50x Hyperliquid Whale Identity Revealed, Turns Out to Be a Fraudster Featured in UK News Headlines?

Original Author: ZachXBT, On-chain Detective
Original Translation: DeepSeek

Editor's Note: The article reveals the identity of a mysterious Hyperliquid whale associated with illegal activities, who profited approximately $20 million through high leverage positions from January to March 2025. The investigation found that this individual exploited casino game vulnerabilities and phishing attacks to obtain funds, and engaged in high-leverage trading on Hyperliquid and GMX through multiple wallets. Ultimately, the whale was traced back to William Parker (formerly known as Alistair Packover), a convicted criminal with a history of fraud and gambling. Currently, the funds are mainly held in an Ethereum address.

The following is the original content (slightly rearranged for readability):

An investigation has revealed the identity of a mysterious Hyperliquid whale associated with illegal activities, who made approximately $20 million in profit through high leverage positions in the past few weeks.

A trader opened multiple high leverage positions on Hyperliquid and GMX between January and March 2025.

They gained widespread attention this month due to two on-chain transactions:

- Before Trump announced the cryptocurrency reserves, 0xe4d3 opened a significant amount of ETH and BTC long positions with 50x leverage (profiting $10 million).

- 0xf3F4 opened a large BTC short position with 40x leverage (profiting $9 million).

I further investigated and identified the main counterpart of 0xf3f:

0x7ab8c59db7b959bb8c3481d5b9836dfbc939af21

0x312f8282f68e17e33b8edde9b52909a77c75d950

0xab3067c58811ade7aa17b58808db3b4c2e86f603

0xe4d31c2541a9ce596419879b1a46ffc7cd202c62

These addresses are associated with Roobet, Binance, Gamdom, ChangeNOW, Shuffle, Alphapo, BC Game, and Metawin accounts.

0xf3f had signed a message for X account @qwatio, claiming they made $20 million on GMX and HL.

This implies that they must control the wallets associated with this cluster for the $20 million figure to be accurate.

I replied to him on X yesterday, but the post was subsequently deleted.

An analysis of the X account used by 0xf3f suggests that the account may have been purchased at some point in time (recent name change, long period of inactivity, relatively old account).

I noticed they are following @CryptxxCatalyst, an account that has posted links to multiple phishing websites and has replied to some individuals attempting to deceive them.

I reached out to @realScamSniffer, who actively tracks these phishing websites.

In January 2025, a public address of the Hyperliquid whale was set as the receiving address for the projection[.]fi phishing website.

0x7ab8c59db7b959bb8c3481d5b9836dfbc939af21

In January 2025, 0x7ab also directly received $17,100 from another phishing victim, and later, his wallet was traced this month.

Since 0x7ab is the first EVM address used by 0xf3f, I traced the funds to withdrawals from four casinos on Solana.

83Dumvk6pTUYjbGrC1fizBziRzDqcyNx73ieJcVbp56b

I contacted one of the casinos, and they clarified that the funds originated from an input validation vulnerability in the casino games.

They provided a now-deleted Telegram account: 7713976571, with whom they had negotiated with the exploiter of the vulnerability.

I found a post from this account in the TG group through Open Source Intelligence (OSINT).

I discovered three help posts posted by the same TG ID in the GMX group.

To verify it's the same person, I noticed that the timestamp of these posts aligns with the on-chain transaction of 0xe4d3.

I traced 0xe4d3's recent payment to an unnamed individual who confirmed they had been paid by an HL trader.

They provided a UK phone number to communicate with them.

Public records indicate that this number is likely associated with the name William Parker.

Who is William Parker?

Last year, WP was arrested and sentenced in Finland for stealing approximately $1 million from two casinos in 2023.

Prior to this, WP was known as Alistair Packover (William Peckover) before changing names.

In the early 2010s, AP made headlines in the UK for fraud charges related to hackers and gambling (age in the articles aligns with current information).

It is evident that WP/AP did not learn their lesson after serving time for fraud and is likely to continue gambling.

Currently, funds are primarily held in the following address:

0x51d99A4022a55CAd07a3c958F0600d8bb0B39921

Here is a quick summary:

In January 2025, an individual with a history of crime leveraged a casino game vulnerability and phished victims, turning a six-figure sum into $20 million through high-leverage on-chain transactions.

「Original Article Link」

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia