A suspected British hacker linked to one of the largest single Bitcoin thefts ever recorded may have been detained in Dubai, according to claims made Friday by on-chain investigator ZachXBT.

In a post shared on his Telegram channel on December 5, ZachXBT said a man known online as “Danny” or “Meech,” identified as Danish Zulfiqar, appears to have been taken into custody by authorities, with a portion of the stolen crypto allegedly seized.

He pointed to roughly $18.58 million in digital assets now held in a single Ethereum wallet that he says is connected to the suspect.

ZachXBT noted that several wallets previously tied to the alleged hacker had funneled funds into the same address in a pattern commonly seen during law enforcement seizures.

He also claimed Zulfiqar was last known to be in Dubai, where a villa was reportedly raided.

Authorities Silent as Reports Surface of Possible Arrest in $243M Bitcoin Hack

According to the investigator, others linked to the suspect have also gone silent in recent days.

So far, there has been no official confirmation from Dubai Police or UAE authorities regarding any arrest, asset seizure, or raid connected to the case.

Local media outlets in the region have also not verified the claims.

The possible arrest follows months of investigation into the August 19, 2024, theft of 4,064 Bitcoin, worth about $243 million at the time. The funds were taken from a single Genesis creditor who accessed assets through Gemini.

ZachXBT made the case public in September, alleging the theft was carried out through a coordinated social engineering attack.

According to his findings, the attackers posed as Google support staff and convinced the victim to reset two-factor authentication.

They then used remote access software to take control of the account. After extracting the private keys, the attackers drained the wallet and moved the Bitcoin through a web of exchanges and swap services in an attempt to launder the funds.

ZachXBT initially tied the attack to three online aliases, “Greavys,” “Wiz,” and “Box”, later naming Malone Lam, Veer Chetal, and Jeandiel Serrano as the people behind those accounts.

He said his findings were shared with law enforcement authorities.

U.S. Charges, UK Guilty Plea, Thailand Arrest Mark New Phase of Crypto Crime Probes

U.S. prosecutors later filed criminal cases connected to related activity. In September 2024, the Department of Justice charged two suspects in a $230 million crypto fraud scheme.

Broader racketeering charges later described an operation totaling more than $263 million, including the Genesis-linked Bitcoin theft. Court documents outlined a mix of SIM swaps, social engineering tactics, and even physical burglaries.

Prosecutors said the stolen funds were spent on high-end cars, travel, and nightlife. One of the defendants, Veer Chetal, was later accused of carrying out another $2 million crypto theft while out on bond.

ZachXBT has also connected Zulfiqar to the August 2023 Kroll SIM swap incident, which exposed the personal data of creditors tied to BlockFi, Genesis, and FTX.

That breach later played a role in more than $300 million worth of crypto thefts through follow-up phishing and impersonation schemes.

The reported Dubai development comes as crypto-related law enforcement activity continues to pick up worldwide.

In October, Thai authorities arrested Liang Ai-Bing in Bangkok over an alleged $31 million crypto Ponzi scheme that ZachXBT had previously exposed.

Thai police arrest alleged FINTOCH mastermind behind $31 million crypto Ponzi scheme that defrauded investors across multiple Asian countries.#Thailand #Policehttps://t.co/Mccq2KpZfb

— Cryptonews.com (@cryptonews) October 30, 2025

In the UK, authorities recently secured a guilty plea from Zhimin Qian in a case tied to what officials described as the largest crypto seizure in history, involving more than $6.7 billion in Bitcoin.

Outside of investigations, ZachXBT has also remained active in public disputes.

In November, he clashed with UFC fighter Conor McGregor over comments about Khabib Nurmagomedov’s NFT project, redirecting attention to McGregor’s own failed meme coin venture earlier this year.

The post ZachXBT: British Hacker Linked to $243M Genesis Theft Likely Nabbed in Dubai appeared first on Cryptonews.

A Florida appeals court has reinstated a lawsuit accusing Binance of failing to freeze and recover roughly $80 million worth of stolen Bitcoin, reopening a case that had previously been dismissed over jurisdictional grounds.

According to Bloomberg Law, Florida’s Third District Court of Appeal ruled Wednesday that the lower court erred when it concluded it lacked personal jurisdiction over Binance Holdings Inc.

According to Bloomberg Law, Florida’s Third District Court of Appeal ruled Wednesday that a user who alleges roughly $80 million in BTC was stolen on Binance may revive a state-level lawsuit, finding the trial court erred in concluding it lacked personal jurisdiction over…

— Wu Blockchain (@WuBlockchain) December 4, 2025

The decision allows the plaintiff to proceed with a state-level lawsuit alleging that Binance failed to act quickly after the theft was reported.

