A snap-shot investigation to follow the funds connected with yesterdays Twitter Hack of Jeff Bezos, ... [+] Elon Musk, and several celebrities to review where the fraudsters have transferred the funds into.
Performing an initial investigation to follow the funds related to the Twitter TWTR hack that happened on July 15 to Elon Musk, Jeff Bezos, Barack Obama, Joe Biden, Kanye West, Bill Gates and numerous other celebrities and executives of large technology companies, it is evident the many of those funds already hit reputable exchanges that might freeze the funds.
During the Twitter hack, the fraudsters, posing as celebrities, falsely informed users that they have decided to partner up with a mysterious organization called "CryptoForHealth" in order to 'give back to their community.' The scam has been covered extensively by several news outlets including Forbes contributors like Jasse Damiani, that reviewed the initial steps just after the hack.
As different celebrities were sharing and resharing those posts that turned out to be fraudulent, some of their followers decided to open up their own wallets and pay as well. More than $130,000 later, most of the posts had been removed, the website of CryptoForHealth shut down. Twitter stepped in to forbid some users to tweet, but it is high time to recover the funds to the victims or at least specify to which exchanges they have been sent.
Despite a common misperception as Bitcoin represents a pseudo-anonymous network, transactions performed on it are both visible to the general public and traceable. Addresses can be directly connected to particular exchanges.
As scammers are still moving funds between cryptocurrency wallets, investigators from all over the world have stepped in with the goal to identify types of exchanges and freeze the funds on different accounts.
From the initial review, it is evident that much of the funds have been transferred to Binance. In a recent statement to TechCrunch, Binance Security Team informed that they have been aware of the situation and launched an investigation, which is visible to the crypto community as their team marked several cryptocurrency wallets as fraudulent.
Earlier today, an article released by Cointelegraph revealed that addresses used by the hackers had previously been linked to Coinbase and BitPay, common names in the cryptocurrency exchange and merchant sphere.
According to our initial analysis the funds have reached many exchanges, but the core of the funds originated from the main Binance address. It is now clear that scammers were sending funds back and forth between different cryptocurrency addresses in an attempt to confuse law enforcement agents, wash them. Once completed fraudsters have sent a large parts of the funds to an address belonging to Binance yet again, which has been rather quickly discovered and flagged by the exchange.
Secondary besides Binance, it seems though that multiple exchanges like Bittrex, as well as MercadoBitcoin in Brazil have received funds from this scam already, said Sven Martinsson, the Founder & CEO of VALEGA Chain Analytics - a Blockchain Investigations and analytics firm working out of Finland.
Even though the investigation remains novel, due to the transparency of the open blockchain of Bitcoin, it is possible to follow different transactions to a different account at cryptocurrency exchange platforms. Being personally engaged in one such crypto exchange platform, competent and motivated compliance team members have a portfolio of tools and processes to stop such transactions in case they are being spotted. The fraudsters seem to know that so that there is a race for the fraudsters to try to exchange the funds to fiat currencies as soon as possible and Blockchain investigators to mark as many wallets as quickly as possible to freeze those funds.
Even though the identity of the scammers remains yet unknown, there are tools in place which allow for visualizing transactions between different accounts and exchanges that use the publicly available data and connect wallets to crypto exchanges.
Here are a couple of examples of how the fraudsters anticipated to hide their tracks. Everything starts on the left side in the middle of the graph, which represents the first address to which the scammers asked users to pay. Each additional connected line of dots represents their effort to hide their tracks and mix funds between different wallets and exchanges.
A more comprehensive description has been placed below each picture which represents a print screen out of a Blockchain Analytics Software.
Even though if this initial graph might not be the easiest to read, it represents the initial ... [+] address cryptocurrency address listed on the hacked addresses (red dot at the lower part of the picture on the left side). Once the scammers received the funds they started to distribute the funds to multiple different wallets. (the second line, looking from the left to the right). While receiving those funds scammers have been trying to transfer funds to more and new addresses to try to wash them to possibly exchange them back to FIAT currency. Green dots represent the addresses that already have been flagged as fraud, green represents addresses that have not YET been flagged in the system as of 6:30 PM CET. When expanding a few of those as an example, it is possible to see that a few were sent to an address that had not yet been associated with fraud or suspicious activities.
Zooming in closer to different dots allows us to directly view the cryptocurrency wallet address which has been used. It is connected to a particular wallet provider or a platform (with strong but not utmost certainty). In order to review where funds were directed and how much was sent.
