ZachXBT: True Detective or Hypocrite?
- Core Thesis: The actions of on-chain sleuth ZachXBT are fundamentally a survival strategy within the crypto interest chain, where his righteous deeds coexist with profit-seeking motives. His recent frequent "alerts" have sparked controversy, reflecting a shift in interests and role as he moves up the industry ladder.
- Key Elements:
- ZachXBT transitioned into an on-chain detective after losing 15,000 USD to an early scam. His sense of justice stems from his victim experience, making him a product of the wave of retail investors getting rekt in 2017-2018.
- He amassed significant prestige by exposing scam projects (e.g., RAVE, LAB) and tracking hacker funds (e.g., helping the US government recover $20 million). This earned him "semi-official" status through roles like advisor at Paradigm and partnerships with BNB Chain.
- His recent actions have stirred major controversy, including public accusations against projects causing token crashes (e.g., RAVE dropping over 90%), a defamation lawsuit with Machi Big Brother (Huang Licheng), and deleting posts and "cutting and running." He has been accused of "lighting the fuse and stepping back" (pointing out a target and then abandoning it) and double standards.
- His behavioral logic is heavily driven by the interest chain: maintaining traffic and influence through continuous exposés to avoid falling from his "upper-middle stream" position, while securing resources by aligning with upstream institutions like BNB Chain.
- ZachXBT is neither pure justice nor pure fraud; he is a "natural product" of the crypto industry's era of wild growth and regulatory vacuum. His "wartime mode" will be his normal state within this interest chain.
Recently, @zachxbt, known as the on-chain crypto detective, seems to be standing in opposition to retail investors and the community.
Not long ago, when the @RaveDAO project token RAVE experienced a short-term surge, he publicly pointed out that the RAVE-related addresses had highly concentrated token holdings, fund flows involving multiple CEXs, and wallets associated with the team participating in trading. He offered a $10,000 bounty, which the community later raised to $25,000 for gathering related internal materials.
This move sparked market panic, causing RAVE to plummet over 90%, leading to significant losses for many holders and triggering strong market backlash.
On May 6th, ZachXBT began publicly focusing on the popular project LAB @LABtrade_, examining its on-chain addresses, token distribution, and exchange fund flows. He suspected the project of highly coordinated price manipulation. After privately messaging the founder without receiving a reply,
ZachXBT once again issued a $10,000 bounty, seeking materials such as the project founder's passport/ID, market maker contracts, or chat records, using the term "War time mode" in related statements. This move once again stirred controversy.
In fact, in the early days, ZachXBT was always seen as a positive figure standing with retail victims.
For example, after the DeFi Summer, he exposed numerous NFT and DeFi scam projects attempting to evade regulation, protecting retail investors from potential losses of millions of dollars. He also helped recover $275,000 in the Coinbase social engineering scam, repeatedly exposed pig butchering scam networks, collaborated with BNB Chain and Paradigm to combat fraud, and issued warnings that helped prevent losses for Bybit, among other things. Early on, many of the victims in the security incidents he investigated were ordinary retail investors, so he generally didn't charge fees, establishing this positive persona.
Therefore, his frequent whistleblowing recently inevitably raises questions about his motives.
Of course, engaging in moral criticism here is pointless. The purpose of this article is to analyze ZachXBT from multiple perspectives, including his background, the era, and the chain of interests, hoping to interpret the essence of all his actions and view this matter rationally from a more unique angle.
How Did ZachXBT Become an "On-Chain Detective"?
I believe that answers to anyone's behavior can be found in their past.
ZachXBT's real name is Zachary Wolk. He is essentially an ordinary young American tech geek. He entered the crypto space as a retail novice during the ICO era in 2017. Like many young people, he heard get-rich-quick stories and hoped to make his fortune in crypto.
However, things didn't go as planned. The tokens he bought in 2017, which were touted as "world-changing," almost all turned out to be rug pulls. Then, in 2018, the Electrum wallet was compromised by a malicious update (you can look this up; I remember roughly 200 BTC was lost). He directly lost $15,000. For an ordinary young person at the time, this was undoubtedly a significant sum.
Source: https://www.secrss.com/articles/7475
After being scammed and losing all his money, Zachary Wolk developed a deep hatred for crypto scammers and hackers. He began self-studying on-chain data tools like Etherscan and Arkham, painstakingly tracing wallet addresses and fund flows, compiling evidence, and publicly exposing scam projects on Twitter (now X platform). Of course, it seems Zachary Wolk discovered a new frontier.
So you see, he wasn't born an "on-chain detective." I think, fundamentally, this was a victim trying to save himself, who just happened to stumble upon a new path.
