ZachXBT: An Indian scam group is suspected of using social engineering to steal crypto, and has reportedly exposed itself by notifying the police to track down frozen funds

Mars Finance reports that “on-chain detective” ZachXBT has published a case analysis. In a cryptocurrency asset case involving an Indian scam group, the individuals involved reportedly filed themselves with law enforcement after their assets were frozen, drawing attention.

The incident began when a user reached out for help, saying that in March 2025 on Changelly their assets were frozen for about 5.73 BTC (about $475,000).

Subsequent on-chain analysis showed that the funds could be traced back to multiple social engineering attacks targeting U.S. users and theft cases related to Bitcoin ATMs. The total amount involved has already exceeded $1 million, with multiple elderly victims.

The investigation found that the explanations for the source of the funds changed multiple times, including “loans,” “boss transfers,” and “investments in 2014–2015,” and that there were clear contradictions in the evidence chain.

What is even more noteworthy is that the user submitted a police report in India in December 2025 to try to recover the frozen funds (case number 3207-P/2025). Follow-up on-chain evidence collection and email data analysis indicated that the user may have served as a “mule” (a funds transporter), with some bank documents and identity information not matching.

ZachXBT said that such cases show that social engineering attacks and cross-border fund transfers are still ongoing, and reminded users to avoid interacting with funds from suspicious sources to prevent triggering compliance freezes or legal risks.