Blockchain investigator ZachXBT says a follower reached out personally claiming that 5.73 BTC, worth approximately $475,000, had been unjustly frozen at Changelly back in March 2025.
What followed was a deep dive into compliance tooling that connected the funds to a cluster responsible for over $1 million in social engineering thefts targeting American victims since 2025, including several elderly individuals.
The case is a reminder that exchange freezes, however frustrating they may feel to the person on the receiving end, are frequently the result of legitimate compliance flags rather than arbitrary platform overreach.
Contents
The DM That Started the Investigation
According to ZachXBT’s account, a follower messaged him directly from a personal account, complaining that Changelly had wrongly frozen 5.73 BTC belonging to him.
A short story about Indian scammers who called the cops on themselves:
Earlier this week a follower DM'd me from his personal account complaining that 5.73 BTC ($475K) of his was 'unjustly' frozen at Changelly in Mar 2025.
So I went and plotted the Bitcoin transaction in my… pic.twitter.com/gZxM4dRCW3
— ZachXBT (@zachxbt) June 19, 2026
The complaint framed the freeze as unjust, a common framing in these situations, where the person contacting an investigator typically presents themselves as a victim of an overzealous platform rather than someone implicated in the underlying fund flow.
ZachXBT did what on-chain investigators do: he plotted the Bitcoin transaction history through his compliance tools rather than taking the claim at face value. What the trace revealed was considerably more troubling than a simple platform error.
Tracing the Funds Back to Social Engineering Theft
The inflows behind the frozen 5.73 BTC traced directly back to illicit sources tied to social engineering thefts targeting Americans through U.S. exchanges and Bitcoin ATMs.
Social engineering scams of this type typically involve manipulating victims, often through impersonation of trusted institutions, fake tech support calls, or romance-based manipulation, into voluntarily transferring funds or crypto to scammer-controlled wallets.
ZachXBT’s broader analysis places this specific case within a much larger pattern. The cluster of addresses connected to this individual’s funds has been linked with high confidence to more than $1 million in thefts from victims since 2025, with several of those victims identified as elderly.
Elder fraud remains one of the most consistently devastating categories of financial crime precisely because older victims are frequently targeted for their accumulated savings and are statistically less likely to recognize manipulation tactics common in crypto-related scams.
A Story That Kept Changing
What made the case particularly revealing was the shifting explanation offered by the individual claiming the frozen funds. According to ZachXBT, the story evolved multiple times over the course of their exchange. First, the funds were described as a loan.
Then the explanation shifted to claim his boss had sent the money. Finally, the narrative changed again to claim his boss had invested in Bitcoin “during 2014 and 2015” through a friend based in the United States.
Each version of the story attempted to put distance between the individual and the actual source of the funds, but the inconsistency itself became a red flag.
On-chain investigators frequently note that legitimate fund sources tend to have a single, consistent, and verifiable story, illicit fund sources tend to require an evolving narrative as each prior explanation fails to hold up under scrutiny.
The Police Report and the Suspected Mule Connection
In December 2025, the individual reportedly filed a police report in India over the frozen funds, identified as case number 3207-P/2025. He also shared email screenshots with ZachXBT in their direct conversation, apparently intending them as supporting evidence.
Rather than settling the matter, those screenshots provided ZachXBT with additional data points to map the broader network.
ZachXBT’s findings suggest the individual, identified by the handle AmanKesar11, may be functioning as a mule for someone referred to as “Mr Parveen.”
The “proof” the individual submitted included bank statements registered under a different name and location than his own, a detail that undermines rather than supports his claimed ownership of the funds, and points toward a layered structure where multiple individuals may be involved in moving stolen proceeds through different identities and jurisdictions.
ZachXBT closed his account of the case with a pointed piece of advice for anyone considering reaching out to him: he will respect people’s privacy if they seek help, but he urged basic common sense, namely, not contacting an on-chain investigator while in possession of funds connected to theft.
Why Indian Law Enforcement Adds Another Layer of Complication
In a follow-up comment, ZachXBT extended the conversation into a broader critique of Indian law enforcement and regulatory bodies, stating plainly that they cannot be trusted to handle crypto-related cases reliably.
Unfortunately Indian law enforcement or regulators cannot be trusted at all.
EX: Earlier this year Indian LE accidentally arrested the CoinDCX co-founders after thinking a phishing site was the legit site. pic.twitter.com/IWOSzqqUMR
— ZachXBT (@zachxbt) June 19, 2026
He pointed to a specific example from earlier this year in which Indian law enforcement mistakenly arrested the co-founders of CoinDCX, a major Indian crypto exchange, after apparently confusing a phishing site with the platform’s legitimate domain.
That example matters in the context of the current case. If a country’s law enforcement apparatus struggles to distinguish a phishing clone from a real exchange, the credibility of a police report filed in that jurisdiction, particularly one connected to a fund-tracing dispute as complex as this one, becomes harder to weigh as reliable evidence.
It also raises broader questions about how international crypto fraud cases get adjudicated when the jurisdictions involved have uneven regulatory sophistication.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!
