ZachXBT Exposes $4M Social Engineering Scam: How Crypto’s Dark Underbelly Strikes Again
Crypto's favorite sleuth strikes again—this time uncovering a slick $4 million heist powered by psychological manipulation rather than code exploits.
Social engineering scams are becoming the pickpockets of Web3—no blockchain required, just human vulnerability.
The anatomy of a modern con: Hackers bypass 2FA with charm instead of brute force, proving the weakest link isn't smart contracts—it's the meatbag holding the seed phrase.
Another day, another 'decentralized' finance lesson: Your keys, your coins... and apparently, your grandma's Facebook login credentials too.
Scammer’s wallet tied to 30+ thefts
ZachXBT reported that back in November 2024, Daytwo’s worker Paranoia (Justin) stole $240K from an elderly victim. A private recording of the scam in action does exist. The theft address was bc1q35tw4f5qrfxrjy2v8g8d3majtujv28audm6yvp and AJU5yh4kDahLak4uq5n4ehJDVs2w2Lbhw9UHoseaBwV7.
The sleuth traced the stolen funds, which were split into three parts. One portion was deposited into Roobet, an online crypto casino where Daytwo frequently gambled, while the rest was converted to XMR.
4/ I went and traced out the theft and noticed the $240K was split three different ways.
A portion was deposited to Roobet and the rest was converted to XMR. pic.twitter.com/rclz1myf3X
— ZachXBT (@zachxbt) June 23, 2025
It is being revealed that Daytwo likes to gamble on Discord calls with friends. ZachXBT also dropped some recordings to show the scammer’s Roobet username ‘pawsonhips’, where he leaks his deposit address(0x940970549037634c517deb741b16112b52e0ced1) in a browser tab. On-chain data linked his Roobet deposit address to at least 30 other suspected thefts, suggesting a wider web of victims.
Crypto thief gambled it all
Daytwo’s gambling habit is a recurring theme in the investigation. Sleuth highlighted how his casino deposits shrank over time as he consistently lost money. In the end, he eventually resorted to stealing portions of funds from his accomplices. His recent casino deposit addresses were also tracked on-chain, further corroborating the scale of the scam.
It added that the scammer regularly goes on Discord calls with the group where they openly talk about laundering funds and regularly show their face. Their identity has now been revealed.
Meanwhile, Daytwo has been publicly flaunting stolen funds on social media and reportedly bought a Corvette with proceeds from his scams. He even branded the car with a sticker displaying his Instagram handle ‘daytw00000,’ directly linking his real-life identity to his online scam persona.
In a bizarre escalation, the scammer has also taunted ZachXBT by posting a photo of himself flipping off Zach’s X (formerly Twitter) account. He later set it as a cover image on his Instagram memory. The On-chain detective noted that while social engineering scammers often attempt to stay in the shadows but Daytwo’s blatant disregard for anonymity makes this an unusually easy case for law enforcement to pursue.
Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More
