A recent investigation by crypto sleuth ZachXBT has unveiled the activities of a Canadian scammer known as Yahya Maghrab, who has been implicated in more than 17 SIM swap attacks, resulting in the theft of over $4.5 million.
According to ZachXBT, Yahya’s role primarily involved conducting lookups on X (formerly known as Twitter) accounts through his panel, facilitating scammer Skenkir in identifying potential US targets for SIM swap attacks.
These lookups allow hackers to see the phone numbers bound with specific X accounts.
After knowing these phone numbers, they can then proceed with hacking the telecommunications company involved to conduct the SIM swap.
SEE: Tools used by the scammer to retreive contact details, Credit ZachXBT
In return for his services, Yahya received a percentage of the proceeds obtained from each successful attack.
One Yahya wallet address was exposed during a scam in July 2023 involving a victim named Amir, who was deceived into believing they were purchasing access to Yahya’s panel.
This particular scam involved another accomplice by the name of HZ, who has since been apprehended by the FBI and has had his digital and physical assets, including BAYC 9658, an AP watch, and Doodle 3114 seized.
HZ arrest was a result of ZachXBT’s investigation as well, with the latter discovering that he was responsible for attacking the twitter accounts of the likes of Beeple, Nouns DAO, and Deekaymotion.
ZachXBT likely decided to investigate HZ’s accomplice further – which led to a discovery of Yahya and his methods.
Yahya and HZ was able to scam a total 136 ETH (earmarked as $250,000) from Amir by pretending to sell access to his panel.
Judging from the nature of the panel, it is likely that Amir was intending to do illicit activity after gaining access.
Yahya split this amount evenly with HZ.
Yahya consistently used this same wallet address for both the panel scam and receiving payments from the 17+ SIM swap attacks.
SEE: Visualisation of Fund Movements, Credit ZachXBT
In total, he received over 390 ETH, equivalent to approximately $720,000, from these attacks.
On July 7, 2023, a member of the Gutter Cat Gang (GCG) team fell victim to a SIM swap, allowing the perpetrators to gain access to their account and post malicious links under the guise of releasing “Gutter grails”
SEE: Malicious link sent by GCG hacker, Credit ZachXBT
Users trusting the GCG twitter account were understandably duped into clicking the link, which promptly drained their wallets of digital assets and NFTs.
This incident resulted in losses exceeding $720,000.
Yahya profited $250,000 over 4 separate transactions for his role in this attack.
The address that it was sent from is tagged as Fake_Phishing183708 by ZachXBT.
Similarly, on June 10, 2023, Bitboy Crypto experienced a SIM swap attack, leading to losses of $950,000.
Yahya was not able to receive any payment for this attack, however, as one of the scammers involved, known as Smoke, absconded with the funds.
On June 19, 2023, Slingshot Crypto fell victim to a similar attack, incurring losses of $36,000.
See: Malicious link posted by hacker using Slingshot Crypto account, Credit ZachXBT
Yahya continued to receive money for these lookups, receiving $9,700 for his role in conducting lookups.
PleasrDAO core team member Jamis, who had recently suffered a traumatic brain injury, then became a target on July 19, 2023.
This attack resulted in losses exceeding $1.3 million, with one victim losing $807,000 worth of MAGIC tokens.
Yahya received $144,000 for his involvement.
According to ZachXBT, before embarking on these illicit activities, the Miami-based Yahya had been a contributor to Benzinga for social media management.
He purportedly has spent thousands of dollars on watches and unreleased Juice WRLD songs such as: Dark Tints, Biscotti in the Air, Oxy in the Dark, No Jumper.
Pictured: Yahya’s profile picture on Muck Rack