On-chain investigator links the massive crypto hack to a former Bittensor engineer, revealing how stolen funds were laundered through anime NFTs.
A leading blockchain investigator known as ZackXBT has revealed new findings connecting the $28 million Bittensor hack to a former company employee—exposing how hackers used non-fungible tokens (NFTs) to hide their digital footprints.
The Bittensor hack, which occurred between May and July 2024, remains one of the most sophisticated supply chain attacks in recent crypto history. According to ZackXBT’s latest report published on October 15, the stolen funds were laundered through multiple blockchain networks and obscure NFT transactions, a tactic rarely seen in major crypto heists.
The $28 Million Breach
Bittensor, an open-source decentralized protocol designed to create a blockchain-powered marketplace for artificial intelligence, fell victim to a supply chain attack that compromised its Python package distribution system. The breach was traced to a malicious version (6.12.2) of the project’s PyPI package—a key component used by developers to run Bittensor’s software.
The vulnerability allowed attackers to steal private cold key data from users, enabling unauthorized transfers of TAO tokens, Bittensor’s native cryptocurrency. In total, 32 TAO holders lost over $28 million. The Bittensor network was forced to halt operations on July 2, 2024, as developers worked to contain the attack and assess the damage.
According to the project’s post-mortem report, the attackers had either gained unauthorized access to Bittensor’s PyPI account or injected malicious code before the compromised version was published. The targeted users were those who downloaded and deployed version 6.12.2 of the software.
Tracing the Hackers’ Digital Trail
ZackXBT, a well-known on-chain analyst celebrated for exposing crypto scams and tracing stolen funds, detailed how he managed to identify the individuals involved. In his investigation, he found that the hackers initially moved the stolen TAO tokens through Bittensor’s native bridge to Ethereum, where they were split across multiple wallets.
Roughly $4.94 million was transferred to Railgun, a privacy protocol designed to obscure blockchain transactions. From there, much of the crypto was converted into Monero, a privacy coin commonly used in illicit transactions due to its untraceable nature.
However, one part of the laundering process caught ZackXBT’s attention: around $100,000 worth of the stolen funds had been used to purchase anime-themed NFTs. The perpetrators conducted what appeared to be wash trades—repeatedly buying and selling NFTs between their own wallets to disguise the origin of the funds.
“It’s extremely rare to see a hack that involves NFT wash trading,” ZackXBT noted. “The relationship between each address was just too coincidental. They were funded in similar ways before the NFT purchases and repeatedly traded above the collection’s floor price.”
Linking the Crime to a Former Employee
Through blockchain tracing, transaction timing, and wallet analysis, ZackXBT connected the stolen funds to an individual known online as “Rusty,” believed to be a former Opentensor (the company behind Bittensor) engineer.
According to the investigation, Rusty launched an NFT presale that directly received funds linked to the Bittensor hack. The pattern of transactions—including NFT sales and wallet connections—suggested a coordinated effort to conceal the origins of the stolen cryptocurrency.
A civil lawsuit has reportedly been filed against multiple individuals linked to the scheme, citing ZackXBT’s findings as supporting evidence. Authorities are now expected to follow up with criminal proceedings as the investigation progresses.
NFTs as a New Tool for Crypto Laundering
The case highlights an emerging trend in cybercrime: the use of NFTs as a mechanism to obscure blockchain trails. Unlike traditional cryptocurrencies, NFT transactions involve multiple smart contracts, marketplaces, and price fluctuations, which can complicate forensic tracking.
By exploiting this complexity, hackers can mix stolen funds across various platforms—making it difficult for investigators to connect the dots. Analysts say the Bittensor case is among the first major incidents where NFT wash trading played a role in laundering stolen crypto assets.
A Wake-Up Call for the Industry
The Bittensor breach serves as another reminder of the vulnerabilities in open-source ecosystems and the growing sophistication of crypto-related crimes. The use of legitimate development platforms such as PyPI to distribute malicious code underscores the importance of supply chain security and code verification.
ZackXBT’s investigation also reinforces the critical role of independent blockchain analysts in uncovering complex crypto crimes. His findings have not only helped trace the perpetrators but have also shed light on the evolving tactics hackers now employ in the decentralized economy.
As law enforcement agencies review the new evidence, the case could set a precedent for how NFT-related money laundering is handled in future cybercrime investigations.
If confirmed, the involvement of a former Bittensor employee would also raise serious questions about internal security practices within blockchain projects—highlighting the thin line between trusted insiders and potential threats in an industry built on transparency and decentralization.
