ZachXBT Pinpoints Convicted 25-Year-Old as 2022 Sim-Swapping NFT Thief
A 25-year-old man has been sentenced in federal court to eight years in prison for sim-swapping victims to hijack their Instagram accounts and steal their money—and the anonymous security researcher known as ZachXBT has connected the scammer to the notorious heist of $386,000 in crypto and NFTs from Cameo CEO Steven Galanis.
Convicted in July, the scammer, Amir Hossein Golshan, was sentenced Monday (Nov. 27) to 96 months in prison and ordered to pay $1,218,526 in restitution.
ZachXBT was able to connect Golshan with the August 2022 Galanis heist, which included the theft of Bored Ape #9012, by matching dates, amounts and events from the Department of Justice press release with blockchain transactions. “How do we know it’s his scammer? In the DOJ press release they mention it happened in August 2022 and the scammer sold: ‘approximately $70,000 worth of cryptocurrency’. [Galanis’] scammer sold $68.7K APE & $1.5K ENS on Aug. 6, 2022,” he said, appending the transaction ID, in a post on X.
Zach also connected Golshan with the sale of the stolen Ape, using the same method. Quoting the press release, he continued: “‘Later that same day, the defendant sold the stolen NFT for $130,000 in cryptocurrency on a NFT marketplace.’ [Galanis’] scammer sold his BAYC for $130k on Aug. 6, 2022,” he continued.
The conviction has been welcomed by many in the NFT space who were affected by the scammer. “Oh man, I am so happy to hear that. Pretty sure that person hit me and a few people around me too,” said Rug Radio founder Farokh Sarmad in a post on X. “Thankfully I did not lose any crypto over it, but I did lose five years of my privacy and I’ll never forget the feeling, to be honest. I know he also got three or four other people I know and there was a whole thing with ransom, showing up to people’s homes, etc. Glad to hear he’s behind bars,” he said.
United States District Judge Otis D. Wright II, who presided over the case, agreed. In his sentencing remarks, Judge Wright said Golshan’s crimes went “beyond just money,” and that they showed a “wanton cruelty” that caused the victims to live in a state of “constant fear and worry,” according to the release.
Golshan’s criminal methods focused on social engineering, including successfully impersonating a member of Apple’s support team. In total, he stole about $740,000 from hundreds of victims over several years.
The release goes into detail about how the social engineering scam that ZachXBT says targeted Galanis worked. “In August 2022, Golshan called a victim from Apple Support’s official telephone number and pretended to be an Apple Support employee. Golshan told the victim that Apple Support wanted to give the victim an advanced security protocol to protect the victim’s iCloud account. Golshan then caused a two-step authentication code to be sent to the victim’s phone. Through these misrepresentations, Golshan fraudulently induced the victim to tell him this six-digit security code, which allowed Golshan to gain access to the victim’s iCloud account. Golshan then changed the email address on the victim’s iCloud account to an email address that he controlled. Golshan then stole valuable digital property from the victim, including an NFT valued at approximately $319,000 and approximately $70,000 worth of cryptocurrency. Later that same day, the defendant sold the stolen NFT for $130,000 in cryptocurrency on a NFT marketplace,” according to the release.
While welcoming the news—he quoted ZachXBT’s post with a double-eyes emoji—Galanis is still waiting to be made whole. When asked on X if he’d be repaid as part of the restitution, he replied: “Not sure yet. Haven’t heard anything from the FBI or Justice.”
The once-stolen Ape, which was quickly flagged on OpenSea, has changed hands multiple times, residing with a number of innocent collectors since the theft, including the wallets of BendDAO and FranklinIsBored. It’s currently owned by Tokapi marketplace founder Dominik Myczowski.