A recent investigation by crypto sleuth ZachXBT has unveiled the activities of a Canadian scammer known as Yahya Maghrab, who has been implicated in more than 17 SIM swap attacks, resulting in the theft of over $4.5 million.

According to ZachXBT, Yahya's role primarily involved conducting lookups on X (formerly known as Twitter) accounts through his panel, facilitating scammer Skenkir in identifying potential US targets for SIM swap attacks.

These lookups allow hackers to see the phone numbers bound with specific X accounts.

After knowing these phone numbers, they can then proceed with hacking the telecommunications company involved to conduct the SIM swap.

These malicious actors can then exploit two-factor authentication (2FA) to illicitly access various accounts, including social media, financial, and cryptocurrency holdings

SEE: Tools used by the scammer to retreive contact details, Credit ZachXBT

In return for his services, Yahya received a percentage of the proceeds obtained from each successful attack.

Prior Accomplice

One Yahya wallet address was exposed during a scam in July 2023 involving a victim named Amir, who was deceived into believing they were purchasing access to Yahya's panel.

This particular scam involved another accomplice by the name of HZ, who has since been apprehended by the FBI and has had his digital and physical assets, including BAYC 9658, an AP watch, and Doodle 3114 seized.

HZ arrest was a result of ZachXBT's investigation as well, with the latter discovering that he was responsible for attacking the twitter accounts of the likes of Beeple, Nouns DAO, and Deekaymotion.

ZachXBT likely decided to investigate HZ's accomplice further - which led to a discovery of Yahya and his methods.

Yahya and HZ was able to scam a total 136 ETH (earmarked as $250,000) from Amir by pretending to sell access to his panel.

Judging from the nature of the panel, it is likely that Amir was intending to do illicit activity after gaining access.

Yahya split this amount evenly with HZ.

Yahya consistently used this same wallet address for both the panel scam and receiving payments from the 17+ SIM swap attacks.

SEE: Visualisation of Fund Movements, Credit ZachXBT

In total, he received over 390 ETH, equivalent to approximately $720,000, from these attacks.

Gutter Cat Gang

On July 7, 2023, a member of the Gutter Cat Gang (GCG) team fell victim to a SIM swap, allowing the perpetrators to gain access to their account and post malicious links under the guise of releasing "Gutter grails"

SEE: Malicious link sent by GCG hacker, Credit ZachXBT

Users trusting the GCG twitter account were understandably duped into clicking the link, which promptly drained their wallets of digital assets and NFTs.

This incident resulted in losses exceeding $720,000.

Yahya profited $250,000 over 4 separate transactions for his role in this attack.

The address that it was sent from is tagged as Fake_Phishing183708 by ZachXBT.

Chain of SIM Swap Attacks

Similarly, on June 10, 2023, Bitboy Crypto experienced a SIM swap attack, leading to losses of $950,000.

Yahya was not able to receive any payment for this attack, however, as one of the scammers involved, known as Smoke, absconded with the funds.

On June 19, 2023, Slingshot Crypto fell victim to a similar attack, incurring losses of $36,000.

SEE: Malicious link posted by hacker using Slingshot Crypto account, Credit ZachXBT

Yahya continued to receive money for these lookups, receiving $9,700 for his role in conducting lookups.

PleasrDAO core team member Jamis, who had recently suffered a traumatic brain injury, then became a target on July 19, 2023.

This attack resulted in losses exceeding $1.3 million, with one victim losing $807,000 worth of MAGIC tokens.

Yahya received $144,000 for his involvement.

Yahya Maghrab

According to ZachXBT, before embarking on these illicit activities, Yahya had been a contributor to Benzinga for social media management.

Despite claiming to be from Miami, Florida on his X profile, Yahya oddly also wrote for Youth Ki Awaaz, which is a writing platform based in India.

Their tagline reads: "Where Young India Writes".

He has since deleted his account.

He purportedly has spent thousands of dollars on watches and unreleased Juice WRLD songs such as: Dark Tints, Biscotti in the Air, Oxy in the Dark, No Jumper.