Original author: ZachXBT, On-chain detective
Original translation: DeepSeek
Editor's Note: The article reveals the identity of a mysterious Hyperliquid whale associated with illegal activities, who profited approximately $20 million through high-leverage positions between January and March 2025. The investigation found that this individual exploited casino game vulnerabilities and phishing attacks to acquire funds, and engaged in high-leverage trading on Hyperliquid and GMX through multiple wallets. Ultimately, the whale was traced back to William Parker (formerly known as Alistair Packover), a convicted felon with multiple fraud and gambling-related offenses. Currently, the funds are primarily stored in an Ethereum address.
The following is the original content (reorganized for readability):
An investigation has revealed the identity of a mysterious Hyperliquid whale associated with illegal activities, who has profited approximately $20 million through high-leverage positions in recent weeks.
A trader opened multiple high-leverage positions on Hyperliquid and GMX between January and March 2025.
They drew widespread attention this month due to two on-chain transactions:
Before Trump announced cryptocurrency reserves, 0xe4d3 opened a large ETH and BTC long position with 50x leverage (profiting $10 million).
0xf3F4 opened a large BTC short position with 40x leverage (profiting $9 million).
I further investigated and identified the main counterparties of 0xf3f:
0x7ab8c59db7b959bb8c3481d5b9836dfbc939af21
0x312f8282f68e17e33b8edde9b52909a77c75d950
0xab3067c58811ade7aa17b58808db3b4c2e86f603
0xe4d31c2541a9ce596419879b1a46ffc7cd202c62
These addresses are associated with Roobet, Binance, Gamdom, ChangeNOW, Shuffle, Alphapo, BC Game, and Metawin accounts.
0xf3f signed a message for X account @qwatio, claiming they made $20 million on GMX and HL.
This implies that he must control the relevant wallets in this cluster for the $20 million figure to be accurate.
I replied to him on X yesterday, but the post was subsequently deleted.
Analysis of the X account used by 0xf3f suggests that the account may have been purchased at some point (recently renamed, inactive for years, and relatively old).
I noticed they followed @CryptxxCatalyst, an account that posted links to multiple phishing sites and replied to some people, attempting to deceive them.
I contacted @realScamSniffer, who regularly tracks these phishing sites.
In January 2025, a public address of the Hyperliquid whale was set as the receiving address for the projection[.]fi phishing site.
0x7ab8c59db7b959bb8c3481d5b9836dfbc939af21
0x7ab also received $17,100 directly from another phishing victim in January 2025, after which his wallet was traced this month.
Since 0x7ab was the first EVM address used by 0xf3f, I traced the funds back to withdrawals from four casinos on Solana.
83Dumvk6pTUYjbGrC1fizBziRzDqcyNx73ieJcVbp56b
I contacted one of the casinos, and they clarified that the funds originated from a vulnerability in the input validation of casino games.
They provided a now-deleted TG account: 7713976571, with whom they had negotiated regarding the exploit.
I found posts from that account in TG groups through open-source intelligence (OSINT).
I discovered three help posts in the GMX group from the same TG ID.
To verify this was the same person, I noted that the timestamps of these posts matched the times of 0xe4d3's on-chain transactions.
I traced a recent payment from 0xe4d3 to an unnamed individual, who confirmed they had been paid by the HL trader.
They provided a UK phone number for communication.
Public records suggest that this number is likely associated with the name William Parker.
Who is William Parker?
Last year, WP was arrested for stealing approximately $1 million from two casinos in 2023 and was sentenced in Finland.
Prior to this, WP was known as Alistair Packover (William Peckover) and later changed his name.
In the early 2010s, AP made headlines in the UK multiple times for fraud charges related to hacking and gambling (the age in the article matches current information). 
It is clear that WP/AP did not learn from his prison sentence for fraud and is likely to continue gambling.
Currently, the funds are primarily stored at the following address:
0x51d99A4022a55CAd07a3c958F0600d8bb0B39921
Here is a quick summary:
In January 2025, a repeat offender turned six-figure funds into $20 million through high-leverage on-chain trading after exploiting casino game vulnerabilities and phishing victims.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
