Three cyber hackers who targeted Genesis creditors and stole millions of dollars posing as Gemini support have been identified and exposed by on-chain sleuth ZackXBT. According to ZackXBT, the individuals—Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano)—stole $243 million from one person using a clever social engineering trick.
The individuals posed as trusted companies and deceived the victim into providing access to their personal and financial information.
ZachXBT is an independent blockchain investigator renowned for exposing fraud, scams, and criminal activity in the cryptocurrency space. Operating anonymously, he utilizes tools like blockchain analysis, open-source intelligence (OSINT), and social media research to track illicit activities involving cryptocurrency.
He frequently shares his findings through detailed threads on Twitter and other platforms, revealing how individuals and groups execute crypto-related scams, laundering operations, and other fraudulent schemes. His work has led to the freezing of stolen funds, arrests, and increased awareness of the risks in the crypto industry. Despite his independence, his investigations have earned him credibility and collaborations with law enforcement and security teams in tracking down criminals.
He noted that on August 19, 2024, attackers called the victim using a fake number and convinced them to grant access to the victim’s account. The perpetrators then pretended to be from Gemini, a cryptocurrency exchange and claimed the victim’s account had been hacked.
They used social engineering techniques to persuade the victim to reset their two-factor authentication (2FA) and send Gemini funds to a compromised wallet. The attackers also got the victim to use a remote access tool called AnyDesk, allowing them to see and steal private keys from the victim’s Bitcoin core wallet.
In an X post, ZachXBT attached a link to a private video recording showing the criminals reacting live as they received $238 million from their scheme. After stealing the money, they split it among themselves and quickly moved it through more than 15 cryptocurrency exchanges, where it was swapped between different digital currencies like Bitcoin, Litecoin, Ethereum, and Monero to avoid detection.
Wiz, one of the perpetrators who received a significant share of the stolen funds, accidentally revealed his full name during a screen-sharing session. This was further confirmed by videos and chats where others called him “Veer.” His friend, Light/Dark (Aakaash), who assisted Wiz in laundering the stolen money using online services, also unintentionally revealed his identity during a screen share.
Additionally, Greavys (Malone) started spending the stolen funds lavishly, buying fleets of cars and spending hundreds of thousands of dollars at clubs in Los Angeles and Miami. He even gifted expensive Birkin bags to women. Unbeknownst to him, his location was discovered through social media posts from his friends and his own Instagram photos, which he had posted under his real name earlier this year.
The last person, Box (Jeandiel/John), who impersonated a Gemini representative during calls to the victim, used the same profile picture across platforms like Discord and Telegram, making it easier to track him. His ex-girlfriend further exposed his identity by leaking all of his photos on social media.
Read also: North Korean hackers target crypto firms with new malware, Durian
A group of cryptocurrency addresses linked to both Box and Wiz received over $41 million from two exchanges. ZachXBT explained that most of this money was spent on luxury items such as cars, watches, jewelry, and designer clothes. Conversations among the trio reveal they were using the stolen funds for these purchases.
Despite converting most of the stolen funds into Monero, a privacy coin, both Box and Wiz made errors that linked the money to their laundering activities. Wiz, for instance, inadvertently revealed an address he used to buy designer clothes during a screen-sharing session. Similarly, Box reused a deposit address, making it traceable.
With the help of investigative teams and the Binance Security Team, over $9 million has been frozen, and $500,000 has already been returned to the victim. As a result of the investigation, both Box and Greavys were arrested in Miami and Los Angeles.
The blockchain investigator mentioned that investigations are still ongoing and that updates will be shared as the legal case progresses.