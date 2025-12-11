MENAFN - Crypto Breaking) On-chain investigator ZachXBT has linked the movement of 3,670 Ether to British cybercrime suspect Danny Khan, also known online as Danish Zulfiqar, amid reports that the suspect has been detained in Dubai following a law enforcement raid.

3,670 ETH traced as Dubai raid and U.S. indictment emerge

According to ZachXBT's Telegram update on Friday, approximately 3,670 ETH was transferred into an Ethereum wallet identified as 0xb37d6...9f768, where the funds were subsequently flagged.“Several hours ago multiple addresses tied to him I was tracking consolidated funds to 0xb37d in a similar pattern to other law enforcement seizures,” the investigator said.

ZachXBT reported that Khan was last seen in Dubai, where authorities allegedly raided a villa and detained several individuals present at the scene. Sources cited by the investigator claim that those connected to the incident have been unresponsive to communications for several days.

A superseding U.S. indictment issued hours later reportedly confirmed that Danny Khan, also known as Danish Zulfiqar, was arrested in Dubai, though officials have yet to publicly verify the arrest.

The on-chain sleuth has been tracking Khan since 2024, when he was linked to a high-profile theft involving a Genesis creditor in August of that year. The alleged cybercrime operation included co-conspirators Malone Lam, Veer Chetal, an individual identified as Chen, and Jeandiel Serrano. According to ZachXBT, the group carried out a sophisticated social engineering attack against an unnamed victim.

Stolen crypto laundered across multiple exchanges

On Aug. 19, 2024, the suspects allegedly impersonated Google and Gemini customer support representatives, persuading the victim to reset two-factor authentication and transfer funds from their Gemini account to wallets controlled by the attackers.

The victim was also reportedly coerced into sharing private Bitcoin keys via the remote desktop application AnyDesk.

Transaction records from Gemini, later featured in a Discord video that allegedly showed the conspirators celebrating the theft, revealed Bitcoin transfers to addresses attributed to the group.

ZachXBT stated that the stolen funds were later split among the conspirators and cycled through more than 15 cryptocurrency exchanges, with conversions conducted across Bitcoin, Litecoin, Ethereum, and Monero.

In a separate development, ZachXBT also linked Khan to the August 2023 Kroll SIM-swap breach, which exposed personal data belonging to BlockFi, Genesis, and FTX creditors. Kroll later confirmed that a hacker had compromised an employee's T-Mobile account via SIM swapping, enabling access to sensitive information that was later exploited for social engineering attacks.

While authorities have not formally confirmed Khan's arrest or the seizure of the 3,670 ETH, multiple sources indicate the investigation remains active and is being pursued across multiple jurisdictions.

