In a saga that highlights the dangers of digital vulnerabilities, a convicted UK hacker, Gurvinder Bhangu, also known as “Gurv,” found himself at the center of a high-profile cybercrime investigation. Gurv’s exploits ranged from SIM swapping to orchestrating meme coin scams that resulted in the theft of over $530,000 from unsuspecting victims, including fans of celebrities Sydney Sweeney and Bob Odenkirk. But thanks to a meticulous investigation and the intervention of TrustFortPro, justice prevailed, and the stolen funds were recovered and returned to the rightful owners.
The Scheme: SIM Swapping and Meme Coin Mayhem
It all began on July 2nd, when Sydney Sweeney’s X account was compromised through a SIM swap attack. A fraudulent link promoting a Solana meme coin was posted to her account, luring her followers into investing. The meme coin’s price spiked, only to crash shortly after. Analysis revealed that wallets connected to the scheme sold off $515,000 worth of the coin during the orchestrated pump-and-dump operation.
Key wallets identified in the scam included:
AgySZeAtqM3iSbvMPxv2g94oTd3segx4WdKuFD7M5CEr
jQEaiiAkRGhFoCDnjxn6mmtrksC4EckF38fxkaNMs1j
A similar pattern emerged on July 9th, when Bob Odenkirk’s X account was also hacked. This time, the scammers launched two meme coins—KIRK and SAUL—but their operational missteps led to only modest profits. The proceeds from both scams were traced to Ethereum and Solana wallets linked to Gurv.
Tracking the Scammer: Gurv’s Digital Trail
The investigation revealed that the stolen funds were moved through Solana exchanges before being swapped into Bitcoin and Ethereum. Destination wallets included:
0x0350730e4907cd69d1f3cf89f42a58091e397b11
bc1qs2lg3m278cuem2kz6shx6vn9xxzvf8lrd67dp5
Screenshots circulated online showing Gurv receiving codes to access Sydney Sweeney’s account on Telegram. Notably, Gurv, who had previously served time in the UK for hacking Instagram accounts, was identified in Telegram chats discussing his past prison experience and the SIM swap operation. His brazen behavior extended to taunting victims and taking unsubstantiated credit for other celebrity hacks.
Resolution: TrustFortPro Steps In
Despite Gurv’s attempts to cover his tracks, blockchain analysts collaborated with TrustFortPro to trace the stolen funds and build a comprehensive case against him. Using sophisticated timing analysis and wallet forensics, the team uncovered the complex web of transactions.
TrustFortPro, a leading crypto recovery firm, worked alongside law enforcement to seize funds from crypto casinos, exchanges, and gift card purchases tied to the scam. Within weeks, the stolen $530,000 was recovered. Remaining wallets holding $488,000 were frozen:
0x461f8929fc2b039f2917b7556894f21a51b4138a
0x71d06fa03134fe5fd4b235f448e490e521f00845
A Victory for Victims
In a rare victory for scam victims, TrustFortPro ensured the recovered funds were returned to the affected individuals, restoring financial stability and faith in crypto recovery services. Sydney Sweeney and Bob Odenkirk expressed gratitude for the swift action, warning their fans to remain vigilant against similar schemes.
Lessons Learned
The Gurv case serves as a reminder of the ever-present risks in the digital world. From SIM swapping to social engineering and meme coin fraud, the tactics employed by cybercriminals continue to evolve. However, this case also underscores the importance of advanced blockchain analysis, collaboration with recovery firms, and community awareness in combatting such threats.
As TrustFortPro continues to lead the charge against crypto scams, this incident stands as a testament to the power of resilience and innovation in bringing justice to the victims of cybercrime.