Home Blockchain News Investigation into NEM Hack, Potential Bitfinex Involvement? Blockchain Analysis Details Inside

Investigation into NEM Hack, Potential Bitfinex Involvement? Blockchain Analysis Details Inside

As most know, a significant amount of NEM tokens ($XEM) were hacked from Japanese exchange, Coincheck, last year, in which $530 million were extracted from the exchange.

The NEM was never recovered. However, it is traceable to a certain extent.

Later that year, it was discovered that a darkweb site had been set up to facilitate the exchange of NEM tokens for Bitcoin in an anonymous fashion (see source).

Below is one of the transactions associated in connection with this service:


Diving Down the Rabbithole

We’re going to start with the most recent link cited above, which has the transaction ID: 18cb6d0679a19b31b6f2f321088111ba2ee1a22d03ca170d85a96751dba94fa3


The majority of funds from the transaction (which has numerous inputs), can be seen heading directly to 1PQV39VVwfDnwY7W5JPReGFRiMnfJupWFg.

Checking the Affiliated Cluster

The address above is grouped in this cluster: https://www.walletexplorer.com/wallet/044c1db3e953a5a2/addresses

Crystal Blockchain Software confirms this clustering as well.

Notably, that cluster also contains the affiliated address: 18C35bBJxeXw8eUgDruc7Jo7p488wF4WKE

CoinMarket.com Connection

18C35bBJxeXw8eUgDruc7Jo7p488wF4WKE = Coinmarket (or attached to it)

User claims that it is part of their “final exit scam”

Experiences with CoinsMarkets.com?

Experiences with CoinsMarkets.com?bitcointalk.to‘Coinsmarkets’ is a defunct exchange that essentially extracted all user funds from the site at some point in 2017. Throughout 2018, they feigned solvency for a while before collapsing.

Notably, this 18C35 prefix address also has funds coming from 1AauwKcsQKmL6idtxp64Trv97N5cVrCDTn , which is attached to the original cluster containing Bitcoin that was swapped with hacked NEM coins.

Visualizing the Cluster

Thankfully, because of access to Crystal Blockchain Software, we can gain more information about the cluster address that the stolen bitcoins were attached to.

The metrics for the cluster address are displayed above in detail. However, we’re going to dig a bit deeper than that and see if we can find out more about the source of the bitcoins going into this cluster address.

In order to do so, we will track the highlighted transaction above, which sent the majority (14.1k bitcoins) of the bitcoins into the current cluster we are looking at.

Intro to Cluster #2

This cluster is our ‘source cluster’ address.

Below are pictures of the metrics and connections associated with this cluster.

The above does not necessarily implicate the exchanges listed, but it does give us a better idea of where funds were being sent from if those crypto exchanges wanted to take any action on those accounts.

Proceeding Forth to the Visualization

Now that we have a solid grasp of how the main cluster address was formulated, let’s see if we can track the distribution of funds via Crystal Blockchain’s visualization methods.

Tracking through, we can see a significant amount of illicit funds ended up at Bitfinex in one way or another.

One address that received a particularly large portion of funds is the deposit address 3HfYLED57Pd2pniUxEqUp7LX4sDo1aeos3.

Perhaps what is even more interesting is the fact that the majority of these funds ended up directly at Bitfinex’s cold wallet address. This can be seen in this transaction: d841ee94cee5c07f85d84cd50b9fd823d780e673a77ba81df4741293d0129fbd

Exchanges Where Funds Landed

Based on research, funds ended up at:

  1. Bitfinex
  2. OKex
  3. Kraken
  4. Localbitcoins
  5. Huobi
  6. Binance
  7. Gemini

Below are some pictures that show the intricacies in the routing of funds:

Concluding Notes

This most alarming discovery in the passage of wallets is that it appears that Bitfinex as an exchange was involved, in some facet, in the redirection of some of these funds.

This is stated because numerous deposit addresses (determined via their activity) were seen also sending funds out to various addresses. This is extremely unusual behavior for a true deposit address and it also indicates, definitively, that this redirection was done on behalf of the exchange.

Notably, not all Bitfinex deposit addresses function in this manner. In fact, the vast majority (98%+) simply send funds directly to the hot wallet address and on nearly no occasions are they sending funds directly to the cold wallet address, which is what we saw with transaction d841ee94cee5c07f85d84cd50b9fd823d780e673a77ba81df4741293d0129fbd.

It also notable that Bitfinex appears to be the central point of the transferred funds.


Source link

Must Read


As the world tries to grapple with the implications of 5G, researchers from China have already started looking into 6G. 6G will operate on...

Building a Continuous Integration pipeline

What is continuous integration? In the event that you haven’t used continuous integration systems in the past, let’s do a quick run through of what...

IOHK Joins Hyperledger

Leading blockchain research and development company behind Cardano, IOHK, has joined the Hyperledger consortium. Hyperledger is an open-source community focused on developing a suite of...

Transforming the pension system using blockchain

 When teachers retire, they expect accurate pension payouts. That’s also the goal of plan administrators, who have an obligation to ensure pension system integrity.Still,...

Business utilities of Machine Learning & Predictive Analytics

What’s the first thing that comes to mind when you hear “artificial intelligence” (AI)? While I-Robot was a great film, it doesn’t count. Many don’t realize how...

Google Meet gets AI based noise cancellation for video calls

Google has added a new noise cancellation feature on Google Meet that uses Artificial Intelligence (AI) to cancel out the noise in the background...

Highlighting AI Bias

On Monday, IBM made a monumental announcement: the company is getting out of the facial recognition business, citing racial justice concerns and the need...

Understanding Federal IT

http://www.podcastone.com/downloadsecurity?url=aHR0cHM6Ly9wZHN0LmZtL2UvY2h0YmwuY29tL3RyYWNrL0UyRzg5NS9hdy5ub3hzb2x1dGlvbnMuY29tL2xhdW5jaHBvZC9hZHN3aXp6LzE3MDYvMDYwOWZlZGVyYWx0ZWNodGFsa19wb2RjYXN0X21scDJfYWQyNzk4OWMubXAzP2F3Q29sbGVjdGlvbklkPTE3MDYmYXdFcGlzb2RlSWQ9N2UwNDEzYWItZmEyZi00YTdjLWJlMWItZmQwZmFkMjc5ODljKip8MTU5MjM4Nzc5NTM2OCoqfA==.mp3This week on Federal Tech Talk, host John Gilroy interviews Chase Cunningham, principal analyst serving security and risk professionals at Forrester Research. Cunningham has four patents,...

Artificial Brains Need Sleep Too

 States that resemble sleep-like cycles in simulated neural networks quell the instability that comes with uninterrupted self-learning in artificial analogs of brains.No one can...

Differenciating Bitcoin and Electronic Money

Bitcoin has the largest market share among virtual currencies, and is already being used on a daily basis overseas. Since it is a virtual...
banner image