Audit log

Every state-changing event for Kroll: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-16 04:29:07Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 420,047,414

   sig

   4Yfini6kgqAx…gVc2ogDpcopyexplorer ↗

   hash

   13ajenv9oCnx…TiSudDJwcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (5350 B) ▸

   {"actor":"system:backfill","investigation_id":"78fb7972-c3fe-4509-ac94-876e0571a4ff","kind":"publish","page_slug":"kroll","published_at":"2026-05-16T04:29:07.632Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Kroll","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"Kroll Restructuring Administration LLC served as the court-appointed claims and noticing agent for the FTX, BlockFi, and Genesis bankruptcy proceedings. On August 19, 2023, a threat actor executed a SIM swap attack against a Kroll employee's T-Mobile account, gaining unauthorized access to files containing the personal data of tens of thousands of crypto bankruptcy claimants. The exposed data was subsequently exploited in large-scale phishing and social engineering campaigns, with blockchain investigator ZachXBT estimating total losses attributable to the breach at eight to nine figures, and at least one alleged perpetrator — Danish Zulfiqar, also known as 'Danny' — was arrested in Dubai in late 2025 on RICO charges related to a broader $263 million social engineering conspiracy.","timeline":[{"date":"2022-11-11","event":"FTX files for bankruptcy; Kroll is subsequently appointed as court-authorized claims and noticing agent for FTX Trading Ltd.","source":"","source_url":"https://restructuring.ra.kroll.com/ftx/"},{"date":"2023-08-19","event":"Threat actor SIM-swaps a Kroll employee's T-Mobile number without authorization, gaining access to Kroll's cloud systems and PII files for FTX, BlockFi, and Genesis claimants.","source":"","source_url":"https://krebsonsecurity.com/2023/08/kroll-employee-sim-swapped-for-crypto-investor-data/"},{"date":"2023-08-25","event":"Kroll publicly discloses the data breach. FTX, BlockFi, and Genesis notify affected claimants. Phishing emails spoofing FTX begin circulating the same morning.","source":"","source_url":"https://www.bleepingcomputer.com/news/security/kroll-data-breach-exposes-info-of-ftx-blockfi-genesis-creditors/"},{"date":"2024-01-24","event":"U.S. Attorney's Office unseals indictment against Robert Powell, Carter Rohn, and Emily Hernandez — the 'Powell SIM Swapping Crew' — for a separate series of SIM swap attacks including one tied to $400M+ stolen from FTX on the day of its bankruptcy filing (November 2022).","source":"","source_url":"https://krebsonsecurity.com/2024/02/arrests-in-400m-sim-swap-tied-to-heist-at-ftx/"},{"date":"2024-08-18","event":"Alleged SE Enterprise members, including Malone Lam and Danish Zulfiqar, steal over 4,100 Bitcoin (approximately $243–$263 million) from a Genesis creditor in Washington, D.C. via social engineering.","source":"","source_url":"https://www.irs.gov/compliance/criminal-investigation/guilty-plea-and-superseding-indictment-announced-in-social-engineering-scheme-that-stole-263-million-in-cryptocurrency"},{"date":"2024-09-18","event":"Malone Lam and Jeandiel Serrano arrested in Miami; DOJ unseals initial indictment for the $243 million Genesis creditor theft.","source":"","source_url":"https://www.coindesk.com/business/2024/09/19/police-arrests-two-people-related-to-243m-crypto-heist-targeting-genesis-creditor"},{"date":"2025-01-07","event":"ZachXBT publicly criticizes Kroll on X, stating the August 2023 SIM swap resulted in '8-9 figs stolen' via phishing and social engineering against FTX, BlockFi, and Genesis claimants.","source":"","source_url":"https://crypto.news/zachxbt-tracks-3670-eth-as-danny-khan-arrest-ties-to-genesis-kroll-hacks/"},{"date":"2025-12-03","event":"Nicholas Dellecave arrested in Miami on RICO charges related to the SE Enterprise.","source":"","source_url":"https://www.irs.gov/compliance/criminal-investigation/guilty-plea-and-superseding-indictment-announced-in-social-engineering-scheme-that-stole-263-million-in-cryptocurrency"},{"date":"2025-12-08","event":"Evan Tangeman pleads guilty to RICO conspiracy for laundering at least $25 million in stolen cryptocurrency for the SE Enterprise.","source":"","source_url":"https://www.irs.gov/compliance/criminal-investigation/cryptocurrency-money-launderer-pleads-guilty-to-rico-conspiracy-in-scheme-that-stole-263-million-in-crypto"},{"date":"2025-12-10","event":"Danish Zulfiqar (aka 'Danny'/'Meech') and Mustafa Ibrahim reported arrested in Dubai; ZachXBT tracks approximately 3,670 ETH consolidated to a wallet in a pattern consistent with law enforcement seizure. Approximately $18.58 million in crypto allegedly seized.","source":"","source_url":"https://crypto.news/zachxbt-tracks-3670-eth-as-danny-khan-arrest-ties-to-genesis-kroll-hacks/"},{"date":"2025-08-20","event":"Class-action lawsuit filed against Kroll Restructuring Administration LLC in the U.S. District Court for the Western District of Texas by Hall Attorneys on behalf of lead plaintiff Jacob Kevyn Repko.","source":"","source_url":"https://news.bloomberglaw.com/bankruptcy-law/kroll-hit-with-class-suit-over-2023-ftx-bankruptcy-data-breach"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 1cf74562-99a0-4ad8-a8cf-f3fcc788fd0ccopy