- Trending
- Comments
- Latest
Dubai authorities arrested a British man suspected of orchestrating major cryptocurrency thefts after blockchain investigator ZachXBT traced 3,670 ETH worth roughly $10 million to a single wallet.
The suspect, identified as Danny Khan (also known as Danish Zulfiqar), is allegedly linked to hacks targeting Genesis creditors and cybersecurity firm Kroll, according to a superseding indictment filed this week.
ZachXBT reported that the suspect was last seen in Dubai, where authorities allegedly stormed a villa and detained several individuals.
Multiple community sources noted that the suspect and his associates have gone silent online adding weight to claims that a coordinated operation was executed. Hours after the raid, a superseding indictment confirmed that the British cybercrime suspect had indeed been arrested.
The investigator has followed the British cybercrime suspect since 2024, linking him to the theft of funds belonging to a Genesis creditor.
The alleged operation involved co-conspirators Malone Lam, Veer Chetal, Chen, and Jeandiel Serrano who reportedly carried out a sophisticated social engineering attack by impersonating Google and Gemini support. According to ZachXBT, the British cybercrime suspect played a pivotal role in orchestrating the scheme which began on August 19, 2024.
In that attack, the group convinced a victim to reset two factor authentication, transfer Gemini funds, and reveal private Bitcoin keys through the remote desktop tool AnyDesk. A Discord video allegedly showed the team including the British cybercrime suspect celebrating as Gemini transaction records displayed the movement of stolen Bitcoin into wallets under their control.
The stolen assets were later split among conspirators and routed through more than 15 crypto exchanges with conversions spanning Bitcoin, Litecoin, Ethereum, and Monero.
ZachXBT also tied the British cybercrime suspect to the August 2023 Kroll SIM swap incident which exposed creditor data for BlockFi, Genesis, and FTX. That breach occurred after a hacker accessed a Kroll employee’s T-Mobile account via SIM swapping a method the British cybercrime suspect has allegedly used in previous operations.
While official confirmation of the British cybercrime suspect’s arrest has not yet been released by authorities multiple independent sources say the investigation is active and ongoing.
The mounting evidence suggests that the British cybercrime suspect may be connected to a long series of coordinated cyber intrusions and cryptocurrency heists stretching across multiple jurisdictions.
