A well-known blockchain investigator believes a key suspect in one of the largest individual crypto thefts to date may now be in police custody. Pseudonymous crypto sleuth ZachXBT said on Friday that a British threat actor tied to the $243 million theft from a Genesis creditor on Gemini appears to have been arrested and had digital assets seized.
In a Dec. 5 update shared on his Telegram channel, ZachXBT alleged that “Danny” or “Meech,” also known as Danish Zulfiqar (Khan), is the individual potentially detained by authorities. He pointed to roughly $18.58 million in crypto currently held at Ethereum address “0xb37...9f768,” which he said has been linked to the suspect. According to the investigator, several wallets connected to the individual had funneled funds into the same address in a pattern he described as similar to other law enforcement seizures.
ZachXBT added that the suspect was last believed to be in Dubai. He claimed a villa may have been raided and that others connected to the individual were possibly detained as well. In his post, he noted that several people previously in contact with the suspect had recently gone silent, which he suggested could be connected to the reported enforcement action.
As of now, there are no public statements from Dubai Police or UAE authorities confirming any arrests, raids, or asset seizures. No local media reports have corroborated a law enforcement operation tied to Zulfiqar or the Genesis creditor hack.
A complex investigation dating back to August 2024
The claims mark the latest development in a months-long investigation into the August 19, 2024 theft of 4,064 bitcoin, valued at approximately $243 million at the time. The funds belonged to a single Genesis creditor who managed assets using Gemini as the exchange interface.
According to earlier findings published by ZachXBT and supported by subsequent reporting, attackers gained access through advanced social engineering techniques. They allegedly impersonated Google support staff, persuaded the victim to reset two-factor authentication for their Gemini account, and used remote access tools to take control of the victim’s device. From there, they accessed private keys and emptied the wallet, sending the stolen bitcoin through a complex trail of exchanges and swap services.
In previous reports, ZachXBT identified three individuals known by the handles “Greavys,” “Wiz,” and “Box,” later alleged to be Malone Lam, Veer Chetal, and Jeandiel Serrano. Their names were shared with law enforcement, and U.S. prosecutors have since brought multiple criminal cases tied to related activity.
The U.S. Department of Justice charged two suspects in September 2024 in connection with what it described as a $230 million crypto theft scheme. Broader racketeering indictments later surfaced, outlining a criminal operation worth roughly $263 million, including more than 4,100 bitcoin stolen from a Genesis creditor. Court filings described a network of social engineering scams, SIM swaps, and even physical break-ins, with proceeds allegedly spent on luxury goods, travel, and nightlife.
One defendant, Chetal, reportedly faced additional charges after authorities accused him of participating in a separate $2 million crypto theft while out on bond.
