Blockchain analytics investigators have recently made significant progress in uncovering a cryptocurrency laundering operation. This operation involves an individual who is selling stolen tokens at discounted prices from recent high-profile exchange hacks. The investigators have managed to identify, make contact with, and gather information about this individual through their thorough investigations. In this article, we will delve into the details of this investigation, the methods used by the individual, and the potential implications for the overall security of the cryptocurrency ecosystem.
The Discovery of the Individual
Speaking exclusively to Cointelegraph, a representative from blockchain security firm Match Systems shared insights into the ongoing investigation. The representative revealed that their investigations into several major breaches have pointed to an individual who is allegedly selling stolen cryptocurrency tokens via peer-to-peer transfers. The team successfully identified and made contact with this individual on Telegram after receiving a small transaction from the corresponding address containing over $6 million worth of cryptocurrencies.
The Method of Exchange
Once contact was established, the exchange of stolen assets was conducted through a specially created Telegram bot. This bot offered a 3% discount off the market price of the tokens. The investigation team managed to maintain contact with the individual, who reported that the initially offered assets had been sold. The individual also notified the team about the upcoming availability of new tokens, which were believed to be funds from CoinEx or Stake companies.
The Identity of the Individual
While the Match Systems team has not been able to fully identify the individual, they have narrowed down their location to the European time zone based on received screenshots and conversation timings. It is believed that the individual is not part of the core team but is associated with them, possibly as a guarantee against misuse of the delegated assets. Moreover, the individual displayed unstable and erratic behavior during interactions, often abruptly leaving conversations with excuses like “Sorry, I must go; my mom is calling me to dinner.”
According to Match Systems, the individual accepts Bitcoin (BTC) as the means of payment for the discounted stolen tokens. They have previously sold $6 million worth of TRON (TRX) tokens using this payment method. The latest offering from the individual includes $50 million worth of TRX, Ether (ETH), and Binance Smart Chain (BSC) tokens.
Connection to Previous Hacks
This investigation into the cryptocurrency laundering operation has shed light on connections to previous high-profile exchange hacks. Cybersecurity firm CertiK previously outlined the movement of stolen funds from the Stake heist, with a significant portion being laundered through various token movements and cross-chain swaps. The FBI has identified the North Korean Lazarus Group hackers as the culprits behind the Stake attack, while another cybersecurity firm, SlowMist, has linked the CoinEx hack to the same group.
Variations in Methodology
While previous Lazarus Group laundering efforts did not involve Commonwealth of Independent States (CIS) nations, the recent summer hacks witnessed stolen funds being actively laundered in these jurisdictions. The investigation by Match Systems reveals slight variations in the methodology used by the perpetrators of the CoinEx and Stake hacks. Additionally, social engineering has emerged as a key attack vector in the recent hacks, whereas the Lazarus Group primarily targeted “mathematical vulnerabilities.” The laundering of stolen cryptocurrency has also taken place through different protocols like Sinbad and Wasabi, as opposed to Tornado Cash used by the Lazarus Group.
This investigation highlights significant implications for the overall security of the cryptocurrency ecosystem. The use of BTC wallets as a primary repository for stolen assets, alongside the Avalanche Bridge and mixers for token laundering, is a consistent pattern observed in these hacks. The availability of blockchain data suggests that North Korean hackers have stolen an estimated $47 million worth of cryptocurrency in 2023 alone. This includes a substantial amount in BTC and ETH.
The discovery of an individual involved in a cryptocurrency laundering operation underscores the need for enhanced security measures within the cryptocurrency ecosystem. The investigations and findings of the Match Systems team provide valuable insights into the methods and behaviors of these malicious actors. It is crucial for cryptocurrency exchanges, users, and security firms to remain vigilant and collaborate in order to combat such criminal activities effectively.
Leave a Reply