ZachXBT, real name Zachary Wolk, is the most influential independent chain investigator in the cryptocurrency community right now. He has been active on X (formerly Twitter) since 2021, tracking down stolen funds, exposing Rug Pulls, and helping to identify crypto-crime associates through detailed investigative posts. With no official authorization, no corporate affiliation, and operating almost exclusively on community donations for several years, he has helped recover more than half a billion dollars in stolen assets, and has worked substantively with the FBI and European cybercrime units.
This article is the first in the traditional Chinese community to cover ZachXBT's complete background, the methodology of the chain of investigation, the major cases of the past two years, as well as the May 2026 identity and conflict-of-interest controversy. Whether you are new to the name, or you want to understand the whole picture, this article will give you a complete understanding of the person of zachXBT!
Who is ZachXBT? From victim to the most influential investigator in crypto.
What is the background of Zachary Wolk's involvement?
ZachXBT, whose real name is Zachary Wolk, is an ordinary young American technology enthusiast. He entered the ring as a retail investor during the ICO boom in 2017, and like many others, bought into several token projects that were said to be "world-changing" with the hope of getting rich overnight, and almost all of them ended up in Rug Pulls.In 2018, his Electrum wallet was hit by a malicious update, and he suffered a direct loss of 15,000 US dollars.
This experience of being cheated became the fundamental motivation of his volunteer investigation for many years. With no background in blockchain security companies and no formal training, he relied on self-education to master chain analysis techniques. Since 2021, when he began publishing his investigative reports, he has helped recover more than $435 million in stolen funds and has facilitated several multinational arrests, including with the U.S. Secret Service and the French prosecutor's office.
ZachXBT operates largely on community donations, and has received around $1.3 million since 2021. He did not normally receive any fees for his investigations until 2024, when he was first commissioned to help track down a $243 million Bitcoin theft, and from 2025 onwards he joined crypto-venture capital firm Paradigm as an advisor, and in the same year established a pro-active security reporting partnership with the BNB Chain. This funding structure is both the foundation of its independence and the centerpiece of the 2026 controversy.
ZachXBT's survey methodology: How does chain analysis and OSINT fit together?
ZachXBT's core investigative methodology combines on-chain transaction analysis with open source intelligence (OSINT) technology. All transactions on the blockchain are publicly recorded, and by tracking the path of funds as they move from one address to another, coupled with publicly available information that identifies the connection between the wallet and the real identity, the apparently anonymous flow of funds can be reduced to an understandable chain of events.
His surveys are usually divided into three levels. The first level isFunds Flow TrackingThe company's first step was to start with a stolen or suspicious wallet address and work its way up the chain to identify which exchanges, mixers, or cross-chain bridging services the money was going to. In tracking down a Russian OTC broker suspected of money laundering, he used temporal analysis to compare the time of bitcoin transfers to wallet addresses on the Tron network, successfully establishing cross-links.
The second level isBehavior Mode Recognition. Hackers often have a pattern of transferring funds, including pre-attack test transactions, using specific instant exchange services, or operating within a fixed time window. In Bybit's case, his analysis included pre-attack test transactions, associated wallet analysis, and multiple forensic charts, which ultimately served as the key to identifying the attacker.
The third level isSocial Media Cross Reference. The data on the chain itself is anonymous, but when the suspects flaunt their lavish spending on social media, it leaves a trail that can be compared. In the case of the $243 million Bitcoin theft, ZachXBT used the suspects' lavish social media purchases to identify the three individuals involved, which helped lead to arrests in a matter of weeks.
What entry-level tracking methods can we apply?
ZachXBT's complete toolset requires a deep technical background, with his commonly used core tools including TRM Labs (on-chain intelligence platform covering over 70 million assets and 30 blockchain networks), MetaSleuth (cross-chain money tracking), and Arkham Intelligence (wallet tagging and smart money analysis). However, the underlying level of its investigative logic is perfectly applicable to the average investor.
Step 1: Check wallet history using a free blockchain browser. Etherscan (Ether), Solscan (Solana) and BscScan (BNB Chain) are available for free. Before investing, enter the project's disclosed contract address or official wallet address into your browser and review past transactions, focusing on whether the funds came from a suspicious address, whether there are concentrated positions in tokens, and whether there are regular large transfers.
Step 2: Use Arkham Intelligence or Nansen to check the movement of smart money. Both offer wallet tagging, which identifies the wallets of known exchanges, market makers and high-profile investors. arkham's free version is sufficient for basic checking, and can be used to identify the wallet nature of a large position.
" " " " Extended Reading:Arkham Intelligence Introductory Article
Step 3: Discuss in X Cross Search Risks. Before investing in any project, search for the project name plus keywords such as "rug," "scam," and "warning," and check the history of ZachXBT's Telegram channel to see if the project has been flagged before. These three steps don't require any technical background, but can filter out a lot of obvious high-risk projects before investing.
