Prominent on-chain investigator ZachXBT has publicly detailed an incident in which an individual operating under the handle @Amankesar11 (Aman Kesar) contacted him via direct message seeking assistance to release approximately 5.73 BTC, valued at around $475,000, that had been frozen by the crypto swap platform Changelly since March 2025.
According to ZachXBT’s June 19 post on X, the complainant initially described the funds as “unjustly” frozen despite submitting KYC documents. ZachXBT analyzed the transaction hash (fb931baac66bfc116deb10fa81417fb3da61e4362cd2997ee1eaa577e96272f3) using compliance tools and traced the inflows to illicit sources.
On-Chain Evidence Points to Illicit Origins
The broader cluster of addresses showed high-confidence links to social engineering thefts targeting American victims, including through U.S. centralized exchanges and Bitcoin ATMs. ZachXBT noted that the associated activity has resulted in over $1 million stolen from victims since 2025, with several cases involving elderly individuals.
Key addresses linked in the investigation include:
- AmanKesar11 BTC address: bc1q5yjxzcvfswvyx9y6cvlc3xe4laqqnqsjp3f9t2
- AmanKesar11 Tron address: TQkEVXjtvSbigGa5fqFUpcYJnGvpKPPBEm
Outflows were observed from platforms such as Bitcoin Depot, Athena Bitcoin, Coinhub ATM, Cash App, Robinhood, Coinbase, and Strike, consolidating toward addresses associated with New Delhi, India.
Shifting Narratives and Self-Reported Police Complaint
The individual’s account of the funds changed multiple times during the DM exchange, according to ZachXBT. Initial claims referenced a loan, followed by assertions that a “boss” had sent the funds or had invested in Bitcoin during 2014–2015 through a U.S. contact.
In December 2025, the individual claimed to have filed a police report in India regarding the frozen funds (case number 3207-P/2025). Screenshots of emails shared during the conversation reportedly included bank statements under a different name and location, leading ZachXBT to suspect the person was acting as a mule for a figure referred to as “Mr. Parveen” in New Delhi.
Rising Social Engineering and Mule Activity in Crypto
This incident highlights ongoing challenges with social engineering scams in cryptocurrency, where victims are often tricked into sending funds via fake support interactions, romance schemes, or investment lures. Funds are frequently moved through money mules in various jurisdictions before attempts to cash out or swap on platforms like Changelly.
Exchanges and swap services routinely freeze transactions showing red flags under compliance protocols. Independent on-chain investigators like ZachXBT frequently assist in mapping such flows using publicly available blockchain data.
Implications for Users and Platforms
The case underscores the value of on-chain analysis in verifying the legitimacy of frozen funds. Changelly’s decision to hold the transaction appears consistent with standard anti-money laundering practices when illicit origins are detected.
Victims of crypto thefts are encouraged to report incidents to relevant authorities and use reputable tracing services. Platforms continue to enhance compliance tools, often collaborating with or benefiting from public investigations by figures like ZachXBT.
Also Read: The 2026 Pig Butchering Reckoning: Inside the Year’s Biggest Crypto Scam Crackdowns
