This $28M Crypto Hack Was Nearly Perfect — Until ZachXBT Stepped In

Investigator Follows the Trail Through Mixers and Privacy Networks

On-chain investigator ZachXBT has uncovered new evidence in one of the largest crypto hacks of 2024 — the attack on the Bittensor protocol, which led to the theft of approximately $28 million in TAO tokens.

Despite the hacker’s use of Railgun’s privacy system, ZachXBT successfully traced the movement of the stolen funds, eventually identifying a key suspect linked to the operation.

According to the analyst, the attackers initially withdrew assets through instant exchanges, converting them into Monero. Later, they transferred about $5 million to Railgun using Ethereum, USDC, and WETH. While Railgun, much like Tornado Cash, promotes itself as a tool for private transactions, it has also been exploited to conceal stolen crypto assets.

How NFTs Helped Hide the Trail

ZachXBT’s investigation relied on precise timing and value matching to connect deposits and withdrawals within the Railgun system.

After the withdrawals, the stolen assets were divided among three wallets that were later used to buy and resell anime-themed NFTs. While fake NFT trading is uncommon for laundering crypto, in this case it helped disguise the transfers.

One of these addresses was tied to a Bittensor user known as Rusty, creator of Skrtt Racing — a project that allowed cryptocurrency betting on Hot Wheels–style toy races. ZachXBT later determined that the individual, identified in court records as Ayden B, denied involvement in the hack but confirmed ownership of the wallets connected to the suspicious transactions.

The investigator expressed hope that the evidence collected could form the basis of a criminal case.