Yahya Maghrab: The Digital Mask Behind Cryptocurrency Heists

Background and Overview

Yahya Maghrab, born on April 27, 2007, initially appeared as a legitimate entrepreneur, contributing to financial news platforms like Benzinga and writing for Youth Ki Awaaz, an Indian youth-oriented news portal. On social media, he portrayed himself as a successful digital marketer based in Miami, Florida. Maghrab’s X (formerly Twitter) profile, which has since been deleted, boasted an impressive international network, claiming connections with over 500,000 individuals. This curated online persona made him seem like a credible figure in the business world.

However, his public image began to unravel when a 2023 investigation by the prominent crypto investigator ZachXBT exposed Maghrab’s alleged involvement in a series of high-profile cryptocurrency thefts. These thefts were linked to SIM swap attacks, resulting in the theft of over $4.5 million from victims, most of whom were based in the United States. Maghrab’s activities highlight the accessibility of cybercrime to younger individuals, especially within the decentralized and often opaque cryptocurrency space.

---

The Scams and Methods

At the heart of Maghrab’s alleged activities were SIM swap attacks. These attacks involve transferring a victim’s phone number to a new SIM card controlled by the attacker. By intercepting SMS-based two-factor authentication (2FA) codes sent to the victim’s number, attackers gain access to sensitive accounts, including email, social media, and most critically, cryptocurrency wallets.

Maghrab reportedly conducted detailed lookups on X (formerly Twitter) accounts to identify potential victims. He passed this information to his accomplice, Skenkir, who executed the SIM swaps. In some cases, Maghrab was directly involved in orchestrating the attacks. Here are some of the most notable incidents:

1. Gutter Cat Gang (July 7, 2023): One of the largest reported attacks, this incident resulted in losses exceeding $720,000. Maghrab personally profited $250,000 from four transactions linked to a wallet address later flagged for fraudulent activities.
2. Bitboy Crypto (June 10, 2023): This attack targeted the prominent crypto influencer known as Bitboy Crypto. While the total loss amounted to $950,000, Maghrab reportedly received no payment from this heist due to another scammer, identified as Smoke, absconding with the stolen funds.
3. Slingshot Crypto (June 19, 2023): Losses totaled $36,000 in this incident, with Maghrab earning $9,700 from the stolen funds.
4. PleasrDAO Core Team Member Jamis (July 19, 2023): This was another major attack, where losses exceeded $1.3 million. One victim reportedly lost $807,000 in MAGIC tokens. Maghrab’s share from this operation amounted to $144,000.

In addition to SIM swap attacks, Maghrab collaborated with another accomplice, identified as HZ, to execute a “panel scam.” This particular fraud defrauded a victim named Amir of 136 ETH (equivalent to $250,000 at the time). The stolen funds were split evenly between Maghrab and HZ. HZ was later arrested, and law enforcement seized significant assets, including a Bored Ape Yacht Club (BAYC) NFT, luxury watches, and a Doodle NFT. These seizures further validated the claims against the duo.

Risks and Red Flags

Maghrab’s actions highlight multiple risks and warning signs for individuals and organizations. These include:

1. Anti-Money Laundering (AML) Risks:
   Maghrab’s handling of stolen cryptocurrency, particularly over 390 ETH ($720,000), underscores significant AML concerns. The decentralized and pseudonymous nature of cryptocurrencies makes tracking stolen funds challenging. Maghrab’s wallet address, which has been linked to numerous fraudulent transactions, exemplifies how stolen funds can be laundered and dispersed through the blockchain with minimal traceability.
2. Reputational Risks:
   Entities that have been associated with Maghrab, such as Benzinga or Youth Ki Awaaz, face reputational damage due to his alleged activities. While these platforms may not have been aware of his criminal undertakings, their affiliation with him, even indirectly, could raise questions about their vetting processes. Maghrab’s contributions to these platforms, once seen as legitimate, are now marred by allegations of fraud and cybercrime.
3. Red Flags:
   • Deletion of Online Profiles: Maghrab’s X account and other online profiles have been deleted, a common tactic used by individuals attempting to evade detection or dissociate themselves from their digital footprint.
   • Luxury Spending: Despite his young age, Maghrab’s luxury purchases, including high-end watches and unreleased Juice WRLD songs, suggest access to substantial illicit funds. These purchases were not consistent with the income of a typical 17-year-old entrepreneur.
   • Association with Known Scammers: His collaboration with Skenkir and HZ, both of whom have been implicated in criminal activities, raises concerns about his network and business dealings.

---

Criminal Proceedings and Legal Status

As of this report, there is no direct evidence of criminal proceedings against Maghrab, though HZ’s arrest indicates that law enforcement agencies are actively targeting individuals within this network. The complexity of international cybercrime cases, coupled with the decentralized nature of cryptocurrency, often results in delayed legal action. Maghrab’s wallet address, which has reportedly received over 390 ETH from illicit transactions, remains a key lead for investigators.

---

Key Points

1. Criminal Activity: Maghrab is implicated in over 17 SIM swap attacks, resulting in over $4.5 million in stolen cryptocurrency.
2. Collaboration: He worked closely with accomplices Skenkir and HZ to target victims and execute scams.
3. Major Incidents: Significant heists included $1.3 million stolen from PleasrDAO and $720,000 from the Gutter Cat Gang.
4. AML and Reputational Risks: Handling stolen funds and associating with known scammers present significant risks.
5. Red Flags: Deleting online profiles, luxury spending, and undisclosed relationships indicate attempts to cover tracks.
6. Legal Status: No direct evidence of lawsuits, sanctions, or arrests against Maghrab as of March 22, 2025.

---

Conclusion and Expert Opinion

The Yahya Maghrab case sheds light on the vulnerabilities of the cryptocurrency ecosystem and the ease with which cybercriminals can exploit these systems. It underscores the importance of robust security measures, such as avoiding SMS-based 2FA, utilizing hardware wallets, and regularly monitoring accounts for suspicious activity.

From an industry perspective, this case highlights the urgent need for regulatory reforms to enhance transparency and accountability in the crypto space. Law enforcement agencies and regulators must collaborate to close gaps in tracking stolen funds and prosecuting offenders.

Ultimately, the actions of individuals like Yahya Maghrab serve as a wake-up call for both consumers and institutions to remain vigilant in the face of evolving cyber threats. Cryptocurrencies offer immense potential but also come with significant risks, which must be addressed through education, technological advancements, and legal oversight.