Pseudonymous blockchain sleuth ZachXBT claimed Friday that a British threat actor tied to a $243 million theft from a single Genesis creditor on Gemini may have been taken into police custody.
In a Dec. 5 post on his official Telegram channel, ZachXBT alleged that “British threat actor Danny / Meech aka Danish Zulfiqar (Khan) appears to have likely been arrested by law enforcement and had crypto assets seized.”
He pointed to roughly $18.58 million worth of crypto currently sitting at Ethereum address “0xb37...9f768,” which he said was associated with the suspected hacker. The web3 detective added that “multiple addresses tied to him I was tracking consolidated funds to 0xb37d in a similar pattern to other law enforcement seizures.”
ZachXBT, who has built a reputation for tracking alleged crypto frauds and helping victims and law enforcement recover stolen assets, further claimed that Danny was “last known to be in Dubai” and that it was “alleged a villa was raided and others there were arrested as well,” adding that several people previously in contact with the suspect had become unresponsive in recent days, according to his post.
As of publication, there have been no public statements from Dubai Police or UAE regulators, and The Block has not identified any local media reports confirming a villa raid, arrests, or seizures tied to Zulfiqar, the Genesis creditor theft, or the earlier Kroll SIM swap incident.
The $243 million Genesis creditor heist
The latest claims build on a sprawling investigation into one of the largest known individual crypto thefts.
In September 2024, ZachXBT published a detailed thread alleging that three attackers were involved in stealing roughly $243 million in bitcoin — 4,064 BTC at the time — from a single Genesis creditor on Aug. 19, 2024.
The victim reportedly held funds with Gemini, which was used as the exchange interface. According to ZachXBT and subsequent reporting by The Block, the theft was carried out via sophisticated social engineering.
Attackers allegedly posed as Google support, convinced the victim to reset two-factor authentication for his Gemini account, and used remote access software to gain deeper control. From there, they obtained the victim's private keys and drained their wallet, routing the 4,064 BTC through a web of exchanges and swap services.
Back then, ZachXBT identified three primary suspects by their online handles — “Greavys,” “Wiz,” and “Box,” later alleged to be Malone Lam, Veer Chetal, and Jeandiel Serrano — and shared his findings with law enforcement.
U.S. prosecutors have since brought a series of cases linked to the same constellation of activity. In September 2024, the Department of Justice charged two suspects in connection with what it described as a roughly $230 million cryptocurrency scam involving thefts from victim accounts, and later unsealed broader racketeering indictments alleging a $263 million scheme that included the theft of more than 4,100 bitcoin from a Genesis creditor.
Court filings and related coverage detailed a mix of social engineering, SIM swaps, and even physical burglaries, with conspirators allegedly spending millions of dollars on luxury cars, travel, and nightlife.
One defendant, identified as Chetal, has faced additional legal trouble after allegedly participating in a separate $2 million crypto theft while out on bond.
