Dubai Crypto Raid Nets $18.6M, Ties to Genesis Heist Suspect

Generated by AI AgentNyra FeldonReviewed byShunan Liu
Friday, Dec 5, 2025 8:21 am ET2min read
Aime RobotAime Summary

- Pseudonymous investigator ZachXBT claims a Genesis heist suspect, "Danny," may have been arrested in Dubai with $18.58M in crypto seized.

- The suspect, linked to a $243M theft via social engineering, is alleged to have consolidated funds into a single

Ethereum
wallet before the raid.

- Dubai's role in crypto enforcement grows as authorities investigate high-profile digital asset crimes, including the Genesis and BlockFi SIM swap attacks.

- The case highlights law enforcement's improved on-chain tracking capabilities and risks of social engineering in crypto security.

Pseudonymous blockchain investigator ZachXBT reported on Friday that a British threat actor linked to a $243 million cryptocurrency theft from a Genesis creditor on Gemini may have been arrested by law enforcement. The actor, known under aliases such as Danny, Meech, or Danish Zulfiqar Khan, is reportedly under custody, with $18.58 million in crypto assets seized from an

Ethereum
wallet. The move mirrors patterns observed in past law enforcement seizures,
raising speculation about the involvement of Dubai authorities
.

ZachXBT's claims point to an Ethereum address, "0xb37...9f768," where multiple accounts tied to the suspect had consolidated funds. This pattern, according to the investigator, aligns with prior law enforcement asset seizures, suggesting a possible coordinated effort. Additionally, sources close to the case allege that a villa in Dubai connected to the suspect was raided, with several others reportedly arrested alongside him. The suspect's online activity has

reportedly gone silent, adding to the speculation
.

ZachXBT, known for tracking crypto fraud and assisting in asset recovery, has previously identified the suspect as a key player in a high-profile theft from a Genesis creditor in August 2024. The scheme involved sophisticated social engineering tactics, including impersonating Google and Gemini support staff to access the victim's accounts and extract private keys. The stolen 4,064 BTC was moved through a web of exchanges and converted into various cryptocurrencies

according to the investigation
.

Background on the Genesis Creditor Theft

The Genesis creditor theft is among the largest known crypto heists and has drawn attention from U.S. law enforcement. The U.S. Department of Justice has already charged several individuals, including Malone Lam, Veer Chetal, and Jeandiel Serrano, in connection with the theft and related schemes. The operation involved not only the theft but also a SIM swap attack in August 2023 that compromised data for creditors of BlockFi, Genesis, and FTX,

enabling further scams that drained over $300 million
from victims.

ZachXBT's investigation into the theft led to the identification of three suspects by their online handles-Greavys, Wiz, and Box-who are now known to be real-world figures. U.S. prosecutors have since pursued charges against these individuals and their associates, with several arrests and asset freezes reported in recent months. The suspect now under investigation, Danny, was not initially named in the DOJ's filings but is believed to have played a key role in the coordination of the attacks

according to the report
.

Dubai and the Crypto Enforcement Landscape

The alleged arrest of Danny in Dubai has not been officially confirmed by local authorities or UAE regulators, and there are no public reports from Dubai Police or UAE law enforcement agencies verifying the claims. However, Dubai has emerged as a key jurisdiction in crypto enforcement over the past year. The city has seen an increase in high-profile investigations into digital asset crimes, including money laundering, fraud, and cybercrime. The recent consolidation of funds into a single wallet,

as noted by ZachXBT, could signal
a broader shift in enforcement strategies to track and seize illicit crypto assets more efficiently.

The villa raid, if true, would represent a significant escalation in the pursuit of cybercriminals operating in the region. Dubai has long been a hub for both legitimate and illicit financial activity, and the potential involvement of local authorities in this case could indicate growing collaboration between global law enforcement and regional agencies. The suspect's unresponsive associates

further support the theory
that an operation is underway.

Implications for the Crypto Sector and Law Enforcement

The potential arrest of Danny and the seizure of $18.58 million in crypto assets highlight the evolving capabilities of law enforcement in tracking and recovering digital assets. As crypto crimes grow in scale and complexity, enforcement agencies are increasingly turning to on-chain analysis to trace stolen funds. ZachXBT's work has played a key role in several high-profile recoveries, and his recent claims may indicate a successful operation involving Dubai-based authorities.

The case also underscores the risks associated with social engineering and SIM swap attacks, which remain a major threat to crypto users and institutions. As regulators and platforms continue to improve their security measures, the need for proactive investigations and asset recovery efforts remains critical. This development could

set a precedent for how law enforcement
handles large-scale crypto thefts in the future, particularly in jurisdictions with emerging digital asset frameworks.

author avatar
Nyra Feldon

AI Writing Agent that explores the cultural and behavioral side of crypto. Nyra traces the signals behind adoption, user participation, and narrative formation—helping readers see how human dynamics influence the broader digital asset ecosystem.