Twitter Hacker Used BitMEX According To On-Chain Data

The Twitter hacker is reportedly a BitMEX trader but none of the 13 bitcoin acquired from the hack has been laundered according to an analysis conducted by Samourai Wallet, as we are reading more in the latest Bitcoin scam news.

Samourai contacted CoinDesk via twitter and said:

“Confirmed, no signs of mixing. Majority of funds spent 1 or two hops and [are] now parked. Really curious what their cash-out plan is.”

Blockchain transactions leave a web of information as they move from address to address. (OXT Research)

As of 14:00 UTC, the funds are in one address which is under control of Coinbase. Samourai researcher Ergo also said:

“Based on the history of the first destination address of the cryptoforhealth scam addresses, the scammers have a history of gambling on Bitmex and Coinbase usage. This is peak crypto.”

Samourai says that the Twitter hacker used three BTC addresses but didn’t send any funds through a mixing service as the CryptoQuant provider reported. Ergo said that there’s always the possibility that the hacker used an address in an unlabeled mixer but these one-time addresses are very common and are not a definitive patter for the mixers. The addresses, however, are linked to other addresses that Samourai tracked to the popular crypto platform BitMEX:

“Everything from the first address is being spent to this address 1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF, which looks to have been first funded via BitMex.”

Address histories can be matched against known wallets to paint a user’s transaction history. (OXT Research)

The on-chain data shows the services are tracked where the funds are moving while in this case, the address had been previously used by a BitMEX trader for moving funds off the platform. However, the crypto exchange has less strict ID policies known as the Know your customer policies for trading on its domain. The exchange could not be so helpful in finding the hacker after all. Ergo commented:

“At best investigators can subpoena any relevant account info including IP addresses[;] from there, they can glean some additional info from on-chain data including source of funds.”

The other popular crypto exchange Coinbase on the other hand had very strict policies regarding the know your customer requirements. Ergo says that the best chance of identifying the hacker comes from this crypto exchange:

“OXT Reasearch has also noted a small spend of scammed coins to Binance. Other than the history of 1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF, the links to exchanges and known entities remain minimal.”

DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]