ZachXBT latest investigation: How Fortnite professional players used meme scams to steal $3 million?

This article is approximately 1037 words,and reading the entire article takes about 2 minutes
Hacker Serpent controlled 9 accounts including McDonalds and Kabosu on X and Instagram, launched a Meme coin scam, stole about $3.5 million, and used it for casino gambling

Original author: zachxbt, Chain Detective

Original translation: zhouzhou, BlockBeats

Editors note: This article analyzes how hacker Serpent controlled 9 accounts including McDonalds and Kabosu on X and Instagram, launched a Meme coin scam, stole about $3.5 million, and used it for casino gambling. Serpent was a professional player of Fortnite and was terminated for cheating. In 2022, the NFT project DAPE he co-founded suffered a Rug Pull, and the ERROR project launched in 2024 also suffered a Rug Pull and was eventually banned by X.

The following is the original content (for easier reading and understanding, the original content has been reorganized):

Over the past few months I have been following a series of related breaches involving McDonalds, Usher, the owner of Kabosu, Andy Ayrey, Wiz Khalifa, SPX 6900, and others, which resulted in the theft of approximately $3.5 million via the release of Pump Funmeme coins.

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

On August 21, 2024, McDonald’s Instagram account was hacked and a post was published promoting the bundled meme coin GRIMACE, and then the hacker began to spoof. From this pump and dump, more than $690,000 was transferred to two wallets.

4RiNhTwBxYWgb4MSCtt9vXgVk2yuPhoQR3DR9pMVPU1W

2vjnmxwTYNJvTmFhtqxZkPiuCHkaKZK5rcxTLuoC2dPB

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

On September 3, 2024, the McDonalds attackers transferred 101.5 SOL to two addresses, which deployed and sniped SCHRADER after the X account of actor Dean Norris was hacked.

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

4s9Uz9pTBXcEaEtcjs8eg98r2TVte3rq3JUm3rVTFMudfewGbNKmqNyYs9bSAMDUaTbTcuA1v39sWr7GRqkDJ6EM

1gxo1pjTqjbee7rHW4cGvuNffX1qP4F8fP17g6SSC5EYbQrnktDrKSFB1uh4ju7PxQjprWFin37WUsAe225b9c6

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

On September 6, 2024, the proceeds from the McDonald’s APT (account hijacking) were transferred to a casino deposit address.

CuNzegC9DE4CxCMn31ZcYLvtDaYsLD9RX8eRvmtZQrnB

By performing a time analysis, it is possible to find subsequent withdrawals that were made shortly after a deposit.

B2fwZt5nTbdrnJ2CPsgrYMPuB4UnhN82EAM34dXDARLh

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

On September 12, 2024, B2fw transferred 110 SOL to two addresses that participated in the meme coin rush promoted in the Usher leak.

4FUrwoHz1fuUf4eR6YEAYSG9d9rN5fzbowMXtbjwJAhTDtHXjpnTb1sz6aeF6T79JaiMFyT2xX2EuTxqT5UhFfKD

427zpHF1WWgYgKxcSiUzwXLg2UqsF6xq7K13PU3mh6Wr99mipiVA6GcDTwi7EY93RJeRuEUDZAK9BnoMeki7sU6C

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

B2fw then transferred 4868 SOL to the casino deposit address ECb5v. There are other APT (account hijacking) incidents directly related to Ecb5v, including the Andy Ayrey and Enoshima Aquarium leaks.

Ecb5vsomUG3MEnLCgiFvkdnnqpggTEXtN17z62iDPuU3

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

On October 15, 2024, the Enoshima Aquarium account X was hacked and promoted a bundled meme coin. On the same day, 84 SOL obtained from the scam was transferred to ECb5v.

5PDjh74JTLMPW4dXr6fKm3Yue2j3vhbxLSK5dPbQ3oEGK4axE7fua1ngBMas4xpRY6dBr92Ccps7b1WwcLdnxXWL

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

On October 29, 2024, Andy Ayreys (founder of Truth Terminal) X account was hacked, which lasted for several days and promoted 6 meme coin scams. 3GVUs was one of the addresses that participated in the rush to buy tokens.

3GVUs2gNr161ohqnVXjUeoNQmf3cELxKSiPrxyQu6pjd

On October 30, 2024, 3GVUs will transfer 169 SOL to Ecb5vs.

67nwsLLE3aGua4VeH8p6qHc3SL3rpxi9omMxRnfpeyZVsBpZawnUHo4Pt4tdT5Vxny2uRNRDH3vSZ1fzvKkNCML4

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

Of the $2.178 million received from the Andy Ayrey ATO, $750,000 was deposited into the casino deposit address Apc3e.

