ZachXBT: Real Detective or Hypocrite?

Recently, @zachxbt, known as an on-chain crypto detective, seems to be standing opposed to retail investors and the community.

Not long ago, when the @RaveDAO project token RAVE saw a brief price surge, he publicly pointed out that the addresses associated with RAVE exhibited highly concentrated token holdings, fund flows through multiple CEXs, and wallet participation linked to the team. He subsequently offered a $10,000 bounty, later increased by the community to $25,000, for relevant internal materials.

This move triggered market panic, causing RAVE to plummet over 90%, leading to significant losses for many holders and sparking strong backlash from the market.

On May 6, ZachXBT began publicly scrutinizing the popular project LAB @LABtrade_, focusing on its on-chain addresses, token distribution, and exchange fund flows. He alleged the project exhibited signs of high manipulation — controlling price pumps and dumps. His DMs to the project founder went unanswered.

Subsequently, ZachXBT again issued a $10,000 bounty for materials such as the project founder's passport/ID, market maker contracts, or chat logs, using the term "War time mode" in his related statements. This action once again ignited controversy.

In fact, in the early days, ZachXBT was consistently seen as a positive figure standing with retail victims.

For instance, after the DeFi Summer, he exposed numerous NFT and DeFi scam projects attempting to evade scrutiny, potentially saving retail investors millions of dollars. He also helped recover $275,000 for victims of a Coinbase social engineering scam, repeatedly exposed pig butchering scam networks, collaborated with BNB Chain and Paradigm to combat fraud, and issued warnings to Bybit to prevent losses. Previously, many security incidents he addressed involved ordinary retail victims, so he generally did not charge fees, establishing this positive persona.

Therefore, his recent frequent whistleblowing actions inevitably raise questions about his motives.

Of course, engaging in moral criticism here is pointless. The purpose of this article is to deconstruct Zachxbt from multiple aspects — his background, the era, and the chain of interests — hoping to interpret the essence of his actions and view this matter rationally from a more unique perspective.

How Did ZachXBT Become an "On-Chain Detective"?

I believe the answers to anyone's actions can be found in their past.

ZachXBT, whose real name is Zachary Wolk, was initially an ordinary young American tech geek. He entered the crypto space in 2017 during the ICO era as a retail novice. Like many young people, he heard stories of overnight wealth and hoped to strike it rich.

However, things didn't go as planned. The tokens he bought in 2017, which promised to "change the world," almost all turned out to be rug pulls. Then, in 2018, the Electrum wallet was compromised in a malicious update attack (you can look this up; I recall losing 200 BTC). He directly lost $15,000. At the time, this was undoubtedly a significant sum for an ordinary young person.

Source: https://www.secrss.com/articles/7475

After losing all his money from being scammed, Zachary Wolk developed a deep hatred for crypto scammers and hackers. He began teaching himself on-chain data tools like Etherscan and Arkham, painstakingly tracing wallet addresses and fund flows, compiling evidence, and publicly exposing scam projects on Twitter (now platform X). Of course, it seems Zachary Wolk discovered a new frontier for himself.

So you see, he wasn't born an "on-chain detective." I believe, at its core, this was a victim's self-rescue, just that he stumbled into a new door by chance.

Thus, from his early attempts in 2018 to the explosive bull run of 2021, he found his niche: becoming an on-chain version of "folk Sherlock Holmes."

2020 was actually a crucial turning point. The DeFi Summer caused a massive migration of users from exchanges to the chain. However, most people lacked on-chain analysis capabilities, making on-chain data analysts highly regarded at the time.

You have to admit, the era provided Zachary Wolk with the perfect stage:

The on-chain crypto space was virtually unregulated. After being exploited, retail investors could only accept their losses. The market desperately needed someone to "enforce justice on behalf of heaven."

At the same time, platform X was one of the crypto market's biggest hubs. Amplified by its traffic effects, the exposes of the anonymous geek ZachXBT spread rapidly throughout the industry.

Additionally, the transparency of on-chain data gave him a weapon for "counterattack." He didn't need to rely on regulators or institutions; his own skills and persistence were enough to deter those who exploit others.

