ZachXBT exposes scammer Faris Ali who stole $4.3m in crypto from a Twitter user

Crypto investigator ZachXBT is at it again. This time, he’s gone after a UK scammer named Faris Ali, also known as Zay or Tommy, for his alleged involvement in a home invasion that led to a $4.3 million crypto theft.

The robbery happened in June when the victim, after suffering a crypto data breach, was forced to send millions to two addresses.

The victim shared the unfortunate news on Twitter on June 18th, right after the robbery. Most of the stolen funds remain untouched, according to Zach’s findings.

Faris Ali’s criminal history

As soon as ZachXBT got tagged by the victim, he jumped into action, digging through chat logs between Faris and his accomplice.

The two discussed their plan to disguise themselves as delivery drivers, complete with photos of the victim’s home and door, right before carrying out the robbery.

To make matters worse, just weeks before the robbery, Faris had been bragging on Telegram, sharing an image of his bail, which ultimately exposed his identity.

Zach’s investigation revealed more incriminating evidence against Faris. He found chat logs where Faris, already with a criminal record, was planning the robbery with another person.

The pair had detailed conversations, strategizing how to carry out the theft by posing as delivery drivers. Photos of the victim’s building and door were shared in these conversations.

Faris and his accomplice later sent a message confirming they were outside the victim’s home dressed in delivery uniforms.

Shortly after, they carried out the robbery, successfully forcing the victim to send over $4.3 million in crypto.

What’s even crazier is that after the incident, someone registered an ENS domain, “farisali.eth,” and sent an on-chain message that read:

“Faris, pay up no games I will be aiding the police in 24 Hours, with your full DOB/location/Addresses with images and full proof of your involvement.”

Crypto phishing attacks get more rampant

The third quarter saw over $127 million worth of cryptos stolen, with phishing attacks making up a huge part of the losses.

September alone accounted for $46 million, according to Web3 security firm Scam Sniffer. Their report said 10,800 victims were scammed, with the largest single loss happening on 28th, when a phishing attack using a permit phishing signature drained 12,083 spWETH, worth about $32.43 million.

Phishing attacks often involve tricking people into linking their wallets to fraudulent services. Once a user’s wallet is connected to a phishing website, scammers can drain the wallet without needing more authentication.

Ether was the most targeted crypto in these attacks. The fraudsters primarily targeted users on Twitter and through Google phishing ads.

As if the numbers weren’t bad enough, CertiK reported that total financial damage in the crypto space jumped by 9.5% in Q3, hitting $753 million across 155 incidents.

The Ethereum network once again suffered the most damage, with 86 hacks, scams, and exploits costing over $387 million.

Out of all the money stolen, only 4.1% of the assets were recovered, a steep drop from the 14.4% recovery rate in the previous quarter.

Scammers have learned to manipulate victims through urgent messages, fake security alerts, or enticing offers.

Sometimes they pretend to alert the user about “suspicious activity,” leading them to input their login details into a fake website, where their funds are quickly stolen.