ZachXBT says UK linked suspect in $243M Genesis theft likely detained

In a post on his official Telegram channel on December 5, ZachXBT alleged that “Danny / Meech,” also known as Danish Zulfiqar (Khan), appears to have been arrested. He cited roughly $18.58 million in crypto held at Ethereum address 0xb37…9f768, which he linked to the suspect, and said multiple addresses “tied to him” consolidated funds to 0xb37d in a pattern he associates with law‑enforcement seizures.

ZachXBT added that the suspect was last known to be in Dubai and alleged that a villa was raided, with others there also detained. He wrote that several individuals previously in contact with the suspect had become unresponsive in recent days.

As of publication, there have been no public statements from Dubai Police or UAE regulators, and no local media reports confirming a raid, arrests or seizures connected to Zulfiqar, the Genesis creditor theft or the Kroll SIM‑swap incident. The Block has not independently verified the claims.

Below is background on the Genesis creditor theft.

On August 19, 2024, attackers stole about 4,064 BTC – then valued near $243 million – from a single Genesis creditor who used Gemini as the exchange interface, according to a September 2024 investigation published by ZachXBT and subsequent reporting by The Block. The theft relied on social‑engineering tactics that allegedly began with impersonation of Google support, followed by a two‑factor reset on the victim’s Gemini account and remote‑access malware that enabled deeper system control. The perpetrators then obtained private keys and moved funds through exchanges and swap services. 

ZachXBT’s 2024 thread identified three primary suspects by online handles – “Greavys,” “Wiz” and “Box,” later alleged to be Malone Lam, Veer Chetal and Jeandiel Serrano – and said the findings were shared with law enforcement. U.S. prosecutors later brought related cases. In September 2024, the Department of Justice charged two people in connection with what it described as a roughly $230 million crypto theft from victim accounts, and later unsealed broader racketeering indictments alleging a $263 million scheme that included the theft of more than 4,100 BTC from a Genesis creditor.

Court filings and coverage described a mix of SIM‑swaps, social engineering and physical burglaries, with conspirators allegedly spending millions on luxury goods and travel. One defendant identified as Chetal was later accused of taking part in a separate $2 million crypto theft while out on bond.

As GNcrypto wrote previously, on November 20, 2025 on‑chain investigator ZachXBT flagged a $3.1 million exploit at GANA Payment on BNB Smart Chain. Funds were quickly consolidated, swapped into BNB, and routed through Tornado Cash on BSC, with additional proceeds bridged to Ethereum and mixed there as well. The case underscored a familiar playbook on BNB Chain – vulnerable contracts, rapid liquidity drains, cross‑chain movement and mixer use – reinforcing the need for stricter audits and monitoring across smaller token projects.