On August 19, 2024, blockchain investigator ZachXBT flagged one of the most sophisticated social engineering attacks in cryptocurrency history. A single Genesis creditor was targeted and lost approximately 4,064 Bitcoin, valued at roughly $238 million at the time. The incident sent shockwaves through the crypto community and underscored the persistent vulnerabilities that exist not in blockchain code, but in human psychology.
The Exploit Mechanics
The attackers executed a multi-step social engineering campaign that demonstrated remarkable patience and operational sophistication. The first contact involved spoofing a phone number and impersonating Google Support. The caller convinced the victim that their Google account had been compromised and persuaded them to hand over access credentials under the guise of securing the account.
Once the attackers gained access to the victim’s personal accounts, they initiated a follow-up call, this time posing as representatives from Gemini Exchange. They claimed the victim’s exchange account had been hacked and created a manufactured sense of urgency. Under intense psychological pressure, the victim revealed critical security information that gave the attackers access to their cryptocurrency holdings.
With control over the victim’s accounts and security credentials, the attackers manipulated the target into transferring 4,064 BTC to an address under criminal control. At the prevailing Bitcoin price of approximately $59,493, the loss amounted to roughly $243 million in total stolen assets.
Affected Systems
The attack primarily targeted a Genesis creditor — an individual who held claims against Genesis Global Trading following the company’s bankruptcy proceedings. The victim’s holdings included a substantial Bitcoin position accumulated through legitimate investment activity. The stolen funds were rapidly dispersed across more than 15 cryptocurrency exchanges, where they were converted between Bitcoin, Litecoin, Ethereum, and Monero in an effort to obscure the trail.
The laundering operation involved splitting the $243 million into smaller amounts and routing them through multiple blockchain networks. A significant portion was converted to Monero (XMR), a privacy-focused cryptocurrency, in an attempt to make the funds untraceable. Additional funds were funneled to luxury goods brokers to purchase cars, watches, and designer clothing.
The Mitigation Strategy
ZachXBT launched an immediate investigation using blockchain analytics and open-source intelligence (OSINT) techniques. The investigation revealed critical errors made by the perpetrators. Veer Chetal, known online as “Wiz,” accidentally exposed his real name during a screen-sharing session. Audio recordings further confirmed his involvement, with accomplices frequently referring to him by name.
Two other key suspects were identified: Greavys (Malone Iam) and Box (Jeandiel Serrano). Box, who played the role of the Gemini representative during the social engineering attack, was identified through his reused profile picture across multiple platforms. The blockchain transparency meant every transaction left an identifiable trail despite the criminals’ attempts to cover their tracks.
Working in collaboration with CFInvestigators, zeroShadow, and Binance Security, ZachXBT’s investigation led to swift action. Over $9 million in stolen funds were frozen across various exchanges, with $500,000 already returned to the victim. Greavys and Box were arrested in Miami and Los Angeles respectively. Additional fund seizures were expected as the investigation continued.
Lessons Learned
This incident illustrates several critical security principles. First, social engineering remains the most dangerous attack vector in cryptocurrency. No amount of blockchain security can protect against human manipulation. Second, the speed of cross-chain fund movement highlights the importance of rapid response protocols. Third, the investigation demonstrated that blockchain transparency is a powerful tool for recovery — every transaction creates a permanent record that skilled investigators can trace.
The collaboration between independent investigators, centralized exchanges, and law enforcement proved remarkably effective. Binance’s security team froze funds within hours of being alerted, and the multi-agency cooperation led to arrests within weeks.
User Action Required
Crypto holders should implement several protective measures immediately. Never share account credentials, recovery phrases, or two-factor authentication codes with anyone claiming to be from an exchange or tech company — legitimate support staff will never request this information. Enable hardware-based two-factor authentication on all exchange accounts. Consider using a dedicated phone number for cryptocurrency-related accounts. Verify the identity of anyone contacting you about account security by independently contacting the company through official channels. For large holdings, consider using multi-signature wallets that require approval from multiple devices or individuals before funds can be moved.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research and consult with security professionals regarding your specific situation.
4064 btc gone because someone believed a phone call. the social engineering sophistication here is terrifying
its easy to say i wouldnt fall for that until you get a call from someone who knows your wallet balance and transaction history. the social pressure is immense
Spoofing Google Support then calling again as Gemini? That level of coordination takes weeks of planning. These arent amateurs.
^ exactly. people hear social engineering and think its some guy in a basement. this was a full operation
impersonating Google support then following up as Gemini exchange is a two-stage confidence trick that takes serious recon. they knew this person was a Genesis creditor with 4,064 BTC. this wasnt random, they were targeted specifically
the recon depth is whats scary. they knew the target was a Genesis creditor, knew the approximate holdings, knew which exchanges they used. this was months of intelligence gathering
months of recon is right. they knew the Genesis creditor list, knew approximate balances, and probably knew which Google services they used. this was a targeted intelligence operation not a scam
4,064 BTC stolen through phone calls and fake support. no smart contract exploit, no bridge hack, no flash loan. just a human being manipulated under pressure. we spend billions securing code and zero on securing the person holding the keys
billions securing code and zero on securing the person. hardware wallets dont help when the attacker has already convinced you to hand over your seed phrase over the phone
4,064 BTC stolen through phone calls. no code exploit, no bridge hack. all the billion dollar smart contract audits and the weakest link is still the human holding the keys