the world.'
ZachXBT - Wikipedia2024-09-18
Malone Lam and Jeandiel Serrano are arrested in Miami and Los Angeles respectively in connection with the $243 million Genesis creditor theft, following ZachXBT's investigation.
Police Arrest Two People Related to $243M Crypto Heist - CoinDesk2025-02-21
Bybit exchange suffers approximately $1.46 billion hack. ZachXBT submits forensic evidence attributing the attack to North Korea's Lazarus Group within hours, sharing findings with Arkham Intelligence.
Bybit Loses $1.5B in Hack but Can Cover Loss - CoinDesk2025-02-27
FBI confirms North Korea's Lazarus Group was responsible for the Bybit hack, corroborating ZachXBT's attribution.
IC3 Public Service Announcement - North Korea Responsible for Bybit Hack2025-02-26
ZachXBT announces he has joined Paradigm as an incident response advisor; Paradigm co-founder Matt Huang states ZachXBT helped recover over $350 million for victims.
Onchain sleuth ZachXBT joins Paradigm as incident response advisor - The Block2026-01-23
ZachXBT publishes investigation alleging John Daghita ('Lick'), son of a USMS cryptocurrency contractor, stole approximately $46 million in seized crypto from U.S. government wallets.
U.S. marshals investigate claim of $40 million crypto theft - CoinDesk2026-03-05
John Daghita is arrested on the island of Saint Martin in a joint FBI and French Gendarmerie operation. FBI Director Kash Patel publicly announces the arrest and credits ZachXBT's investigation.
Son of contractor managing seized crypto for U.S. Marshals arrested in France - CoinDeskmodel: claude-sonnet-4-6
generated: 4/20/2026, 2:36:25 AM
avoid.net — verified advice for a post-truth world