Bitfinex hack (August 2016). Stolen funds started to move again

BLIN Agency
2 min readDec 4, 2020

Funds stolen from Bitfinex in August 2016 started to move again on November 30, 2020.

This time, hackers continued to split a part of them into five different chains, using a peeling chain pattern. Here is the list of starting address for each of these chains:

1) 1KwU11JL2awoe8PfUbm3uTDZGUiRhi4PPG — 469.90427715 BTC

2) 1LBs7Ni9314yH8YPd6y3dBV5JZDChZRUzM — 416.33118958 BTC

3) 19ugyuSP6BtW9dQzfEw6wfeFNGSDwLidUB — 434.62062646 BTC

4) 1FeM44Hy1orHNx5A2QKsNjuy6PqUKP9ZxD — 400.47838445 BTC

5) 1C7he8kF2aUosWfy9WUePJbYC68ZZq2qZF — 321.40338290 BTC

So far, amounts of 0.3–0.85 BTC were split-off from the main chains. From December 03 they started to peel-off about 0.8 BTC, divided into two parts: about 0.3 BTC and 0.5 BTC.

By today, December, 04 hackers have transferred 1.38829177 BTC to the Binance exchange (see the diagram below). Transactions were made from the following addresses:

1) 35x7u9qEsXTCLhkToBxLgcEYbytVEC5sDx -

0.50787243 BTC

2) 3MYrFRpGsUiRUaVNzs8TCjGtFBPofswR9t — 0.88041934 BTC

It is worth noting that two outputs came from the address 3MYrFRpGsUiRUaVNzs8TCjGtFBPofswR9t: 0.50802550 BTC and 0.37239384 BTC.

The output of 0.50802550 BTC was obtained as a result of the funds split, which took place in October 2020.

In this regard, we think that hackers didn’t stop dividing funds since July 2020, working at a specific point in time with a certain set of funds.

We also believe that the current split of funds is done as a preparation stage for sending BTC to various services. Taking into account the transfer of funds to Binance, which was done without prior use of mixing services, we believe that hackers will repeat this pattern and transfer bitcoins to exchanges in small chunks and without using mixers.

--

--

BLIN Agency

BLIN.Agency provides investigation and tracking services in the blockchain area. WE TRACK CRYPTO ASSETS THROUGH MIXERS