Therefore, for ZachXBT, this is the origin:

Heroes of justice never appear out of thin air in this world. He is merely an "on-chain hunter" born from the "wave of retail investor exploitation" during 2017-2018.

This is akin to the lawless era where the oppressed at the bottom pick up weapons to defend themselves. His weapon is on-chain data and public exposure.

If he hadn't suffered that $15,000 loss, I believe there would be no ZachXBT today. And without that era of unbridled growth, his "detective persona" wouldn't have had any fertile ground to thrive.

If We Place Him in the Crypto Ecosystem's Interest Chain, What Do We See?

In this world, human nature is like water. If the rules change, human nature changes. A person's behavior is fundamentally driven by interests.

So to understand the essence of ZachXBT's actions, we must place him within the complete interest chain of the crypto world and dissect the logic.

The interest chain of the crypto world is often divided into three layers: upstream, midstream, and downstream.

Upstream typically includes project teams, CEXs (Binance, Bitget, BNB Chain, etc.), VCs, whales, and project insiders. They control token supply, liquidity, and trading channels, holding the discourse power of the entire chain or industry.

Midstream includes on-chain data tools, crypto media, KOLs, and even platform X. They are the "amplifiers" of the chain, responsible for transmitting information and amplifying sentiment. They serve as both "propaganda tools" for upstream players and platforms for exposing dark secrets.

Downstream comprises global retail investors and exploited victims.

They are at the end of the chain, lacking information advantages and technical capabilities, forced to follow trends passively. They are the foundation upon which upstream players profit, playing the role of the "exploited."

In the early days, ZachXBT was more positioned at the high-value node of an independent on-chain investigator, belonging to the mid-to-downstream segment.

But now, he has an additional identity: semi-official cleaner. Starting in 2025, he officially became an advisor to Paradigm, and in November of the same year, he collaborated with BNB Chain to combat hacker fraud.

This new identity has shifted his coordinates in the chain upwards, moving him to the mid-to-upstream segment.

It is this upward shift in coordinates that directly determines all his behavior patterns. Are you starting to see clearly now? Let's analyze further.

The Continuous "Whistleblowing" is a Necessity for Survival and Upward Coordinate Shift

Look at it this way: his continuous exposure of scams is essentially a "win-win" scenario. He not only does good deeds but also earns prestige and benefits, continuously improving his position in the chain.

From a positive value perspective, he has done many substantial things:

Helping exchanges track hackers, exposing Axiom insiders, collectively recovering over $100 million for victims and governments. For instance, in 2025, he helped the US government recover $20 million without taking a cent for himself.

However, while these actions have earned him immense industry prestige, they have also brought him tangible benefits, such as community donations (the crowdfunding for the Machi Big Brother case reached millions of dollars), institutional collaboration offers (Paradigm advisor role), and official cooperation opportunities (BNB Chain).

Of course, the collaboration between ZachXBT and BNB Chain is quite controversial. He previously strongly criticized CEX insiders and manipulation related to Binance, but later cooperated with BNB Chain to combat fraud and track funds.

The community labeled him a "hypocrite" and "CZ shill," questioning how he could criticize centralization while taking resources from upstream players. His response was "for a cleaner ecosystem," but criticism persists. This is a classic case of double standards stemming from interest chain binding.

Nevertheless, this allowed him to move step by step from an anonymous grassroots geek to a "semi-official" position, achieving an upward coordinate shift. This is the positive cash flow he earned within the chain using his whistleblowing skillset.

But we cannot ignore a core fact:

The crypto market is fundamentally an attention economy, also a highly volatile "casino."

The more fierce, faster, and impactful the exposure, the more traffic and discourse power one gains.

Once he stops, traffic drains, prestige declines, and he risks being eliminated by the chain.

Therefore, he needs to constantly speak out and blow the whistle to ensure he doesn't fall from the mid-to-upstream position, thereby maintaining his interests.

