Money Trail From Liquid Exchange Hack Points to Wasabi Privacy Wallets

According to research firm Crystal Blockchain, hackers who stole about $ 97 million worth of cryptocurrencies from the Liquid exchange used a privacy-focused Wasabi wallet to protect some of their profits.
Hacker-owned liquid wallet Bitcoin has been running for the past two weeks, according to publicly available blockchain data. For example, on August 29, 100 BTC (valued over $ 4.8 million) from a hacker-linked address was split and sent to two separate addresses, then split into smaller chunks for more. It was distributed to the address.
According to Crystal Blockchain data, at least some of Bitcoin (BTC, 3.91%) was sent to an address allegedly generated by the Wasabi wallet. According to Crystal, it was probably one of many similar deals hackers made with wasabi to separate the stolen money from his criminal record. Centralized exchanges tend to freeze funds known to come from hacking, manipulation and fraud, so using such funds or selling them in fiat money is an essential step.
According to Crystal, more than 437 BTCs (worth more than $ 20 million) related to Liquid hackers have been laundered using Wasabi’s CoinJoin feature, and the process is still ongoing.
Earlier this month, CoinDesk tracked other funds tracked outside Liquid, and Ethereum (ETH, 1.28%) and ERC20 tokens were sent to the online mixer and the Ethereum (DEX) decentralized exchange. I found.
Wasabi is a privacy-focused desktop portfolio that allows users to organize so-called CoinJoin transactions, making it harder to track Bitcoin in public ledgers. Multiple users can mix Bitcoin into a joint transaction and separate it from their previous payment history. It also helps to send transactions over the Tor network and hide the user’s IP address.
Wasabi is a non-storable wallet that does not store user funds, but generates the address of a CoinJoin transaction that the blockchain analysis tool has learned to identify. Cryptocurrency research firm Elliptic did so last year, following Bitcoin from the infamous Twitter hack to Wasabi-related addresses.
According to Crystal Blockchain product manager Kyrylo Chykhradze, identifying such addresses is more difficult than assigning them to crypto storage services, so Crystal “many checks before the final label” in system analysis. to hold. Wasabi did not immediately respond to the request for comment.
Swap and fall
According to Crystal Blockchain, liquid hacker-related wallets received a total of 1,168 BTC, most of which were obtained by exchanging other cryptocurrencies for Bitcoin on various exchanges.
CoinDesk previously reported that hackers stole xrp (XRP, -2.77%) tokens and sent them to three exchanges (Binance, Huobi, Poloniex) and exchanged them for Bitcoin on the first day after the attack. According to Crystal, the amount of Bitcoin was partially washed away by Wasabi’s CoinJoin address.
ERC20 tokens running on the Ethereum blockchain were sent to the Decentralized Exchange (DEX), exchanged for Ethereum, and then sent to Ethereum’s online mixer, Some tokens were exchanged for Bitcoin on the decentralized exchange Ren, adding 394 BTC to hacker storage, Phykhradze said.
“For almost two weeks, hackers have covered trucks in different ways. Large amounts of XRP, ETH, and ERC20 tokens have been converted to BTC or mixed by a tornado drying service,” said Chykhradze.
Dozens of BTCs were also put in some unknown wallets and left there for the time being.
Liquid, the Japanese cryptocurrency exchange, was hacked on August 18th. About $ 97 million has been diverted to various cryptocurrencies. The exchange will soon begin posting updates on the addresses where robbers and hackers have withdrawn money.
Several exchanges have worked with Liquid to mark and block addresses associated with hackers, they previously told CoinDesk. But in many cases, hackers were able to withdraw money faster than the exchange responded.

Categorized as gerit