How One Rug Pull Victim Became Crypto's Most Feared Investigator

What makes someone dangerous isn’t a badge, a salary, or a team of analysts. It’s the refusal to forget. In 2018, a person who would later become known as ZachXBT lost $15,000 in Ethereum to rug pulls and a wallet hack. Instead of walking away like most victims do, he opened Etherscan and decided to learn why. That decision transformed a scam victim into the blockchain investigator that law enforcement and venture capital firms now consult directly. By 2025, Paradigm would bring him on as their Incident Response Advisor, and Matt Huang would credit him with recovering over $350M for victims across the industry.

The Rug Pull That Changed Everything

The story doesn’t begin with a genius or a prodigy. It begins with loss. In 2018, when rug pulls and hacks were still relatively new, Zach lost his $15,000 in ETH. The difference between him and other victims wasn’t luck or special training. It was curiosity combined with stubbornness. He didn’t move on. Instead, he treated Etherscan like a crime scene. He started following wallet movements: Wallet → Contract → Bridge → Mixer → Exchange. Each connection was a thread. Each thread led somewhere. This wasn’t a forensic technique taught in universities. It was self-taught reverse engineering using nothing but public blockchain data and an unwillingness to accept loss as final.

Reading Block Explorers Like Crime Scenes

What ZachXBT developed was a method, not just a talent. By May 2021, when he went public with his first investigation, he had already spent years learning how money moves through the blockchain ecosystem. His initial cases exposed projects like Impact Theory and Rogue Society, where 15,777 NFTs had been minted before developers simply disappeared. Zach didn’t just notice they were gone—he mapped the wallet flows, retrieved the Discord receipts, and posted the evidence publicly. The founder of Rogue Society emerged from hiding within days.

This wasn’t investigative journalism. This was investigative transparency. Every step was done in public, every finding was verifiable, and every accusation was backed by on-chain data that anyone with an Etherscan link could independently verify.

When Rug Pulls Turn Into Case Studies

The cases escalated in both complexity and impact. When Pixelmon collapsed in a $70M disaster, Zach exposed something more damaging than the rug pull itself: he proved that the team’s mint funds had been diverted to purchase Bored Apes NFTs for personal use. He then dismantled an associated phishing ring that had stolen $2.5M in BAYC NFTs, mapping the wallet flows and handing the findings directly to law enforcement. Five arrests followed in France. The police thanked him publicly—a moment that signaled a shift: blockchain investigations were now visible to governments.

In 2022, his 10-part investigation into Machi Big Brother linked 21 distinct wallets to $37M in missing funds. Machi sued him for defamation. The crypto community crowdfunded $1M for his legal defense. He didn’t retract a single claim. Machi dropped the lawsuit.

From Wallet Tracking to $350M Recovery

But the real test came when ZachXBT turned his attention to nation-state actors. He tracked the Lazarus Group—North Korean state-sponsored hackers—through their operations on the Ronin and Harmony bridges. He mapped $200M in fund flows as they passed through Tornado Cash, ChipMixer, and Asian exchanges. Then he handed those maps directly to law enforcement. Funds were frozen. That’s when the story stopped being about one person with a cartoon platypus avatar and started being about systemic impact.

The US Secret Service cited his work. French cybercrime units contacted him directly. Arkham offered him compensation to help unmask wallet owners. He exposed celebrities and influencers—BitBoy, Logan Paul, Lark Davis, Kyle Chasse—who had promoted scams. Over four years, he published more than 200 investigations. None of it required a license, an office, or an employer. None of it required anything except public data and the refusal to accept that scams were inevitable.

The Anonymous Platypus That Moves Markets

In 2025, when Paradigm formalized his role as Incident Response Advisor, it wasn’t a surprise. Matt Huang and the venture capital world had already been watching. The recovery figure—$350M—wasn’t just a number. It represented victims who got their funds back because one person decided that block explorers were tools for justice, not just curiosity.

ZachXBT still uses the same cartoon platypus avatar. He still hasn’t shown his face. He still doesn’t track wallets for personal gain—he tracks behavioral patterns, maps hidden pipelines, uses only public tools, and posts proof first. The system exposes the scammers.

What began as a personal rug pull became an industry standard for accountability. The question now isn’t whether blockchain investigations work. It’s why every victim doesn’t have access to someone willing to do what he did.