Expanding further, one of the addresses gives an immediate hit on another Binance address (This ... [+] addresses has already been flagged by the exchange as of 6:30 PM CET)
It is visible that scammers used some of the addresses multiple times (the split the funds to ... [+] different addresses and send them to a new address) and not yet all of the wallets have been flagged as fraud.
Investigations performed by compliance teams take time as they are most likely performed by individuals who are working for different exchange platforms or geographies, so sometimes the funds are able to be transferred to an account before they are being flagged as fraudulent. Red accounts have been already marked as fraudulent.
By the time Binance, when this chart has been recorded most certainly the team behind Binance has ... [+] taken the appropriate countermeasures and flagged a Cryptocurrency wallet as Darknet wallet. Before this cryptocurrency wallet has been flagged, unfortunate significant amount of funds have passed across it to other addresses.
The fraudsters didnt stop at one platform there. Within hours, one of the cryptocurrency wallets in ... [+] which funds have not been moved, has finally initialled a transfer. (It is the red-dot at the bottom, which starts with Cpf)
Following each transaction and the connected spiderweb of transfers between cryptocurrency addresses helps to spot a time period in which fraudsters will try to wash funds with a legitimate exchange. As stated below, fraudsters launched a transfer to MercadoBitcoin in Brazil as well as Bittrex.com already.
The more paths have been explored the more exchange have been listed to which funds have been ... [+] transferred. This time funds were sent to a suspicious cluster (in yellow) of entities (mainly with tumblers and gambling companies, an easy way to launder money) Using the weakness of mostly national law enforcement agencies., fraudsters have approach many exchanges around the globe like MercadoBitcoin (an exchange in Brazil). Furthermore a Binance address to the left now considered a darknet entity.
This review is just a snapshot of the current stage of transfers performed by the fraudsters as of the afternoon of July 17th. It does not display traces in full to avoid obstructing justice or investigations. Even though it has been a Twitter hack and not a Bitcoin hack, the pseudo-anonymity of bitcoin and visibility of each transaction with tools like the wallet explorer does prove that the Crypto community is not helpless and knows more and more with each transaction the fraudsters perform. It is important to underline that it was not Bitcoin that got hacked, it was Twitter. Bitcoin was just the chosen means of payment.
Sven will release a collected investigation free of charge to anyone who can identify themself as an investigator in the process.
The transaction investigation remains ongoing. For security reasons and not to interfere with investigations, this is just a teaser to provide insights into different tactics of criminal networks. Exchanges in question have the appropriate means to stay compliant and do their reporting accordingly. This is NOT an attempt to defame or point any fingers and the statements are assumptions, not yet evidence. It remains a visualization of investigation that affected many users and the account holders on Twitter.
For transparency purposes - The contributor of this post is a Head of Compliance in one of the leading Cryptocurrency Exchanges in the Nordics called Safello.
He serves as a board advisor to Valega Chain whose team has launched an investigation to follow the stolen funds on his request. Statements about how Blockchain Analytics Tools work have been performed on the example of Valega Chain Analytics and should not be generalized to other Blockchain Analytics Tools as all of them have their own criteria, tools, and internal processes.
- Tokenized Bitcoin on Ethereum Now Tops $1.1 B: Here's Why - CoinDesk - Coindesk - September 25th, 2020
- 3 reasons why traders turned bullish after Bitcoin price surged to $10.7K - Cointelegraph - September 25th, 2020
- First Mover: Bitcoins Hit Exchanges as Bloomberg Touts Crypto and DeFi Hedge Fund Seeks $50M - CoinDesk - September 25th, 2020