Apc3eA9ScQksuZvfURQswZwVkusEYRaqeKEv4eXXbRZm

0.1 SOL from the Kabosu ATO funded an address participating in the Andy Ayrey ATO.

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

On October 17, 2024, the Instagram account of Kabosus owner was hacked and promoted a meme coin scam.

On the same day, 191 SOL from the scam was transferred to the casino deposit address:

6kwZ7tz8Xs7jaVqVJXZSRrZ2FtS2PPChEVuLXKrmMgCm

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

The APT (account hijacking) incidents of Kabosu and Andy Ayrey are directly related to the APT incident of Wiz Khalifa.

On November 3, 2023, the attacker published a wallet address on Wiz Khalifa’s account. 29 SOL was transferred to 6kwZ7, just like what happened in the Kabosu ATO.

NFCs23ddXQc9Zff2VJotEn2zaSAh4tvw6U6kb7fdXovZ8YPQgJMGQkXmtWiTutqnoBf6wR2khaKvFpyEKNhHfjJ

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

WIZ deployers were funded by the Andy Ayrey ATO. Other addresses participating in the rush transferred all proceeds from instant redemption to the casino deposit address 0x83ee.

0x83ee6b53a0ae76b71bed0c32721a451776dbdb3a

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

On October 16, 2024, 0x83ee received 0.54 ETH from the scam’s deployer, and SPX 6900 was hacked on October 11, 2024.

On Solana, another scam promoted by a hacked SPX 6900 account was funded by the Ken Carson attacker.

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

To further prove the relationship between Kabosu owners, SPX 6900, Ken Carson, and Enoshima ATO, each meme coin deployer provided funds to the previous deployer address through instant exchange funds in an attempt to conceal the source of funds.

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

Investigating how threat actor Serpent went from being a professional Fortnite player to helping steal $3.5M through a memecoin scam leaked from 9+ accounts on X and IG, and using the proceeds for online casino gambling.

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

Serpent (SerpentAU) is a former professional Fortnite player from Australia who was released by the esports organization Overtime after being found to have been involved in cheating in June 2020. He then co-founded the NFT project DAPE in March 2022 and later rug pulling.

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

In March 2024, Serpent launched another project called ERROR, but the project performed a rug pull, which led to him being banned from the X platform.

Deployer Address:

0x8233873ee35547097ccb9098adbab955d7120ee8

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

On October 23, 2024, ERROR deployers transferred a total of 29 ETH to two instant exchanges.

By performing a timing analysis, we can see that these funds were received into Solana and transferred to the same casino deposit address.

Ecb5vsomUG3MEnLCgiFvkdnnqpggTEXtN17z62iDPuU3

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

Multiple ATOs (aggressive transaction activities) directly connected to the deposit address Ecb 5 vs include: McDonalds, Usher, Andy Ayrey, Dean Norris and Enoshima Aquarium. (See the beginning of the section for detailed tracking content)

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

Serpent gambles millions of dollars a month on Roobet, Stake, BC Game and Shuffle, and often shares his screen with friends on Discord.

I obtained recordings of him gambling, which accidentally revealed multiple deposit and withdrawal addresses.

Discord ID: 1269557350486904945

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

In a screen share from November 1, 2024, Serpent shared a $100K deposit and $200K withdrawal to the following addresses.

When mapping the transactions, it was found that the address had a high exposure to addresses associated with McDonald’s, Andy Ayrey, and Usher ATO.

0xb8c9c8a5756a7992df65f949b7c1423eeb435aa5

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

In the case of Andy Ayrey’s security breach, another threat actor was involved in snatching these scam projects, using the pseudonym “Dex” (from Massachusetts, USA).

He started panicking after I mentioned him in my Telegram channel last week and made up a story about being blackmailed, claiming he lost $700K. ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

Funds associated with these security breaches are currently held at the following addresses:

0xeb60a5242c1c97eb54195ec83de43bb26813c0d1

0x2355ac2929bb7051814de3c48670fccbb515d8be

4jjWZ8RaXZBqntnhu2JFidXEQWXgfKRbJQZdTHrdaqbv

Today after publishing part 1 of my investigation, Serpent started deleting all of his posts on the New X account. I suspect there are some related ATOs (aggressive transaction activity) that I have not yet been able to track directly on-chain. I have shared a detailed investigative report on one of the accounts that was compromised with a victim I am working with.

ZachXBT latest investigation: How Fortnite professional players used meme scams to steal  million?

Original link

Original article, author:区块律动BlockBeats。Reprint/Content Collaboration/For Reporting, Please Contact report@odaily.email;Illegal reprinting must be punished by law.

ODAILY reminds readers to establish correct monetary and investment concepts, rationally view blockchain, and effectively improve risk awareness; We can actively report and report any illegal or criminal clues discovered to relevant departments.

Recommended Reading
Editor’s Picks