Suspect Danish Zulfiqar tied to major crypto thefts may be arrested

Published: 5 December 2025
Last updated: 5 December 2025
hands-in-a-jail-cell

A cybercriminal suspected of involvement in crypto asset thefts worth hundreds of millions of USD might have been arrested and had his assets seized.

According to the prominent blockchain sleuth, ZachXBT, $18.6 million worth of crypto assets tied to the British threat actor Danish Zulfiqar (Khan), also known as Danny/Meech, were consolidated into one address "in a similar pattern to other law enforcement seizures" earlier today.

Almost 83% of the consolidated assets is ethereum (ETH), while almost 17% is the dai (DAI) stablecoin, with small amounts of other crypto assets.

"Danny was last known to be in Dubai. It’s alleged a villa was raided and others there were arrested as well. Several sources say they have been unresponsive to messages for the past couple days," ZachXBT said.

ADVERTISEMENT

No official information about the possible arrest has been announced yet.

black and white passport image, dark skin man image, black hair, northern ireland and UK passport

Source: ZachXBT

The analyst reminded that he had already identified Danny in high-profile crypto thefts tied to creditors of now-bankrupt major crypto companies such as Genesis, BlockFi, and FTX.

For example, according to the sleuth, Danny was involved in the $243 million Genesis creditor theft in August 2024, together with other suspects such as Malone Lam, Veer Chetal, Chen, and Jeandiel Serrano.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

"Danny was also involved in the Kroll SIM Swap from Aug 2023 that compromised the PII [personally identifiable information] of BlockFi, Genesis, & FTX creditors that has since led to $300M+ stolen via targeted social engineering scams," the analyst added.

His investigation showed that in the theft from the Genesis creditor, the criminals first posed as Google Support via a spoofed number to compromise personal accounts, and later social engineered the victim into resetting 2FA and sending funds to a compromised wallet, while also tricking the victim into sharing their screen and leaking private keys to their bitcoin (BTC). At least two suspects, Jeandiel and Malone, were arrested following the investigation.

ADVERTISEMENT

Meanwhile, in the Kroll SIM swap case, criminals also used social engineering techniques and phishing campaigns to steal assets from the creditors of multiple companies.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT