ZachXBT’s investigation has linked addresses connected with a former professional Fortnite player and cybersecurity analyst to multiple high-profile account takeovers.
Blockchain investigator ZachXBT has accused an Australian former professional Fortnite player and blockchain security analyst of orchestrating memecoin scams that allegedly stole approximately $3.5 million.
In a thread posted on X on November 27, ZachXBT stated that wallet addresses linked to the ex-Fortnite player, known as “Serpent,” were “highly exposed” to multiple Pump.fun memecoin scams tied to hacked social media accounts.
The former gamer, expelled from the esports organization Overtime in June 2020 for alleged cheating according to gaming network Ginx.tv, was also active on X as a security analyst and the creator of a threat mitigation system called Sentinel.
“Over the past few months, I have been tracking a series of related compromises for McDonald’s, Usher, Kabosu Owner, Andy Ayrey, Wiz Khalifa, SPX 6900, etc., on X & IG which has resulted in an estimated $3.5M+ stolen via launching Pump Fun meme coins,” ZachXBT wrote.
The investigator uncovered that a wallet tied to Serpent’s project, “ERROR” (allegedly a rug pull), was “directly connected” to multiple account hacks, including those of McDonald’s, Usher, Andy Ayrey, Dean Norris, and Enoshima Aquarium.
ZachXBT also alleged that Serpent was “gambling the proceeds away at online casinos” and cited recordings showing a deposit and withdrawal address linked to addresses involved in the account takeovers.
Following the publication of the first part of the investigation on November 26, ZachXBT reported that Serpent began deleting all posts from his new X account.
In 2022, Serpent presented himself as a cybersecurity analyst and shared a guide on his now-suspended X account, explaining how scammers exploit inexperienced crypto users through fake websites, hacked verified accounts, phishing schemes, and fraudulent airdrops.
Serpent, who also founded the threat mitigation system Sentinel, had previously warned users about vulnerabilities in Google Ads in 2022, according to blockchain security firm SlowMist.