ZachXBT: British Hacker Connected to $243M Genesis Theft Likely Arrested in Dubai

An individual suspected of being behind one of the largest single Bitcoin heists in history may have been apprehended in Dubai, according to on-chain investigator ZachXBT. On December 5, the researcher shared on his Telegram channel that a man known online as Danny or Meech, identified as Danish Zulfiqar, seems to have been taken into custody, with some of the stolen cryptocurrency reportedly recovered.

ZachXBT highlighted that around $18.58 million in digital assets are currently held in a single Ethereum wallet linked to the suspect. He noted that multiple wallets previously associated with the alleged hacker had transferred funds into this address, a pattern often observed during law enforcement interventions. Reports indicate that Zulfiqar was last located in Dubai, where authorities allegedly raided a villa.

There has been no official confirmation from Dubai Police or UAE authorities regarding any arrests, asset recoveries, or raids related to the case, and local media have not verified the claims. The potential apprehension comes after months of investigation into the August 19, 2024 theft of 4,064 Bitcoin, valued at approximately $243 million at the time. The funds were stolen from a Genesis creditor accessing assets via Gemini.

In September, ZachXBT publicly detailed the theft, attributing it to a coordinated social engineering attack. The perpetrators posed as Google support staff to trick the victim into resetting two-factor authentication. Using remote access software, they gained control of the account, extracted private keys, and transferred the Bitcoin through multiple exchanges and swap services in an effort to launder the funds.

ZachXBT initially linked the operation to online aliases Greavys, Wiz, and Box, later identifying Malone Lam, Veer Chetal, and Jeandiel Serrano as the individuals behind the accounts. Findings from his investigation were shared with law enforcement.

U.S. authorities subsequently filed charges related to similar criminal activity. In September 2024, the Department of Justice charged two suspects in a $230 million crypto fraud, with broader racketeering indictments covering over $263 million, including the Genesis-related Bitcoin theft. Prosecutors described a combination of SIM swaps, social engineering, and physical burglaries, with stolen funds spent on luxury cars, travel, and nightlife. Veer Chetal was also later accused of an additional $2 million crypto theft while on bond.

ZachXBT linked Zulfiqar to the August 2023 Kroll SIM swap incident, which exposed personal data of creditors tied to BlockFi, Genesis, and FTX, leading to follow-up phishing attacks responsible for more than $300 million in cryptocurrency thefts.

The Dubai development occurs amid increasing global law enforcement action against crypto crimes. In October, Thai authorities arrested Liang Ai-Bing over a $31 million crypto Ponzi scheme, previously exposed by ZachXBT. In the UK, authorities secured a guilty plea from Zhimin Qian in a case involving the largest crypto seizure in history, exceeding $6.7 billion in Bitcoin.

Outside of investigations, ZachXBT has remained publicly active, recently engaging in a dispute with UFC fighter Conor McGregor over comments regarding an NFT project, redirecting attention to McGregors own failed crypto venture earlier this year.

Author: Gavin Porter