So, from dabbling in 2018 to the full-blown outbreak of the crypto bull market in 2021, he found his niche: becoming the on-chain version of a "folk Sherlock Holmes."
In fact, 2020 was a crucial turning point. The DeFi Summer led to a massive migration of users from exchanges to the chain. However, the vast majority lacked on-chain analysis capabilities, and on-chain data analysts were considered exceptionally skilled at the time.
So, you have to admit, the era gave Zachary Wolk the perfect stage:
At that time, the on-chain crypto space was virtually unregulated. Retail investors who got reaped could only accept their losses. The market desperately needed someone to "dispense justice on heaven's behalf."
Meanwhile, the X platform was one of the biggest hubs for the crypto market. With its traffic amplification effect, it allowed the anonymous geek ZachXBT's exposes to spread rapidly throughout the entire industry.
Coupled with the transparency of on-chain data, he had the weapon for a "counterattack." He didn't need to rely on regulators or institutions; with just his skills and persistence, he could deter the harvesters.
So, for ZachXBT, I believe this is his origin:
Heroes of justice don't just appear out of nowhere. He is simply the "On-chain Hunter" born out of the wave of retail investor harvesting from 2017-2018.
This is like, in a lawless era, the oppressed underclass picking up weapons to defend themselves. The weapon he picked up was on-chain data and public exposure.
So, if it weren't for that painful loss of $15,000, I believe there would definitely be no ZachXBT today. And without that wild, untamed era, his "detective persona" would have had no soil to grow in.
If We Place Him Within the Crypto Interest Chain, What Do We See?
In this world, human nature is like water. If the rules change, human nature changes. A person's behavior is fundamentally driven by interests.
So, to understand the essence of ZachXBT's actions, we must place him within the complete interest chain of the crypto world to analyze the logic.
The interest chain of the crypto world is often divided into upper, middle, and lower tiers:
The upstream typically includes project teams, CEXs (Binance, Bitget, BNB Chain, etc.), VCs, whales, and project insiders. They control token supply, liquidity, and trading channels, holding the power of discourse within the entire chain, or the industry.
The midstream consists of on-chain data tools, crypto media, KOLs, and even the X platform. They are the "amplifiers" of the chain, responsible for transmitting information and amplifying emotions. They serve as both "propaganda tools" for upstream players and platforms for exposing scandals.
Then comes the downstream: global retail investors and victims who have been harvested.
They are at the end of the chain, lacking information advantages and technical capabilities. They can only follow the trend passively, becoming stepping stones for upstream profits and playing the role of "the harvested."
ZachXBT, in his early days, positioned himself more as an independent on-chain investigator, a high-value node, belonging to the mid-to-downstream.
But now, he has an additional identity: a semi-official cleaner. Starting in 2025, he officially became an advisor to Paradigm. In November of the same year, he also collaborated with BNB Chain to combat hacker scams.
So, this new identity has shifted his coordinates on the chain upwards, moving him to the mid-to-upstream.
It is precisely this upward shift in coordinates that directly determines all his behavioral patterns. Now, are you starting to see it more clearly? Let's continue analyzing.
The Continuous "Strike" Behavior Is an Inevitable Consequence of Survival and Upward Coordinates
Looking at it, his continuous exposure of scandals is essentially a "win-win" scenario. He not only does good deeds but also gains prestige and benefits, continuously improving his position within the chain.
From a positive value perspective, he has indeed done many practical things:
He helped exchanges track hackers, exposed the Axiom insider, and assisted victims and governments in recovering over a hundred million dollars cumulatively. In 2025, he helped the U.S. government recover $20 million, taking nothing for himself.
However, while these actions earned him extremely high industry prestige, they also brought him tangible benefits, such as community donations (the Machi Big Brother case raised millions of dollars through crowdfunding), institutional collaboration invitations (Paradigm advisor role), and official cooperation opportunities (BNB Chain).
Of course, the collaboration between ZachXBT and BNB Chain has been quite controversial. He had previously been highly critical of CEX insiders and manipulation related to Binance. However, he later cooperated with BNB Chain to combat fraud and track funds.
The community branded him a "hypocrite" and a "CZ shill," questioning how he could criticize centralization while benefiting from upstream resources. His response was "for a cleaner ecosystem," but the criticism hasn't stopped. This is a typical double-standard controversy arising from economic chain binding.
Regardless, this allowed him to move step by step from an anonymous grassroots geek to a "semi-official" position, achieving an upward shift in his coordinates. This is the positive cash flow he earned in the chain through his skill set of exposing scandals.