This inevitably leads to many of his whistleblowing actions being controversial or even resented:

Issuing a long post accusing Machi Big Brother of misappropriating 22,000 ETH (worth about $38 million at the time), promoting 10+ failed projects, and manipulating Squid DAO, leading to a countersuit for defamation from Machi Big Brother.

Publicly exposing the wallet addresses (11 ETH/SOL addresses, holdings over $24 million) of memecoin analyst Murad Mahmudov (@MustStopMurad). Many criticized him for strictly protecting his own anonymity while frequently revealing others' complete on-chain tracks, accusing him of weaponizing information asymmetry solely for his own benefit.

Publicly criticizing the Keeta testnet as a "completely fake testnet," driven by "sketchy KOLs," with suspicious supply control, causing the KTA token to plummet 20-26%. After the price crash, he deleted all related tweets (including the accusation thread). The Keeta team responded, calling it FUD and conducting a public stress test. Numerous screenshots on community platforms and Reddit accused him of "FUDing, dumping, then deleting and running," a typical controversial "hit-and-run" tactic.

And more recently, the RAVE incident and the LAB incident, among others.

So, as I mentioned earlier, many call him a "hypocrite," but from the perspective of the economic chain, these actions are entirely logical — he is not a "saint" independent of the chain, but a link within it, forced to make compromises to maintain his position.

Cooperating with BNB Chain isn't "betrayal" but upstream-downstream binding — BNB Chain, as an upstream platform, provides him with more resources, more exposure, and makes his investigations more impactful.

Anonymously protecting himself while exposing others is because his core asset is "information asymmetry." Protecting himself is necessary to survive in this industry and avoid retaliation.

Exposing others generates traffic and prestige, which sustains his "detective" persona.

As for deleting posts or settling disputes, these are essentially trade-offs. When accusations risk legal repercussions or when more favorable cooperation terms can be secured, compromise becomes the most rational choice. After all, maintaining his position in the chain is more important than clinging uncompromisingly to "justice."

Source: https://www.wired.com/story/meet-zachxbt-243-million-crypto-theft/

Rules Are Like Water; He is Merely a "Natural Product" of the Chain

So, we refrain from moral judgment and stick to the facts:

ZachXBT embodies the most authentic human nature — he possesses a sense of justice, but justice must serve survival; he has skills, but skills must maintain his position; he has principles, but principles must yield to interests.

His sense of justice is real — its roots lie in his experience of being scammed in 2017. He understands the pain of retail investors being exploited, so a part of his goal has always been to "help victims recover funds and punish scammers."

But his sense of justice is not pure — within the economic chain, he must prioritize his own survival and upward coordinate shift, leading to compromises and controversy.

He is highly intelligent and diligent — his on-chain tracking skills are arguably among the best globally, capable of unearthing hidden scams from vast amounts of wallet addresses and transaction flows.

But intelligent people are easily blinded by their position. He firmly believes "my exposes are justice; questioning me is shilling for scammers." This stubbornness is also part of maintaining his persona.

Truthfully, if anyone else sat in his coordinates, they would likely act similarly.

The rules of the crypto world are like this:

Anonymity protects the strong, information asymmetry exploits the weak, and attention determines discourse power. He simply adapted to the rules, exploited them, found his survival method within the chain — cleaning up some of the industry's "toxins" while also earning his own "profits," acting as both a "folk hunter" and a "semi-official cleaner."

The existence of ZachXBT is an inevitable product of the unbridled growth era of the crypto market: a regulatory vacuum, an industry without rules, and defenseless retail investors inevitably give rise to such "folk hunters."

He is neither a hero nor a fraudster. He is merely the sharpest thorn in the interest chain — stabbing at exploiters while also being attached to the chain. He cleanses toxins while pursuing profit.

His declaration of "War time mode" is his normal state of survival. As long as the rules of the crypto space haven't changed, as long as the predatory logic of the chain remains, he won't stop. Stopping would be admitting he's been eliminated by the chain, admitting that the "crypto space is forever a jungle."

LAB is just his latest target. More will follow.

And the war time mode never ends — perhaps it is his only way to survive within the crypto ecosystem's interest chain.