- BitGo Is Bringing DeFi-Friendly Wrapped Bitcoin to the Tron Blockchain - CoinDesk - Coindesk - September 25th, 2020
- Keiser Insists 'Bitcoin Inversely Correlated To USD Not Stock Markets' After Crypto Market Tumble | Markets and Prices - Bitcoin News - September 25th, 2020
- Profit taking Bitcoin miners wont stop the next bull run: On-chain analyst - Cointelegraph - September 25th, 2020
- The Winklevosses have launched their bitcoin exchange in the UK - Wired.co.uk - September 25th, 2020
- Christies to sell its first non-fungible-token as part of epic Bitcoin artwork - Cointelegraph - September 25th, 2020
- Bitcoin-related ads are now streaming on Disney+ in some regions thanks to Zebpay - Cointelegraph - September 25th, 2020
- Cryptocurrency ETF by Nasdaq and Hashdex Approved to List on Bermuda Stock Exchange | Regulation - Bitcoin News - September 25th, 2020
- XSwap Started Yield Farming, The Highest APY Reaches 70,000% | Press release - Bitcoin News - September 25th, 2020
- Bitcoin sentiment at record lows Does it mean the price will go up? - Cointelegraph - September 18th, 2020
- Its a bull trap! 3 key metrics forecast Bitcoin price rejection at $11K - Cointelegraph - September 18th, 2020
- Bit Digital, Inc. Announced Officially to Cooperate with the World's Leading Bitcoin Colocation Partner In US - PRNewswire - September 18th, 2020
- How Bitcoin Correlations Drive the Narrative - CoinDesk - CoinDesk - September 18th, 2020
- Bitcoin hardware devices need to improve to handle complex transactions - Cointelegraph - September 18th, 2020
- First Mover: Bitcoin Investors the Sane Ones as Federal Reserve Cheers Inflation, Price Nears $11K - CoinDesk - CoinDesk - September 18th, 2020
- Why We Get Obsessed With Bitcoin - Decrypt - September 18th, 2020
- Tevoro.com Announces New Book Revealing What's Missing from Bitcoin, Ethereum and Other Cryptocurrencies - PRNewswire - September 18th, 2020
- Bank of England talks negative interest rates in best ad for Bitcoin - Cointelegraph - September 18th, 2020
- Fed, oil and record hash rate: 5 things to know in Bitcoin this week - Cointelegraph - September 18th, 2020
- Glen Oaks Escrow Announces It Assisted With Yet Another Bitcoin Transaction - PRNewswire - September 18th, 2020
- India's Crypto Bill Omitted From Parliament Agenda While New Ban Report Appears - Bitcoin News - September 18th, 2020
- First Mover: As Bitcoin Falls for Second Day, Long-Term Holders Probably Won't Care - CoinDesk - CoinDesk - September 5th, 2020
- Can You Have Your Bitcoin And Eat It Too? - Forbes - September 5th, 2020
- If Bitcoin Crashes Below $10,000 Its All OverHeres Why - Forbes - September 5th, 2020
- A Radical New Crypto Just Blew Past The Bitcoin Price All-Time HighUp A Shocking 3,500% In Just One Month - Forbes - September 5th, 2020
- First Mover: Buying Bitcoin's Dip, Betting Against Tether and Weighing the Jobs Report - CoinDesk - CoinDesk - September 5th, 2020
- Private Capital And Institutions Are Piling Into Bitcoin And Other Digital Assets But You Need To Know Where To Look - Forbes - September 5th, 2020
- Ethereum Soars 10% Overnight Implications For Bitcoin - Forbes - September 5th, 2020
- Bitcoin Down Almost 10% Today, You'll Be Surprised to Hear What's Next - FX Empire - September 5th, 2020
- So Far, a Nice Rise But Not a Wild Runup for Bitcoin Since the May Halving Event - Digital Transactions - September 5th, 2020
- Bitcoin Will Be Accepted for Tax Payments in Swiss Canton Zug Next Year | Taxes - Bitcoin News - September 5th, 2020
- The History of Bitcoin - WTOP - September 5th, 2020
- Wasabi Wallet Patches Flaw That Could Have Thwarted Bitcoin Privacy Feature - CoinDesk - Coindesk - September 5th, 2020
- Why Fusion's DCRM is The Best Option for DeFi Users | Sponsored Bitcoin News - Bitcoin News - September 5th, 2020
- Bitcoin Will Break Out This Year, Says Devere CEO | News - Bitcoin News - September 5th, 2020
- Tax Implications For Donations Of Bitcoin - Forbes - September 5th, 2020
- Protection Over Profit: What Early Mining Patterns Suggest About Bitcoins Inventor - CoinDesk - CoinDesk - September 5th, 2020
- Research: New Malware Employs Tor and Bittorrent To Steal Bitcoin and Ether | Security - Bitcoin News - September 5th, 2020
