Blockchain investigator ZachXBT revealed new details about the theft of $28 million from the Bittensor network, tracing the flow of stolen assets through NFTs and privacy protocols.
In 2024, 32 TAO token holders reported unauthorized transfers totaling more than $28 million. Following a series of hacks, Bittensor temporarily halted its network operations. The team later confirmed that the breach was caused by a malicious PyPi package – users who installed it unknowingly exposed their private keys.
Mixers, Anonymous Exchanges, and NFTs
ZachXBT began by tracking two addresses that initiated the transfers. The stolen tokens were bridged from Bittensor to Ethereum and partially swapped for Monero (XMR) via instant exchange platforms.
Roughly $4.94 million worth of assets were then deposited into the privacy protocol Railgun. By matching the timing and transaction amounts, ZachXBT identified three related wallets that processed similar sums.
After the withdrawals, one of these wallets purchased four NFTs from the Killer GF collection for 18 ETH – significantly higher than the market average. The analyst concluded that the transactions appeared to be fictitious and were likely used for laundering stolen funds.
Trail Leads to Former Bittensor Engineer
Further analysis revealed that one of the wallets was funded by a Bittensor network user who had previously deployed a smart contract for the Skrtt Racing project. According to ZachXBT, the project is linked to a developer known as Rusty, who formerly worked as an engineer at Bittensor.
Subsequently, a civil lawsuit was filed against several individuals, including Rusty (identified as Ayden B) and his associate Jon L. Court documents indicate that Ayden B admitted to owning some of the wallets in question but denied involvement in the theft. According to the analyst, Jon L deleted his Discord messages and deactivated his X account shortly after the incident.
ZachXBT emphasized that combining a code exploit, private mixers, and NFT wash trading in a single operation is extremely uncommon. He described the overlap in transactions, amounts, and timing as “too precise to be coincidental” and expressed hope that law enforcement would pursue the investigation further.
This post is for informational purposes only and does not constitute advertising or investment advice. Please do your own research before making any decisions.