Appeals Court Reverses Dismissal Saying Use of AWS Ties Binance to Florida

The case stems from a 2022 incident in which the plaintiff, identified as Michael Osterer, reported that about 1,000 Bitcoin was stolen from his wallet.

He claims the hackers transferred the funds to a Binance account, where the assets were converted and withdrawn before the exchange intervened.

Osterer alleges that Binance was negligent, breached its contractual duties, and enabled the laundering of stolen property by failing to freeze the assets promptly.

Osterer is seeking the full value of the stolen Bitcoin, estimated at roughly $80 million, along with interest. In 2023, he also attempted to expand the case into a class action on behalf of other victims whose stolen assets were allegedly routed through Binance.

A trial court initially dismissed the lawsuit after determining that Binance, which operates offshore, did not have sufficient connections to Florida to be sued in the state.

The appeals court overturned that finding, ruling that Binance’s U.S.-facing affiliates and its reliance on U.S. infrastructure were enough to establish jurisdiction.

The court specifically pointed to the exchange’s use of Amazon Web Services and its U.S. operational footprint as valid contacts with Florida.

The decision sends the case back to trial court, where Osterer will again be allowed to argue his claims under Florida state law.

The ruling adds to legal pressure on offshore crypto exchanges that have previously relied on jurisdictional defenses to block U.S. lawsuits involving stolen assets.

Binance may still seek to appeal the ruling or attempt to shift the dispute into arbitration, a strategy the company has pursued in other U.S. cases.

Even After Zhao’s Pardon, Binance Faces Fresh Legal Heat in the U.S.

The revived lawsuit comes as Binance continues to face sustained legal scrutiny in the United States. In November, the exchange and its founder, Changpeng Zhao, were named in a federal lawsuit filed by the families of victims of the October 2023 Hamas attack.

Families of the Hamas 2023 attack victims have sued Binance and CZ for facilitating $1 billion in crypto to the accounts of terror groups.#HamasCryptoFunding #Binance #ChangpengZhaohttps://t.co/lLG1d5D75l

— Cryptonews.com (@cryptonews) November 25, 2025

The plaintiffs accused Binance of knowingly facilitating crypto transactions tied to the militant group and helping move more than $1 billion through accounts linked to terrorist organizations.

Binance has denied the allegations and said it complies with international sanctions laws.

Earlier this year, Binance also sought to dismiss a separate class action brought by U.S. investors in California, arguing that an arbitration clause in its user agreement required private dispute resolution.

That case is tied to broader securities law claims alleging the exchange promoted unregistered crypto tokens and misled investors.

Binance is trying to dismiss a U.S. class action lawsuit, saying users agreed to arbitration—not court.#Binance #Securities #CryptoLawsuithttps://t.co/c8VGpdC7CI

— Cryptonews.com (@cryptonews) May 20, 2025

Binance’s legal disputes in the United States have already led to some of the largest settlements in crypto history. In November 2023, the exchange agreed to pay $4.3 billion to resolve charges brought by the DOJ over violations of the Bank Secrecy Act.

Also, CZ pleaded guilty to a related criminal offense and accepted a separate $150 million personal settlement. Binance also paid $2.7 billion to settle a civil case with the Commodity Futures Trading Commission.

In May 2025, the U.S. Securities and Exchange Commission dropped its civil enforcement lawsuit against Binance and Zhao, bringing an end to a legal battle that had lasted more than two years.

Months later, in October, President Donald Trump issued a pardon to Zhao, wiping away the criminal conviction tied to the Justice Department case.

The post Florida Court Revives $80M Binance Lawsuit Over Stolen Bitcoin Claims appeared first on Cryptonews.

Yearn Finance reported that a legacy yETH product was hit by an exploit that allowed an attacker to mint a massive amount of fake tokens and swap them for real assets.

According to on-chain alerts and protocol statements, the attacker created a near-infinite supply of yETH in a single transaction, then used those tokens to pull ETH and liquid-staking derivatives from liquidity pools.

The incident was first flagged on November 30, 2025, and the total impact has been reported at roughly $9 million.

#PeckShieldAlert Yearn Finance @yearnfi suffered an attack resulting in a total loss of ~$9M.

The exploit involved minting a near-infinite number of yETH tokens, depleting the pool in a single transaction.

~1K $ETH (worth ~$3M) was sent to #TornadoCash, while the exploiter’s… pic.twitter.com/IXNygpwoWa

— PeckShieldAlert (@PeckShieldAlert) December 1, 2025

How The Exploit Worked

Based on reports, the attacker took advantage of a flaw in the yETH minting logic and produced tokens on the order of 235 trillion in one go.

Those worthless tokens were then swapped for real assets from Balancer and Curve pools tied to the product, emptying liquidity in minutes. Chain monitors and security researchers showed the mint and subsequent swaps unfolding very quickly on the blockchain.

