$243M Genesis Creditor Theft (Greavys, Wiz, Box)
On Aug 19, 2024, roughly 4,100 BTC (about $243M at the time) was stolen from a single creditor of the bankrupt lender Genesis through a social-engineering attack. ZachXBT traced the funds and identified three individuals; the case led to arrests and a U.S. DOJ indictment.
Also known as: Greavys, Malone Iam, Malone Lam, Wiz, Veer Chetal, Box, Jeandiel Serrano, VersaceGod
Summary
On August 19, 2024, approximately 4,100 BTC (about $243 million at the time) was reported stolen from a single creditor of the bankrupt lender Genesis. On-chain investigator ZachXBT traced the funds and identified three individuals; the investigation contributed to arrests and a U.S. Department of Justice indictment. [1][2][3]
Reported method
According to ZachXBT's incident summary, the attackers: [1]
- contacted the victim while impersonating Google support using a spoofed number;
- then impersonated Gemini support, stating the account had been compromised;
- induced the victim to reset two-factor authentication and move funds;
- used AnyDesk screen-sharing to obtain private keys.
The funds were subsequently distributed across more than 15 exchanges and swapped between Bitcoin, Litecoin, Ethereum, and Monero. [1][2]
Individuals named
ZachXBT identified the three individuals as Malone Iam ("Greavys"), Veer Chetal ("Wiz"), and Jeandiel Serrano ("Box"). [1][2] The DOJ indictment names Malone Lam and Jeandiel Serrano and charges conspiracy to commit wire fraud and conspiracy to launder monetary instruments. [3]
Outcome
ZachXBT reported that more than $9 million was frozen and over $500,000 returned, with assistance from CFInvestigators, ZeroShadow, and the Binance security team. [1][2] Two suspects were arrested in September 2024. [2][3] ZachXBT later reported that twelve people were charged in connection with the theft. [1]
Bracketed numbers refer to the numbered sources listed below.
People & entities involved
- Malone IamChargedIndividualsIdentified by ZachXBT (alias 'Greavys') and named in a U.S. DOJ indictment in connection with the August 2024 ~$243M social-engineering theft from a Genesis creditor.
- Jeandiel SerranoChargedIndividualsNamed in a U.S. DOJ indictment (identified by ZachXBT as 'Box') over the August 2024 ~$243M social-engineering theft from a Genesis creditor.
- Veer ChetalAlleged participantIndividuals
Associated wallets
- Ethereum · 0x21d7d256be564191a43553e574c06a4d0e629767 — Address ZachXBT attributed to Greavys cluster
Sources (4)
See also
- Blockchain Terminal (BCT)TokensA 2017–2018 ICO (BCT tokens, ~$30M) for a 'Blockchain Terminal' — a Bloomberg-style crypto trading terminal. The SEC and DOJ said convicted ex-hedge-funder Boaz Manor secretly ran it under a fake identity ('Shaun MacDonald'), using associate Edith Pardo as a front, and lied about the product's adoption.
- Dropil (DROP)TokensAn ICO for the DROP token built around a fake 'Dex' trading bot. The SEC said it raised ~$1.9M while claiming $54M from 34,000 investors, and that the founders falsified evidence during the probe. Founders Jeremy McAlpine and Zachary Matar pleaded guilty to securities fraud (36 and 30 months).
- CluCoin (CLU)Tokens
This page was last updated on Jun 8, 2026. View revision history.