Fenbushi co-founder puts up bounty to trace $42M stolen in 2022 wallet hack
Bo Shen, co-founder of blockchain venture firm Fenbushi Capital, has reopened the investigation into a major 2022 theft from his personal crypto wallet, this time adding a significant incentive. He has pledged a bounty of 10%-20% of any funds successfully recovered, inviting both individuals and specialized investigation teams to participate in tracking and reclaiming the stolen assets.
According to Shen, the reward will be paid out to any party that makes a “substantial contribution” to the recovery process, whether through intelligence, technical tools, law enforcement coordination, or direct asset seizure. The bounty is calculated on the portion of the $42 million that is actually recovered, not on the full original loss.
Shen emphasized that the affected assets were his personal holdings and did not belong to Fenbushi Capital or its investment vehicles. When the incident was first disclosed in November 2022, he stressed that the hack did not impact client funds, portfolio companies, or the firm’s operations, but remained a serious personal and reputational blow.
Since the breach, on-chain investigators and blockchain security experts have continued to monitor the movement of the stolen assets. Shen noted that independent researchers ZachXBT and Taylor “Tayvano” Monahan have already played a key role in the renewed effort. Their work has led to the freezing of approximately $1.2 million in assets believed to be tied to the theft, marking the first concrete recovery in a case that had appeared to be growing cold.
The original theft was later attributed to a compromise of Shen’s mnemonic seed phrase, the set of words that grants full access to a crypto wallet. Blockchain security firm SlowMist concluded that this seed phrase was somehow exposed or obtained by attackers, allowing them to drain the wallet without needing to bypass any additional protections. The case has frequently been cited as a high-profile reminder of how critical seed phrase security is in self-custody.
The stolen funds were substantial and diversified across several major cryptocurrencies. SlowMist’s analysis indicated that the attackers took roughly $38.2 million in USDC, 1,607 ETH, nearly 720,000 USDT, and about 4.13 BTC. After the theft, the assets were routed through multiple platforms and services, including instant exchange services such as ChangeNow and SideShift, in an apparent attempt to fragment and obscure the transaction trail.
At the time of the breach, Shen said, the industry’s investigative capabilities were significantly more limited. Cross-chain tracking, heuristic clustering of addresses, and automated anomaly detection tools were far less mature than they are today. This made it difficult to follow funds as they moved between different blockchains, exchanges, and mixing services.
In his latest update, Shen pointed to major advances in artificial intelligence-assisted analytics and on-chain forensics as the key reason for reviving the case. Sophisticated pattern-recognition algorithms, graph analysis tools, and improved data aggregation now allow investigators to reconstruct complex transaction paths that would have been extremely difficult to map in 2022.
These new tools can correlate wallet behavior across ecosystems, flag addresses connected to known threat actors, and identify unusual routing patterns that typically accompany laundering attempts. Shen believes that, together with human expertise and cooperation from service providers, this technological progress significantly increases the odds of identifying chokepoints where assets can be frozen or converted back into traceable instruments.
However, Shen remains cautious about expectations. He has repeatedly acknowledged that there is no guarantee of full or even partial recovery. Once assets have passed through multiple intermediaries, off-ramped to fiat, or been moved into privacy-focused environments, the practical chances of clawback often decline sharply. The bounty, he said, is meant to reward effort and success, not to create the illusion that recovery is assured.
Shen also framed the initiative as a broader experiment in how long-running crypto crime investigations might be handled in the future. He views the case as a real-world test of combining public bounties, open-source intelligence, private security firms, and advanced analytical technologies to tackle thefts that fall outside traditional banking rails.
From an industry perspective, the case underscores a persistent tension in crypto: while self-custody offers sovereignty and independence from centralized intermediaries, it also places full responsibility for security on the individual. A single point of failure-such as a compromised seed phrase-can lead to an irreversible loss of life-changing sums, with limited legal recourse.
The Shen incident has already been used in security trainings and risk assessments as an illustrative scenario. Experts highlight several possible attack vectors for seed phrase compromise: phishing campaigns that trick users into entering their seed into a fake interface, malware that scans for screenshots or text files, physical theft of written backups, or insecure cloud storage. Even sophisticated users can underestimate social engineering and operational risks.
In light of such cases, many security professionals advocate a layered protection model for high-value holders. This can include hardware wallets, multisignature arrangements, geographically distributed backups, and strict “never online” policies for seed storage. For institutional actors and wealthy individuals, some recommend dedicated custody solutions that blend self-custody principles with specialized operational controls and insurance.
Shen’s decision to publicly offer a bounty also reflects the growing role of independent on-chain analysts in modern crypto investigations. Over the past several years, individual researchers using open blockchain data have helped trace exploits, identify attacker clusters, and pressure centralized platforms to act when tainted funds arrive. These efforts blur the lines between private investigation, public watchdog work, and ad hoc community enforcement.
Bounties for information or recovery have become more common in high-profile crypto hacks, but they remain controversial. On one hand, they can motivate whistleblowers or intermediaries with privileged information to come forward. On the other, some critics argue that large bounties may unintentionally normalize negotiations with bad actors or intermediaries in criminal supply chains, and can complicate formal legal processes.
In Shen’s case, the bounty is not directed at the hacker for a “white-hat” style return, but rather at those aiding in the investigation. This distinction is important: the rewards are meant for investigators, analysts, and cooperating entities who help freeze or reclaim funds, not for those who carried out the theft. Shen has not publicly indicated any intent to grant immunity or concessions to the perpetrators.
The incident also raises questions about cross-border law enforcement collaboration. Crypto thefts often involve multiple jurisdictions, as attackers move funds through services registered or operated in different countries. Successful recovery typically requires coordination between exchanges, blockchain analytics firms, regulators, and police forces, each operating under different legal frameworks and evidentiary standards.
Shen’s renewed push comes at a time when regulators and policymakers are paying increased attention to crypto-related crime. Large, well-documented hacks are frequently referenced in discussions about anti-money laundering rules, travel rule enforcement, and the responsibilities of service providers in monitoring inflows and outflows. The way this case evolves may indirectly inform future regulatory expectations around how platforms respond to flagged funds.
For everyday users and investors, the story is another reminder that the apparent transparency of blockchain transactions does not automatically translate into easy restitution. While every movement of a stolen token may be visible on-chain, converting that visibility into legal action, seizures, and eventual restitution is slow, complex, and often incomplete. Victims may face years of uncertainty, even in well-publicized incidents.
Shen has indicated that once the recovery phase concludes-whatever the final outcome-his team plans to distribute rewards to those who contributed meaningfully. He has not yet published a detailed framework for evaluating contributions but suggested that both technical breakthroughs and actionable intelligence leading to freezes or returns will be considered.
Beyond the immediate financial stakes, Shen’s case is likely to continue serving as a reference point in debates about self-custody, security best practices, and the evolving toolkit for fighting crypto crime. It illustrates both the vulnerabilities that still exist in user behavior and infrastructure, and the growing capabilities of investigators who are learning to navigate an increasingly complex, multi-chain landscape.
For now, the fate of most of the $42 million remains unresolved. Whether new investigative techniques and a sizable bounty can overcome time, obfuscation, and jurisdictional barriers will be a closely watched test of how far crypto forensics and coordination have truly come since 2022.