On-chain detective ZachXBT has identified connections between the hacking of two Hollywood celebrities’ X accounts, which was used to create a meme coin scam, and convicted British hacker Gurvinder Bhangu, aka Gurv.
In an X thread today, July 30, well-known anonymous crypto researcher ZachXBT revealed his investigation into two recent high-profile X account hacks. The compromised accounts of actors Sydney Sweeney and Bob Odenkirk were reportedly used to promote scam meme coins that generated $530,000 in stolen funds.
According to ZachXBT’s investigation, on July 2, Sweeney’s X account was compromised and posts began appearing from the actor’s hacked account promoting a Solana-based token called “$SWEENEY.” Within two hours, the scam token’s trading volume had exceeded $10 million, causing its price to skyrocket and then crash.
2/ On July 2, Sydney Sweeney’s SIM card was changed and a link to a meme coin was shared, causing the price to skyrocket and then drop.
SWEENEY scam team wallets sold for over $515K
Main team wallets
AgySZeAtqM3iSbvMPxv2g94oTd3segx4WdKuFD7M5CEr
jQEaiiAkRGhFoCDnjxn6mmtrksC4EckF38fxkaNMs1j picture.twitter.com/Vm0txgjl7B
— ZachXBT (@zachxbt) July 30, 2024
The attack coincided with reports that Sweeney’s Verizon phone number had been compromised. 404 media obtained a Verizon receipt from the same day showing a $37.54 money order, confirming that Sweeney was the victim of a SIM card swapping attack.
According to ZachXBT, Gurv, who was previously convicted in the UK for hacking Instagram accounts and threatening to blackmail users, received the verification codes for Sweeney’s account via Telegram, strengthening the connection between Gurv and the hack.
ZachXBT emphasized that the attacker used the same Telegram user ID in multiple groups to obtain the code, and linked his time in prison and the attacks to this.
The crypto researcher added that the proceeds from the attack were initially transferred to an exchange as Solana (SOL), where the funds were exchanged for Bitcoin (BTC) and Ethereum (ETH) and then distributed to several addresses. According to ZachXBT, on-chain activity suggests that multiple people were involved in the scam.
The investigation revealed that another 1.5 ETH was sent to the exchange from a wallet connected to the Sweeney SIM card on July 9.
Odenkirk was also hacked
The investigator linked the Sweeney hack to a very similar attack on actor Bob Odenkirk’s X account, which also occurred on July 9. After taking over Odenkirk’s X account, the hacker(s) launched and released two scam meme coins, KIRK and SAUL. This time, the scammers stole less money, likely because the two coins were a distraction.
At the time of ZachXBT’s reporting, wallets connected to both the Sweeney and Odenkirk scams held approximately $488,000. The remaining funds were “diverted to crypto casinos and purchasing gift cards.” ZachXBT concluded the X-series with a call to local law enforcement:
“I hope UK law enforcement will use the vast amount of evidence at their disposal to track down Gurv without delay.”
The Sweeney and Odenkirck scams are part of a trend of celebrities promoting scam meme coins through compromised accounts or, in some cases, alleged social engineering scams.