- Will Bitcoin Dump If Stocks Have Another COVID-19-Scale Crash? - Forbes - September 5th, 2020
- Elon Musk Confirms Serious Russian Bitcoin Ransomware Attack On Tesla, Foiled By The FBI - Forbes - September 5th, 2020
- 3rd Bitcoin SV Hackathon Finalists announced to compete for USD $100,000 - PRNewswire - September 5th, 2020
- Max Keiser thinks Warren Buffett will move to Bitcoin soon - Cointelegraph - September 5th, 2020
- Major Swiss Insurer Adds Bitcoin and Ether Payments | News - Bitcoin News - September 5th, 2020
- Warren Buffett Shifts Funds From US Amid Inflation Fears, Bitcoin's New All-Time High Expected | News - Bitcoin News - September 5th, 2020
- No interim injunction over bitcoin account where damages would be adequate - Lexology - September 5th, 2020
- Venezuela's Bitcoin Use Soars Amid Hyperinflation: 3rd on Global Crypto Adoption Index | News - Bitcoin News - September 5th, 2020
- Bitcoin market index back to fear on 91st anniversary of 1929 crash - Cointelegraph - September 4th, 2020
- China Is No Threat To Bitcoin, Promises Foundry CEO After $100 Million Bitcoin Mining Bet - Forbes - September 4th, 2020
- 3.5 Million+ Crypto Wallets Downloaded in July, Active Users up 110% in the Year | Wallets - Bitcoin News - September 4th, 2020
- Here Are The Key Levels To Watch In Bitcoin - Forbes - September 4th, 2020
- Ethereum Is Eating Bitcoin - Forbes - September 2nd, 2020
- Bitcoin Rally Fails After Breaking Through $12,000 - Forbes - September 2nd, 2020
- Fidelity Is A 1,000 Pound Bitcoin Gorilla In The Making - Forbes - September 2nd, 2020
- Is Bitcoin About to Explode? - TheStreet - September 2nd, 2020
- Russia Blocks Cryptocurrency Websites Ahead of Regulation | News Bitcoin News - Bitcoin News - September 2nd, 2020
- USD has more room to fall 5 things to watch in Bitcoin this week - Cointelegraph - August 31st, 2020
- Bitcoin In The Early Stages Of A Bull Market, Crypto Wallet Data Reveals - Forbes - August 31st, 2020
- Federal Reserve's Major Policy Shift to 'Push Up Inflation' Could Send Bitcoin Price to $500K - Bitcoin News - August 31st, 2020
- Bitcoin balks as the Fed talks, DeFi surge continues: Weekly recap - Cointelegraph - August 31st, 2020
- $140,000 of North Korean Bitcoin Targeted by DoJ Starts Moving - Decrypt - August 31st, 2020
- Bitcoin 'maximalists' accused of 'shilling' an SEC-cleared token - Cointelegraph - August 31st, 2020
- SEC Redefines Accredited Investors to Include Those With Proven Knowledge | Regulation - Bitcoin News - August 31st, 2020
- First Mover: Binance's Shrinking Trading Spreads and Bitcoin's Jackson Hole Fizzle - CoinDesk - CoinDesk - August 31st, 2020
- Blockchain Bites: What Rising Inflation Could Mean for Bitcoin and the US Dollar - CoinDesk - CoinDesk - August 28th, 2020
- Digital Dollar To Be In Competition With Bitcoin - Forbes - August 28th, 2020
- Fidelity Is A 1000 Pound Bitcoin Gorilla In The Making - Forbes - August 28th, 2020
- Tyler Winklevoss says US Fed is the biggest booster of Bitcoin price - Cointelegraph - August 28th, 2020
- New Binance Exclusive Reveals The Bitcoin Exchange Might Have A Serious Problem - Forbes - August 28th, 2020
- Explanation of the Stock to Flow Model as Bitcoin Pulls Back - Market Insights - TradeStation Market Insights - August 28th, 2020
- Here's Why Bitcoin Is A Must In Your Portfolio - Seeking Alpha - August 28th, 2020
- Market Wrap: Bitcoin Dips to $11.6K, ETH Options Predict Price Below $400 by End of Year - CoinDesk - CoinDesk - August 28th, 2020
- Fed, futures and fundamentals: 5 things to watch in Bitcoin this week - Cointelegraph - August 28th, 2020
- I would never invest one cent in Bitcoin, says Ryanair CEO - Cointelegraph - August 28th, 2020
- Re-Mining Simulation Shows Satoshi Used a Single High-End PC to Mine 1.1M Bitcoin - Bitcoin News - August 28th, 2020
- IMF Publishes Cryptocurrency Explainer, Saying It 'Could Be the Next Step in the Evolution of Money' | News - Bitcoin News - August 28th, 2020
- Bitcoin's presence in South Florida is growing - Key West Florida Weekly - August 28th, 2020
- Bitcoin price, charts, market cap, and other metrics ... - August 15th, 2020
- TradingView Confirms It: People Love Bitcoin And Tesla - Cointelegraph - August 15th, 2020