ZachXBT, a self-proclaimed “on-chain sleuth”, has revealed how he tracked down and exposed the perpetrators of a $8 million exploit on Platypus, a decentralized stablecoin project. The exploiters, who allegedly stole funds from Platypus’s liquidity pool, are now facing criminal charges and up to five years in prison in France.
According to ZachXBT, he launched his investigation after some Platypus users reported receiving phishing emails to email addresses that they only used to sign up for Platypus. The phishing emails pretended to be from reputable crypto platforms, such as Etherscan and OpenSea, and asked users to click on malicious links or download malware.
A chance to negotiate the return of the stolen funds
ZachXBT traced the phishing emails to a Twitter account named @retlqw, which he linked to an ENS address and an OpenSea account. He also found that @retlqw had liked a tweet about the Platypus exploit and had deactivated his Instagram account. ZachXBT contacted @retlqw and offered him a chance to negotiate the return of the stolen funds before involving law enforcement.
However, @retlqw did not respond to ZachXBT’s message and instead tried to hide his tracks by using Tornado Cash, a privacy tool that mixes and anonymizes transactions. ZachXBT was able to follow the money trail and identify the intervals of 10 Ether (ETH) that @retlqw withdrew from Tornado Cash, which matched the value of the stolen funds.
How the police were involved
ZachXBT shared his findings with Platypus and several crypto exchanges, as well as with the French police. The police arrested and summoned two suspects who were reportedly involved in the exploit. The suspects are accused of fraud, money laundering, and criminal association. They could face up to five years in jail and a fine of 375,000 euros ($430,000) if convicted.
ZachXBT expressed his satisfaction with the outcome of his investigation on Twitter, saying that “all they had to do was respond to my message and negotiate returning funds” but “instead the exploiter is now looking at five years in prison in France for the attack” . He also thanked Platypus, Binance, and the French authorities for their assistance and cooperation.