Of course, we cannot ignore a core aspect:
The crypto market is essentially an attention economy, also a highly volatile "casino."
The more powerful, faster, and more impactful the exposure, the more traffic one gains, and the more influence one holds.
Once one stops, traffic will drain, prestige will decline, and one might even be eliminated from the chain.
Therefore, he needs to continuously speak out and whistleblow to ensure he doesn't fall from the middle or upstream, thereby maintaining his interests.
This leads to many of his whistleblowing actions being controversial or even met with disdain, such as:
Publishing a long thread accusing Machi Big Brother (Jeffrey Huang) of misappropriating 22,000 ETH (worth ~$38 million at the time), promoting 10+ failed projects, and manipulating Squid DAO. Huang countersued him for defamation.
Publicly exposing the 11 ETH/SOL wallet addresses (holdings over $24 million) of memecoin analyst Murad Mahmudov (@MustStopMurad). Many questioned why he strictly maintains his own anonymity while frequently revealing others' complete on-chain traces, criticized for using the "information asymmetry weapon" only for his own benefit.
Publicly criticizing the Keeta testnet as a "fake testnet" driven by "sketchy KOLs" with suspicious supply control, causing the KTA token to drop 20-26%. After the price crash, he deleted all related tweets (including the accusation thread). The Keeta team responded that this was FUD and conducted a public stress test. Many on the community and Reddit screenshotted and accused him of the classic "FUD, dump, delete, and run" controversy.
As well as the recent RAVE and LAB incidents.
So, as I mentioned earlier, many people call him a "hypocrite," but from the perspective of the economic chain, these actions are quite reasonable. He is not a "saint" independent of the chain, but a link within it. Compromises must be made to maintain his coordinates.
Collaborating with BNB Chain is not "betrayal" but an upstream-downstream binding. BNB Chain, as an upstream platform, provides him with more resources, more exposure, and gives his investigations more impact.
Remaining anonymous while exposing others' information is because his core asset is "information asymmetry." Protecting himself is necessary to continue surviving in this industry and avoid retaliation.
Exposing others is necessary to exchange for traffic and prestige, to maintain his "detective" persona.
As for deleting posts and settling disputes, these are fundamentally trade-offs. When accusations might lead to legal risks or when more favorable collaboration terms are available, compromise becomes the most rational choice. After all, preserving one's position is more important than stubbornly clinging to "justice."
Source: https://www.wired.com/story/meet-zachxbt-243-million-crypto-theft/
Rules Are Like Water; He Is Just a "Natural Product" of the Chain
So, let's not engage in moral judgment, just stick to the facts:
ZachXBT embodies the most authentic human nature—a sense of justice, but justice must serve survival; ability, but ability must be used to maintain one's position; principles, but principles must yield to interests.
His sense of justice is real—its origin is his own experience of being scammed in 2017. He deeply understands the pain of retail investors being harvested, so "helping victims recover funds and punishing scammers" has always been among his goals.
But his sense of justice is not pure. Within the economic chain, he must prioritize his own survival and upward mobility, which inevitably leads to compromises and controversies.
He is very smart and diligent—his on-chain tracking skills are arguably world-class, capable of unearthing hidden scandals from vast amounts of wallet addresses and transaction flows.
But smart people are most easily blinded by their position. He firmly believes "my exposing of scandals is justice; questioning me is defending the scammers." This stubbornness is part of how he maintains his persona.
In fact, put anyone else in his coordinates, and they'd probably do the same.
The rules of the crypto world are just like this:
Anonymity protects the strong; information asymmetry harvests the weak; attention determines influence. He simply adapted to the rules, exploited the rules, and found his way to survive within the chain. He both cleansed the industry's "toxins" and reaped his own "profits." He simultaneously became the "folk hunter" and the "semi-official cleaner."
ZachXBT's existence is an inevitable product of the crypto market's wild growth era: a regulatory vacuum, an unregulated industry, defenseless retail investors—such a "folk hunter" was bound to emerge.
He is neither a hero nor a fraudster; he is merely the sharpest thorn in the interest chain, piercing the harvesters while also clinging to the chain itself. He cleanses toxins while pursuing profit.
His declaration of "War time mode" is his normal state of existence. As long as the rules of the crypto space haven't changed, as long as the harvesting logic of the chain remains, he won't stop. Stopping would mean admitting defeat to the chain's elimination process, admitting that "the crypto space is forever a jungle."
LAB is just his latest strike. There will be more to come.
And war time mode never ends—perhaps it is his only way to survive within the interests chain of the crypto world.
