Skip to main content
Sign in

Kroll

avoid.net/kroll18/100·100% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:class-action][src:blockfi][src:phishing][src:on-chain-investigation][src:irs-criminal-investigation][src:dubai-arrest][src:ftx][src:genesis][src:bankruptcy][src:t-mobile][src:claims-agent][src:data-breach][src:rico][src:sim-swap][src:zachxbt][src:social-engineering]
anchored·4Yfini…ogDp

Summary

Kroll Restructuring Administration LLC served as the court-appointed claims and noticing agent for the FTX, BlockFi, and Genesis bankruptcy proceedings. On August 19, 2023, a threat actor executed a SIM swap attack against a Kroll employee's T-Mobile account, gaining unauthorized access to files containing the personal data of tens of thousands of crypto bankruptcy claimants. The exposed data was subsequently exploited in large-scale phishing and social engineering campaigns, with blockchain investigator ZachXBT estimating total losses attributable to the breach at eight to nine figures, and at least one alleged perpetrator — Danish Zulfiqar, also known as 'Danny' — was arrested in Dubai in late 2025 on RICO charges related to a broader $263 million social engineering conspiracy.

Connected Entities

1 entities
Organizations
Kroll
Relationships
  • + 1 more
Have evidence about Kroll?

Timeline(11 events)

2022-11-11

FTX files for bankruptcy; Kroll is subsequently appointed as court-authorized claims and noticing agent for FTX Trading Ltd.

2023-08-19

Threat actor SIM-swaps a Kroll employee's T-Mobile number without authorization, gaining access to Kroll's cloud systems and PII files for FTX, BlockFi, and Genesis claimants.

2023-08-25

Kroll publicly discloses the data breach. FTX, BlockFi, and Genesis notify affected claimants. Phishing emails spoofing FTX begin circulating the same morning.

2024-01-24

U.S. Attorney's Office unseals indictment against Robert Powell, Carter Rohn, and Emily Hernandez — the 'Powell SIM Swapping Crew' — for a separate series of SIM swap attacks including one tied to $400M+ stolen from FTX on the day of its bankruptcy filing (November 2022).

2024-08-18

Alleged SE Enterprise members, including Malone Lam and Danish Zulfiqar, steal over 4,100 Bitcoin (approximately $243–$263 million) from a Genesis creditor in Washington, D.C. via social engineering.

2024-09-18

Malone Lam and Jeandiel Serrano arrested in Miami; DOJ unseals initial indictment for the $243 million Genesis creditor theft.

2025-01-07

ZachXBT publicly criticizes Kroll on X, stating the August 2023 SIM swap resulted in '8-9 figs stolen' via phishing and social engineering against FTX, BlockFi, and Genesis claimants.

2025-12-03

Nicholas Dellecave arrested in Miami on RICO charges related to the SE Enterprise.

2025-12-08

Evan Tangeman pleads guilty to RICO conspiracy for laundering at least $25 million in stolen cryptocurrency for the SE Enterprise.

2025-12-10

Danish Zulfiqar (aka 'Danny'/'Meech') and Mustafa Ibrahim reported arrested in Dubai; ZachXBT tracks approximately 3,670 ETH consolidated to a wallet in a pattern consistent with law enforcement seizure. Approximately $18.58 million in crypto allegedly seized.

2025-08-20

Class-action lawsuit filed against Kroll Restructuring Administration LLC in the U.S. District Court for the Western District of Texas by Hall Attorneys on behalf of lead plaintiff Jacob Kevyn Repko.

Provenance & Audit Trail
Anchored on SolanaVerify on-chainsrc:class-actionsrc:blockfisrc:phishingsrc:on-chain-investigationsrc:irs-criminal-investigationsrc:dubai-arrestsrc:ftxsrc:genesissrc:bankruptcysrc:t-mobilesrc:claims-agentsrc:data-breachsrc:ricosrc:sim-swapsrc:zachxbtsrc:social-engineering

Decision Log

This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

full audit log →version history →

model: claude-sonnet

generated: 5/4/2026, 4:05:02 PM

last updated: 5/26/2026, 4:11:15 AM

avoid.net — verified advice for a post-truth world