Major investigation cases in the past two years (2024-2025)
2024: How a $243 Million Bitcoin Theft Was Busted at the Airport
On August 19, 2024, a social engineering attack on Genesis creditors resulted in the theft of $243 million in Bitcoin, with the attackers posing as Google support staff to lure the victims into revealing their account access privileges. ZachXBT detected the suspicious cash-in-link activity while waiting for a flight, and immediately began tracking the flow of funds and mapping out the path of the transfers after connecting to the in-flight Wi-Fi connection. Charting transfer paths. He eventually tracked 4,064 Bitcoins, identified three suspects, helped freeze $9 million in assets, and facilitated the arrest of two U.S.-based officers. This case was his first paid commission, and marked his transition from purely volunteer investigator to commercial, on-chain forensics consultant.
February 2025: What Was His Role in Bybit's Biggest Crypto Theft Ever?
On February 22nd, 2025, cryptocurrency exchange Bybit was hacked, resulting in an estimated $1.4 billion outflow of funds, making it the largest cryptocurrency theft in history and more than double the amount stolen in 2021 from the Poly Network. Within hours of the incident, ZachXBT submitted a solid chain of evidence identifying the attacker as the Lazarus Group, a North Korean hacking organization, and an analysis report containing test transactions prior to the attack, associated wallet analysis, multiple forensic charts, and a complete timeline. The report was later cited in an official FBI statement as important evidence in identifying the Lazarus Group as the mastermind.
2025: How He Exposed North Korea's Infiltration Network of Fake IT Workers
ZachXBT has released an investigative report revealing a leak from an internal North Korean payment server that shows a five-person tech team manipulating more than 30 fake identities to infiltrate cryptocurrency development projects by purchasing Upwork and LinkedIn accounts, earning about $1 million per month and laundering money through cryptocurrency and fiat currency conduits. The investigation revealed that one of the Tron payment addresses had been frozen by Tether, and tracking methods included analyzing Google cloud drive data, Chrome browser settings, and device screenshots. The report is a direct result of the industry's efforts to raise the bar on identity verification for remote developers.
How did ZachXBT's identity rise to the surface?
On May 22, 2026, anonymous user Matthew (@matthewabides) posted a message on the post X Publishing lengthy survey postingsMatthew's post was viewed by over a million people in a few hours, claiming to reveal ZachXBT's true identity as Zachary Wolk and accusing him of having conflicts of interest with various crypto organizations. The post was viewed by over a million people in a matter of hours, Matthew claimed to be from a small country in Eastern Europe, and the post was his first on X.
Matthew's identity was verified by the fact that @zachxbt's Twitter account was registered in February 2015, which matches the timing of the Swim State Finals record; ZachXBT has described himself as being in crypto-circuits in college in 2017, which matches the year of graduation (2016) and his age (27-28) as shown in the Swim State Finals record; and the 2017 Four Points Local News also featured an article and photo of Zachary Wolk as a member of the Vandegrift swim team.
Matthew listed donations of $580,000 from Optimism, $254,000 from Hyperliquid, $150,000 from BC.Game, $53,000 from Bybit, and $50,000 from CZ in the name of Binance and $10,000 from Justin Sun during the 2023 Crowdfunding for Legal Fees period.
The posting centers on the controversy that Hyperliquid awarded ZachXBT over $600,000 in token donations in January 2026, after he had published seven investigative postings criticizing Hyperliquid; but within four months of receiving the donations, he had published zero critical content against the platform. Critics have argued that this pattern, repeated across multiple donors, raises structural suspicions of selective investigation.
It's worth noting that ZachXBT has been publicly posting the list of donors, not deliberately hiding the source of his funds. ZachXBT did not respond directly to the identity revelation, but only replied to KuCoin-related user inquiries on the same day. The overall response from the community remained supportive, with several users pointing out that revealing the identity of an investigator who is tracking illegal funding poses its own personal safety risks. The charges have not yet been adjudicated by any regulator or court.
Conclusion
ZachXBT's story reveals a deep structural problem in the cryptosphere: when an independent investigator, who operates on the trust of the community, begins to receive funding from the ecosystem being investigated, where is the boundary of its independence? There is no simple answer to this question. However, for the average investor, it reminds us of at least a few things: any source of information needs to be checked for funding; on-chain data is the hardest raw evidence to fake, and learning to read basic on-chain information is a skill worth investing in; and, in a cryptosphere that lacks systematic regulation, personal reputation is still the most fragile asset.
Extended Reading:
2026 FTSE BULLETINS Tutorials|Opening an Account, Depositing and Withdrawing Funds, Buying Coins
Fidelity Cryptocurrency Deposit and Withdrawal Tutorial 2026: Complete Guide on How to Add and Withdraw Coins to Hot and Cold Wallets
Disclaimer
The content of this article is for informational and educational purposes only and does not constitute any investment advice, nor does it represent the position and views of Monsterblockhk. All information and analyses are based on publicly available information as of a specific date and are subject to change. Readers are advised to exercise independent judgment and carefully assess the associated risks. This article does not constitute any invitation or solicitation to buy or sell securities, funds or other financial products, and Monsterblockhk is not a licensed investment adviser of the Securities and Futures Commission of Hong Kong. If necessary, readers should consult a licensed professional for advice on their own circumstances.