At 21:11 UTC on Nov 30, an incident occurred involving the yETH stableswap pool that resulted in the minting of a large amount of yETH. The contract impacted is a custom version of popular stableswap code, unrelated to other Yearn products. Yearn V2/V3 vaults are not at risk.

— yearn (@yearnfi) December 1, 2025

What Assets Were Taken

Reports have disclosed that roughly $8 million was pulled from the main yETH stable-swap pool, while about $0.9 million was taken from a yETH–WETH pool.

In addition, roughly 1,000 ETH—valued at about $3 million at the time of movement—was sent to Tornado Cash in attempts to obscure the trail. The attacker converted fake yETH into a mix of ETH and liquid staking tokens before attempting to launder funds.

Impact On Yearn’s Core Products

According to Yearn officials and follow-up coverage, the breach was limited to an older, legacy implementation of the yETH product and did not affect Yearn’s main V2 and V3 vaults.

Deposits into the affected pool were isolated while the team and outside experts began an investigation. This isolation is said to have kept the bulk of user funds in active vaults from being touched.

Market Reaction And Wider Concerns

Crypto markets saw selling pressure as the news spread, with traders weighing the risk that comes from combining liquid staking tokens with custom swap code.

Yearn Finance said it is working with outside security teams to run a post-mortem and to patch the vulnerability. Based on reports, teams named in coverage include external auditors and blockchain investigators who are tracking the stolen funds and advising on recovery options.

The protocol’s notice warned users about the affected legacy product and urged caution while the review continues.

Featured image from Unsplash, chart from TradingView

Upbit, South Korea’s biggest cryptocurrency exchange, said it found unusual withdrawals from one of its Solana hot wallets and moved quickly to stop trades and protect customers.

According to company statements and law enforcement sources, about 44.5 billion Korean won — roughly $32 million — vanished in the incident that surfaced late November 2025. Upbit paused deposits and withdrawals and said it would repay affected users from its own reserves.

Suspected North Korean Ties

Based on reports from investigators and industry watchers, authorities are examining links to the Lazarus Group, a cyber unit long tied to North Korea.

Security teams point to methods similar to earlier attacks attributed to the same group, including a major breach in 2019 that took 342,000 ETH from the exchange.

Officials say the pattern of rapid withdrawals, quick cross-chain transfers, and spreading funds across many wallets matches tactics used in past nation-linked operations.

today south korea blamed north korea for the upbit hack nice headline but that part came later

so what actually happened?

an unknown attacker drained a few of upbit’s hot wallets waited a bit then started moving funds across chains

at some point the hacker bridged usdc from… pic.twitter.com/swq8yjIOLR

— trix (@trixwtb) November 28, 2025

How The Funds Were Moved

Reports have disclosed that the stolen tokens were moved off Solana, converted through several bridges, and routed through multiple chains to make tracking harder.

Transfers happened fast and in many small transactions, which complicates tracing attempts on the blockchain. Blockchain analysts are combing transaction histories, but the bridge conversions and mixing steps slow down any straightforward recovery efforts.

On-Site Checks And Ongoing Forensics

Authorities have launched inspections at Upbit’s systems and are reviewing logs, admin access records, and wallet backups.

According to sources close to the probe, investigators suspect an admin credential compromise or impersonation rather than a simple software flaw in Upbit’s servers.

While evidence is still being gathered, forensic teams are looking for the entry point used to sign the withdrawal transactions and any indicators of outside control.

Investigation And Market Impact

The timing of the theft drew attention because it coincided with corporate news: Upbit’s parent, Dunamu, had public talk of a merger with Naver valued at about $10.3 billion.

Market players noted the coincidence, and some suggested the attack could aim to distract or unsettle stakeholders. For investors, exchanges, and regulators, the incident renews calls for stricter custody controls, better separation of hot and cold wallets, and clearer rules for large crypto platforms.

Yonhap News reports that South Korea’s largest crypto exchange, Upbit, suffered a hack worth about 44.5 billion KRW ($32 million). Authorities are investigating whether North Korea’s Lazarus Group was behind the attack. The group was also linked to Upbit’s 2019 theft of 58…

— Wu Blockchain (@WuBlockchain) November 28, 2025

Upbit has pledged full reimbursement to users hit by the theft and says it will share findings when the probe allows. Based on reports, tracing and recovery work is ongoing but will be slow because of how the assets were fragmented and moved across chains.

Watchers say confirmation of Lazarus involvement would mark another example of how state-linked actors continue to target major crypto firms.

Authorities have not yet publicly released a definitive attribution. The next steps to watch include any formal statements from prosecutors, whether any of the moved funds are frozen or returned, and how regulators will respond to reduce the chance of similar losses.

Featured image from Advance Innovations, chart from TradingView