AMLBot

@zachxbt @solidintel_x Will attackers launder the stolen money via... THORChain? 😆

@solidintel_x Think you meant to say: Source of intel is ZachXBT’s Telegram Channel t.me/investigations…

INTEL: Thorchain appears to have suffered multi-chain exploit across Bitcoin, Ethereum, BSC and Base with losses exceeding $7.4M

⚡️Just in: @zachxbt reports @THORChain was exploited on Bitcoin, Ethereum, BSC, Base for $7.4M Our tracing shows that funds were swapped to native ETH and BTC and are now lying dormant on attackers' intermediate addresses. We are actively monitoring their activity.

🔗 Full case breakdown: blog.amlbot.com/honey-trap-how…

So how do YOU avoid this? A few rules: 🔍 Always verify the full wallet address — not just the first/last characters, but also the characters in the middle 🔖Save trusted addresses in an address book, not from history ✅ Run an AML check before large transfers

🧵 Czech company lost $50k to an address poisoning attack. Here is how we traced and recovered the funds ⏬

@CyberScamWatch This entity was insane. Our tracing data showed they touched at least 69 billion USD! x.com/AMLBotHQ/statu…

CAMBODIA: Korean police arrest man accused of laundering 747 billion Korean won (US$500m) in criminal funds through Huione Pay between March 2022 and Aug 2025. 1/2 chosun.com/english/nation…

Attackers obtained $1.8M from exploiting @TransitFinance and are now holding this amount in DAI stablecoin. Project's team is now in contact with the attacker, urging him to return the funds for the bounty. Our tracing showed that part of the funds originated from HitBTC.

Dev responsible for creating the contract involved in recent @TheRoaringKitty incident was funded by ByBit and split the funds between 3 wallets directly. Some of the funds are still lying dormant.

@zachxbt It's fun how they completely disregard staying low-profile after committing crimes. Instead they flex watches on Instagram

1/ Meet Dritan Kapllani Jr, a US based threat actor tied to $19M from social engineering thefts targeting crypto holders. Dritan flexes luxury cars, watches, private jets, & clubs all over social media. Recently he was recorded on a call showing off a wallet with stolen funds.

@Aurellion_Labs suffered from an exploit leading to $456k damage. Our analysis showed that attacker was funded by Tornado Cash, sent ETH to pay comissions via Across Protocol, and after that proceeded stolen funds via LiFi. $456k were swapped to USDC on ETH and now lay dormant.

@inkfinance suffered from a security incident that led to a $140k loss. Attackers deployed his exploit at an address that matched a whitelisted address in INK's contract, this bypassing access control. Stolen funds were bridged to ETH Mainnet, and 10k USDT were sent to the attacker's second address.

@PeckShieldAlert @trustedvolumes They did not change their mind, they were stopped by the AML system integrated into @RAILGUN_Project

#PeckShieldAlert The @trustedvolumes exploiter has laundered $278K in stolen funds so far: they deposited 10.2 $ETH ($23.6K) to #TornadoCash and laundered 110 $ETH ($250K) via #THORChain to #BTC; they also attempted to deposit 0.5 $ETH to #Railgun but changed their mind and sent it back. TrustedVolumes was exploited for ~$6.7M on May 7th

Renegade Dark Pool was exploited for $209k. ‘Initializer’ on the proxy of the pool did not have access control, which allowed the attacker to set his own malicious implementation. Different ERC-20 assets were stolen and are now lying dormant at attackers’ account 0x777253F28AdC29645152b7b41BE5c772A9657777 Attackers have interacted with MEXC in the past.

On Thursday TrustedVolumes was exploited for $5.87M in different assets, including ETH, USDT and wBTC. Tracing shows that attacker has spliced funds to several addresses and swapped all tokens to native ETH. 110 ETH were swapped to BTC via @THORChain. It is notable that 0.5 ETH were sent to @RAILGUN_Project, but due to them implementing our AML blocklist, the transaction was reverted.

According to @exvulsec a security incident occurred on ETH Mainnet, with about $230k stolen and sent to address 0x224c940003dd0b8aa1a20e655ced0363d573fa46. Our tracing shows that after an unsuccessful attempt of sending funds to @RAILGUN_Project, the attacker converted funds to 0.95 WETH and 227K aEthUSDT. Funds are now lying dormant on the attacker’s address 0xe68d0c829bec9ac3310f15db179406abc6decf48.