Blockchain analytics investigators have uncovered an individual linked to a cryptocurrency money laundering operation that offered stolen coins at discounted prices in recent high-profile exchange hacks.
In an exclusive interview with Cointelegraph, a representative from blockchain security firm Match Systems outlined an investigation into several major breaches using similar methods in the summer of 2023, which resulted in the discovery of individuals allegedly selling stolen cryptocurrency tokens through peer-to-peer transfers. coins.
Related: CoinEx Hack: Private Key Leaked Leads to $70 Million Stolen
Investigators successfully identified and contacted the individual who provided the stolen assets on Telegram. The team confirmed that the user took control of an address containing over $6 million worth of cryptocurrency after receiving a small transaction from the corresponding address.
The exchange of the stolen assets was then carried out via a specially created Telegram bot, which offered a 3% discount on the token’s market price. After initial conversations, the owner of the address reported that the initially offered assets had been sold and new tokens would be launched in approximately three weeks:
“This individual has been in contact with us to inform us of the start of new asset sales. Based on the available information, it is reasonable to assume that these funds came from CoinEx or Stake companies.”
The Matchmaking System team was unable to fully identify the person, but based on several screenshots and conversation times they received, they were able to narrow down their location to a European time zone:
“We believe he is not a member of the core team, but has ties to them, and may have been de-anonymized to ensure he does not misuse entrusted assets.”
The person also reportedly displayed “erratic” and “erratic” behavior during various interactions, suddenly leaving conversations with excuses such as “I’m sorry, I have to go; my mom called me to eat.”
“Typically, he would offer a 3% discount. Previously, when we first identified him, he would send potential customers 3.14 TRX as a form of proof.”
Match Systems told Cointelegraph that the individual accepted Bitcoin (BTC) as payment for discounting the stolen tokens and had previously sold $6 million worth of TRON (TRX) tokens. The latest offering from Telegram users lists $50 million worth of TRX, Ethereum (ETH) and Binance Smart Chain (BSC) tokens.
Blockchain security firm CertiK previously outlined in correspondence with Cointelegraph the movement of funds stolen in the Stake theft, with approximately $4.8 million of the total $41 million being laundered through various token flows and cross-chain exchanges. .
The FBI later determined North Korean Lazarus Group hackers were responsible for the Stake attack, and cybersecurity firm SlowMist also linked the $55 million CoinEx hack to the North Korean group.
This is slightly different from information obtained by Cointelegraph from Match Systems, which suggested that the perpetrators of the CoinEx and Stake hacks had slightly different identification codes in their methods.
Their analysis highlighted that the Lazarus Group’s previous money laundering activities did not involve the Commonwealth of Independent States (CIS) countries such as Russia and Ukraine, and the summer 2023 hack resulted in stolen funds being actively laundered in these jurisdictions.
RELATED: North Korean group carried out $41M equity hack: FBI
While the Lazarus hackers left a minimal digital footprint, recent events have left a large footprint for investigators. Social engineering was also identified as a key attack vector in the summer of hacking attacks, with Lazarus Group targeting “mathematical vulnerabilities.”
Finally, the company notes that Lazarus hackers often use Tornado Cash to launder stolen cryptocurrencies, and recent incidents have seen funds being mixed through protocols such as Sinbad and Wasabi. The key similarities remain striking. All of these hackers used BTC wallets as the primary repository for stolen assets, as well as Avalanche Bridge and mixers for coin laundering.
Blockchain data reviewed at the end of September 2023 showed that North Korean hackers stole approximately $47 million worth of cryptocurrencies this year, including $42.5 million in BTC and $1.9 million in ETH.
Magazine: Blockchain Detective: Mt. Gox Collapse Witnesses the Birth of Chainaanalysis
Svlook
