British cybercriminal Danny Khan, also known online as Danish Zulfiqar, has reportedly been arrested in Dubai following an international investigation. Authorities seized approximately $18.5 million in cryptocurrency, with on-chain investigator ZachXBT identifying the seizure of 3,670 Ethereum (ETH) transferred to a tracked wallet (0xb37d617716e46511E56FE07b885fBdD70119f768) in a pattern consistent with law enforcement actions.
The arrest is connected to a superseding indictment involving a sophisticated social engineering attack against a Genesis creditor in August 2024. Khan and alleged co-conspirators Malone Lam, Veer Chetal, Chen, and Jeandiel Serrano impersonated Google and Gemini support staff, convincing the victim to reset two-factor authentication, transfer Gemini funds to controlled wallets, and share private Bitcoin keys via the remote desktop application AnyDesk.
The stolen funds, which included significant amounts from the $243 million Genesis creditor theft, were reportedly laundered through over 15 cryptocurrency exchanges with conversions between Bitcoin (BTC), Litecoin (LTC), Ethereum (ETH), and Monero (XMR). Seizures were prominently in Ethereum and DAI stablecoin according to on-chain data.
ZachXBT also linked Khan to the August 2023 Kroll SIM swap incident that exposed personal data of BlockFi, Genesis, and FTX creditors, resulting in significant losses through social engineering attacks. Kroll confirmed the breach occurred when a hacker accessed an employee's T-Mobile account via SIM swapping.
While Dubai authorities have not officially confirmed the arrest, multiple sources indicate the case is actively being pursued. The arrest highlights ongoing international efforts to combat cryptocurrency-related cybercrime and could influence regulatory approaches to cybersecurity in the digital asset space.
