@SpecterAnalyst

UPDATE: A few days after I posted about the criminal behavior the $LAB team are committing on Bitget, there has still been no response from @vsadkovv or @GracyBitget , and the manipulation continues. Late yesterday, a total of 100M $LAB (~$479M) was withdrawn from Bitget to 10 fresh addresses that had been funded with gas fees three days earlier. It’s interesting that a token nobody knows or uses is now among the top 140 cryptocurrencies and the second-largest holding on Bitget (21% of supply) after Bitcoin. Bitget continues to enable this crime without caring about retail users or what this could mean for the broader crypto community. Do not short tokens like this unless you are an insider who knows when the crime will end otherwise, you will lose. Stay smart.

Further tracing clustered $1M + USDT currently sitting on TRON. I’ve also tried identifying some of the top victims and reached out to them to better understand the root cause of these incidents. More theft addresses: 0x6239555CdFA7108e58D3554c0Ea66bE0236fbCe0 0x2dc9D1B0F5a91cCddBC26cec605D3Ca66EbaF2c6 0x3c9AcBdbFcA096ba838BE60727945dCaFe002487 0xAf92a6fF9d95d892B65FFd53ae43159a3C764164 0x8016FFb74eEcdE79Ff6a5f52f2db1Bf4DA6ff978 Funds here: TTMdreb7hhtp8BVUFzGK4bj8Lrz7GEL3xn TQLXH45i7JboiDVVF2jSGSiTFEfrUVm62m TAgLibdxpeNjzQT1tfJjgTSRj55G51kZEb TP7nmG6HYqCrJxpKpVcwq3d7XtFXVHaWH3 Stay smart.

We’ve seen two publicly reported key compromise incidents in the last 36 hours involving @0xUnihax0r and @Eli5defi . While the attackers are still holding the funds, I can’t yet confirm whether both incidents are linked to the same actor. However, the @Eli5defi attacker clusters with 50+ other victims. Between March 21 and May 10, the attacker stole $665K+ from more than 50 victims through wallet key compromise. The stolen funds from @Eli5defi were transferred to the wallet below and consolidated alongside funds from about five other victims: 0x9cc0831DB1b224Fd675a21aC0D0aDdA82631C665 The 0x9cc wallet previously sent 0.02 BNB as gas fees to another victim a week ago. About $41K was drained from that victim and moved to: 0x364be8180CC96eB43da4973f888Ce29cc4FB8C44 This wallet consolidated funds from four additional victims, totaling ~$55K. The 0x364b wallet later bridged the funds to BNB Chain through two txs and deposited them to HTX. Based on the movement pattern, the attacker likely used the laundering service known as AudiA6. 0xb3fD7DE3f8242D925E0EA9e1660e395def56D9C7 0x02DaadFA6bbD1d99B2D53fDC6Cbe0DeAab8FbB20 Using timing analysis, I traced the destination flow to Solana: GxUuL44G57B4qT1hmhH2THBXd5Zr9bRhtfsaeHRYXJJW J1XSfoR9Ww9tzACSyHXjiJc8MikCWfVQFmG2XMhb1odK The funds were later deposited into KuCoin and subsequently withdrawn to Tron: TQLXH45i7JboiDVVF2jSGSiTFEfrUVm62m The wallet currently holds $173K USDT. Tracing back the wallet links this cluster to more than 50 victims and ~$665K in losses since March 21, excluding the @0xUnihax0r incident, since I haven’t yet confirmed whether the same actor is involved. What I can say so far: Some victim wallets are 4–8 years old, while others are less than a year old Some wallets were highly active, while others had only a single inbound transaction Victims used different wallet providers Just over a week ago, I reported another ~$800K stolen through key compromise incidents: https://t.co/jLryDEx8vK I still can’t determine exactly how the keys were leaked. I’ll likely need to speak with some victims directly and gather more information. Still tracing the funds... Stay smart.

I started blockchain investigation to provide assistance to the community and help victims of hacks and exploits. Since then, I’ve offered pro bono support on several cases involving stolen funds and on-chain investigations. If you’ve found any of my work valuable, I’d appreciate your support in the giveth ongoing quadratic funding round. Even a $1 donation can make a difference 🤝 https://t.co/bi1pD9EDmJ

Price manipulation now happens almost every week, with $LAB by @LABtrade_ becoming the latest pump-and-dump token while Bitget continues playing the usual CEX role. The LAB team, @vsadkovv, appears to control a significant portion of the supply. Wallets linked to the team still hold large allocations: 0x7Cfd8d2d8626B287bEA569b5e65AB5CBb75E9265 0x78a79D0fa0Eaf58741f5Bde7E05b5CC8F33D24d3 0x36FC85Ec486C254c9564d66de8c4210a1A20C291 0xf79ff8a5052E969a6d13E18c4E439fE5202B02Fa 0xB4b74D63F30076870d54aB9E8E6a7D18293273c3 0xe03722dedBf090Ad7A1C8F82ceB86637053E21dd On April 8, a wallet linked to the team (0xe037) deposited 40M LAB worth $13.6M to Bitget: 0x77156a0a621d2Ac7A075C0AC3172707C2e4aa191 The LAB price started pumping on May 1, but a week earlier wallets linked to the team deposited 96M LAB worth around $63M to Bitget: 0xDd77BFbDc11Cd37fD255AE35A4ac39Df1F9d570a 0x6593aa6c31C88397c37f71259625EC92Fe4EE0bF This looks coordinated. Gas fees (0.14 BNB) were distributed a week earlier 0x50f2760fd5E6d546EE7dcEB617F33497A3C38593 0x0559694BbB47dbA8Bc3B7ac93004EF401F2da16d The wallet below has also been aggressively buying $LAB on-chain and depositing to Gate and Bitget, including tokens like $SkyAI, which surged 1000% in the last 30 days: 0x11fc12b988933966688d33B70651B5f2f450963C It has been weeks since @GracyBitget promised an investigation, yet there has been no public update. If platforms cannot conduct internal investigations, identify coordinated manipulation, or provide transparency on who is behind these activities, confidence in market integrity keeps declining. ZachXBT still has a reward open for credible intel that lead to identifying the actors behind this operation. Stay smart.