Hackers Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) pulled off a $243 million crypto theft last month. The single victim, a Genesis creditor, was taken for everything in a detailed social engineering attack.
This incident was carefully planned, and the execution was flawless (no offense to the victim).
ZachXBT, an on-chain investigator, has been on the case, connecting the dots and working with law enforcement to freeze millions and make multiple arrests.
1/ An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen. pic.twitter.com/dcY1e9xsPd
— ZachXBT (@zachxbt) September 19, 2024
The attack kicked off on August 19. Greavys, Wiz, and Box used spoofed numbers and fake support calls to pose as Google and Gemini representatives.
They manipulated the victim into resetting their two-factor authentication (2FA) and transferring funds from their Gemini account to a compromised wallet.
The hackers also got access to the victim’s private Bitcoin keys using AnyDesk, a remote desktop software, during a screen-sharing session.
Once the keys were exposed, they became unstoppable.
The first major Bitcoin transaction occurred at 1:48 am GMT, with 59.34 BTC. Not long after, another 14.88 BTC was moved at 2:30 am.
But oh, that was just the beginning.
$238 million in a single transaction
At 4:05 am UTC, the biggest part of the heist went down.
4064 BTC, worth $238 million at the time, was transferred in one transaction.
Zach shared a private video where the hackers celebrated after receiving the funds. Their reactions? Exactly what you’d expect after pulling off a $240 million heist—shock, excitement, and maybe a bit of arrogance.
Check it out:
After that, the stolen funds were split up among the hackers and sent through more than 15 different crypto exchanges.
The criminals moved the money between Bitcoin, Litecoin, Ethereum, and Monero to make it harder to trace. Even so, Zach traced the trail and identified each of the hackers’ cuts.
Wiz, who received a majority of the stolen funds, screwed up during a screenshare by accidentally saying his real name.
If that wasn’t enough, his partners were heard calling him “Veer” in audio recordings and chats.
At least $34.5 million of Wiz’s cut was found sitting in an Ethereum wallet (0x3c7a5f2795e73d2b94a9120a643f608cfc45c935).
Even though Wiz tried to cover his tracks, the leaks were too obvious.
Wiz’s friend, known as Light or Dark, helped him launder the stolen funds using platforms like eXch and Thorswap.
But just like Wiz, Light/Dark made the same mistake—he leaked his name during a screenshare.
Zach confirmed Wiz’s final crypto transfer to a specific wallet address: 0xa212d7441fed6db9ab666ba34e8c440c565f4af8.
The flashy lifestyle and careless mistakes
Greavys, or Malone Iam, lives large—buying over 10 luxury cars and splashing out hundreds of thousands of dollars at clubs in Los Angeles and Miami.
Some nights, he dropped between $250,000 and $500,000, even handing out Birkin bags like they were nothing.
According to video clips and chat logs, people called him “Malone” while he was busy flexing stolen funds on Discord.
Right now, $3.5 million of Greavys’ loot is sitting in another Ethereum wallet (0x21d7d256be564191a43553e574c06a4d0e629767).
Greavys wasn’t exactly a mastermind at hiding his location.
OSINT (Open Source Intelligence) tracked him down in LA and Miami because his friends and girls posted his whereabouts on social media almost every night.
Box, aka Jeandiel Serrano or John, was the guy who played the Gemini support rep on the phone. He worked the victim, guiding them through transferring funds into the compromised wallet.
On Discord and Telegram, Box uses the same profile picture over and over. That was enough for investigators to track his movements.
At least $18 million tied to Box is currently sitting in an Ethereum wallet (0x98b0811e2cc7530380caf1a17440b18f71f51f4e).
Another player in the game was Danny Trauma, known as Meech in Telegram chats.
His role isn’t entirely clear, but it’s known that he had access to multiple bankruptcy databases. His ex-girlfriend leaked all of his photos, so his identity is no secret.
Investigators also discovered a cluster of Ethereum addresses tied to both Box and Wiz.
Over $41 million from two exchanges flowed through these addresses, much of it ending up in the hands of luxury goods brokers to buy cars, watches, jewelry, and designer clothes.
Chat logs back this up. The hackers were openly discussing how they were spending the stolen funds.
While most of the stolen funds were converted into Monero (XMR) to make them harder to trace, Zach said both Box and Wiz slipped up again.
They accidentally linked the laundered funds with the dirty ones. During one screenshare, Wiz showed an address he used to send money for designer clothes, which had millions tied to dirty funds.
Box made a similar error when he reused a deposit address, connecting clean funds with stolen ones.
Zach didn’t work alone. He mentioned in the X thread that he got help from the Binance Security Team, CFInvestigators, and ZeroShadow to track the funds.
Together, they managed to freeze over $9 million. Around $500,000 has already been returned to the victim.
Thanks to the investigation, Box and Greavys were arrested in Miami and LA.
It’s likely that law enforcement seized additional funds during the arrests, given the large transfers made around the same time.
So, yeah. These guys were either really stupid or really brave, though chances of the former seem higher, don’t they?
This is a developing story
