ZackXBT, a renowned on-chain crypto and non-fungible token sleuth, has successfully tracked the infamous suspects of the Bitttensor hack attack. Bittensor suffered an attack on July 04, 2024, that left more than $28 million stolen. The on-chain sleuth ZackXBT has linked the hack attack to a former Bittensor employee. In this article, we shall explore his investigation in more detail.
Bittensor Hacker Revealed
In an October 15 blog post, ZackXBT confirmed that he has successfully tracked and revealed the perpetrators behind the $28 million Bittensor hack. Bittensor is an open-source, decentralized protocol that creates a global marketplace for artificial intelligence using a blockchain network to incentivize collaborative machine learning. It uses a native cryptocurrency, TAO, to reward participants who contribute valuable AI models and computational power.
2/ 32 $TAO holders experienced unauthorized transfers in excess of $28M from May to July 2024 and the Bittensor network was temporarily halted on July 2, 2024.
A post-mortem published by the team revealed the thefts were the result of a supply chain attack after a malicious PyPi… pic.twitter.com/b6PfsnwkjW
— ZachXBT (@zachxbt) October 15, 2025
Between May and July 2024, 32 $TAO holders experienced unauthorized transfers totaling over $28 million. The Bittensor breach occurred via a compromised PyPi package manager, which allowed attackers to steal unencrypted cold key details. PyPI is a site that hosts packages for the Python programming language. Python packages are distributed via PyPI, which makes it easy for developers to import advanced functionality into their Python code.
The hackers uploaded a malicious file version 6.12.2 of the official Bittensor code, indicating that the attacker must have gained access to the Bittensor PyPI account or injected malicious code into the Bittensor codebase before it was uploaded as version 6.12.2. The Bittensor hack affected users who downloaded and used version 6.12.2 of the code. The incident left users with over $28 million in losses.
ZackXBT Tracks Hacker Via NFT Wash Trades
In his deep investigation, the on-chain sleuth ‘ZackXBT’ has found that the attackers carried out the theft through a malicious PyPi supply chain attack, then transferred the stolen funds through Bittensor’s native bridge to Ethereum. The hackers have transferred approximately $4.94 million between multiple addresses to the privacy protocol Railgun, ultimately converting it to Monero.
Moreover, criminals have funneled approximately $100,000 of the stolen funds into anime NFTs, exploiting the complexity of NFT transactions to obscure their trail. Before summarizing his defense, ZackXBT noted that it’s extremely rare to see exploits or hacks involve NFT wash trading, and I think the relationship between each address is just too coincidental, given how they were funded before NFT purchases and traded multiple times above the floor price for the collection.
ZackXBT has linked the hack to ‘Rusty’ on X (formerly Twitter), a former Opentensor engineer, deploying an NFT presale that accepted funds from the hack. It’s worth noting that a civil lawsuit was filed against multiple suspects based on these findings earlier this year. Hopefully, law enforcement will eventually move forward with this criminal case now that the evidence has been found.
Related NFT News:
Best Wallet – Diversify Your Crypto Portfolio
- Easy to Use, Feature-Driven Crypto Wallet
- Get Early Access to Upcoming Token ICOs
- Multi-Chain, Multi-Wallet, Non-Custodial
- Now On App Store, Google Play
- Stake To Earn Native Token $BEST
- 250,000+ Monthly Active Users
