Crypto Hackers Run, Can’t Hide in the Shadows From the Light

With whale bots tweeting these transactions and exchanges working with authorities, the anonymous hackers seem to have nowhere to hide.

Hackers are Hodlers

On Aug. 4, Bitfinex, which was the victim of a 2016 hack that lost them over $1.3 billion of bitcoin (BTC) at today’s rates, offered a $400 million bounty for information leading to the return of their funds. The proposal did not require the hackers to be brought to justice. It even appeared to absolve the hackers should they themselves return the funds in return for the reward. It turns out, the hackers weren’t interested. On Aug 16, those hackers moved 467.67 ($5.7 M) BTC into a new wallet, apparently shrugging off their get out of jail free card. But as Binance CEO CZ tweeted on Oct. 15, these hackers are hodlers. This was in response to an Oct. 15 Whale Alert tweet that Bitfinex hackers moved 142.2 BTC ($1.6 million) to an unknown wallet. Four years after the hack, those criminals are neither identified nor have they, at least in an obvious way, cashed out their winnings. Crypto-enthusiast Crypto Bull replied that the hackers were probably moving the funds to sell them. But splitting up stolen bitcoin into smaller sums only does so much to mask its origin.

they are not holders
they are trying to figure it out how to sell it

— Bull Run (@BullCryptochain) October 15, 2020

Meanwhile, KuCoin is still recovering from a hack that robbed the exchange on Sept. 26 of $150 million in crypto.

Digital Mattress Stuffing

The reason for this digital mattress-stuffing is not entirely clear. Certainly, hackers could be looking for a way to sell their stolen crypto. Part of the problem for bitcoin hackers these days appears to be the amount of attention. Since whale bots are constantly tweeting large movements and have flagged wallets known for malfeasance, it is harder to move funds unnoticed. BeInCrypto previously reported about the difficulty of laundering stolen Bitcoin. North Korean hackers, though adept at stealing crypto, have had some difficulty converting it into usable fiat. There are some technical tricks of the trade, but a major tactic in laundering crypto appears to be splitting up purchases into small chunks over thousands of addresses and then moving those funds around thousands of times. With the immutability of the blockchain, the funds are still traceable only it takes a lot longer and is a bigger headache for authorities. With the 2016 Bitfinex hack and the 2020 KuCoin hack, the culprits appear to face similar problems. Any address that has touched the stolen goods is tainted since authorities have flagged them and centralized exchanges can blacklist them. KuCoin CEO Johnny Lyu has claimed to have identified the culprits of his attack. KuCoin claims to be working with authorities to bring the thieves to justice and return the funds, but that did not stop those thieves from moving huge sums of money, according to Whale Alert.

⚠ 4,000 #ETH (1,469,285 USD) of stolen funds transferred from Kucoin Hack 2020 to unknown wallet

Tx: https://t.co/cqjdEySR6n

— Whale Alert (@whale_alert) October 17, 2020

Baby Steps

The hackers continue to shuffle around money, and its route of exit from the blockchain is anyone’s guess. Atomic swaps with a privacy coin such as XMR could also be an escape route.

⚠ 8.13613 #BTC (93,476 USD) of stolen funds transferred from Bitfinex Hack 2016 to unknown wallet

Tx: https://t.co/BiiQ95ueMc

— Whale Alert (@whale_alert) October 18, 2020

Monero Labs recently funded an upgrade that should bring Monero into the world of Atomic Swaps. This would allow anonymous cross-chain swaps, and the traceable BTC could transform into a less traceable currency. That still leaves the difficulty of how to sell XMR for fiat without arousing suspicion. Meanwhile, the KuCoin hackers dumped millions of dollars in ERC-20 tokens on decentralized exchanges. These exchanges, such as Uniswap, are theoretically immune to consensus action and veil the hackers’ identifies as much as possible. With Europe cracking down on dark-web privacy-coin purchases, and Uniswap gaining attention because of bad actors, nobody knows how long these privacy techniques will remain viable. At the same time, the crypto industry continues to boom, and new solutions could arise any day.