ZachXBT Says Suspected $243M Genesis Hacker May Have Been Arrested in Dubai

What Did ZachXBT Claim About the Suspected Hacker?

Onchain investigator ZachXBT said Friday that a British threat actor tied to a $243 million theft from a Genesis creditor on Gemini may have been taken into custody in Dubai. In a Dec. 5 Telegram post, he wrote that “British threat actor Danny / Meech aka Danish Zulfiqar (Khan) appears to have likely been arrested by law enforcement and had crypto assets seized.”

He pointed to roughly $18.58 million in digital assets currently held at ETH address 0xb37...9f768, which he said was linked to the suspect. According to ZachXBT, “multiple addresses tied to him I was tracking consolidated funds to 0xb37d in a similar pattern to other law enforcement seizures.”

He added that Danny was “last known to be in Dubai” and that it was “alleged a villa was raided and others there were arrested as well.” ZachXBT said several people who had been in contact with the suspect had since gone quiet, adding to his belief that police activity may have taken place.

As of publication, Dubai Police and UAE regulators have not issued statements confirming any arrests, raids or seizures, and no local reporting has verified the claims.

Investor Takeaway

What Happened in the $243 Million Genesis Creditor Heist?

The case stems from one of the largest known thefts targeting an individual crypto holder. In September 2024, ZachXBT published a detailed account alleging that three attackers stole 4,064 BTC — worth roughly $243 million at the time — from a Genesis creditor using Gemini as the platform interface. The funds were taken on Aug. 19, 2024.

The attackers allegedly used social engineering to impersonate Google support and convinced the victim to reset . With remote access software installed, they gained deeper control, obtained Secret keys and drained the wallet. The BTC was then routed across platforms and swap services to disguise the flow of funds.

ZachXBT identified three online aliases tied to the operation — “Greavys,” “Wiz,” and “Box” — and later associated them with Malone Lam, Veer Chetal and Jeandiel Serrano. He shared his findings with law enforcement shortly later than the thread went live.

How Have U.S. Prosecutors Addressed the Case?

In the months that followed, U.S. prosecutors brought a series of cases tied to the identical network. In September 2024, the two individuals with taking part in what it described as a roughly $230 million cryptocurrency scheme that involved draining victim accounts.

Later filings unsealed broader racketeering cases, alleging a $263 million criminal operation encompassing the theft of more than 4,100 BTC from the Genesis creditor. The court documents described coordinated social engineering, SIM swaps and even physical intrusions used to access devices and authentication tools.

Prosecutors said the group spent millions of dollars on luxury cars, travel and nightlife while across a mix of services. One of the alleged participants, identified as Chetal, was accused of taking part in another $2 .

Investor Takeaway

Where Does the Dubai Angle Fit In?

ZachXBT has repeatedly pointed to Dubai as a residence or travel hub for suspects tied to past crypto thefts. In this case, he said Danny was “last known to be in Dubai,” and alleged that authorities raided a villa where the suspect and others had been staying.

However, without confirmation from the UAE, it is unclear whether any action has taken place. The absence of public statements is not unusual in cases involving cross-border investigations, private sector intelligence and incomplete reporting chains.