This time around, Clain has investigated the Hack of Binance Exchange that took place in May 7, 2019 and resulted in disappearance of 7074 BTC . In present value, the loss stands as high as 80 million US dollars.
We noticed that hackers started to launder the stolen funds on June 12, 2019, just a month after the initiated attack, and obfuscated the proceeds by using one of the famous crypto mixing services available - Chipmixer.Different colors imply change in address type.
It was pretty straightforward to trace the hacker's subsequent steps as it is practically impossible to launder big volume of coins in a relatively short period of time. Thus, we were able to detect the initial pool of hacker's addresses. Further extracting the features of those addresses allowed us to effectively recognise the subsequent change in ownership of the stolen funds applying the neural network.
We detected an extensive pool of Chipmixer's addresses in the course of the previous investigations and can confidently maintain that at least 4836 BTC of the hacker's monies was laundered through Chipmixer.
Chipmixer was bombarded with inflow of the hacker's funds in the magnitude it never operated before. Because of this huge volume, it is correct to assume that any outflow coming from Chipmixer these days is likely related to the same owner.ChipMixer Capital Flow
We attempted to match the input and output addresses of Chipmixer to detect further movement of the stolen funds. We assumed the hacker would periodically need to merge segregated funds from the mixer to effectively control them. Succeeded in detecting around 150 clusters, in which 10 BTC or more were eventually aggregated during the active period of money laundering, we estimated the total amount of funds sitting in those clusters to be over 5300BTC.
A closer look into these clusters' inflow data revealed a direct connection of 183 BTC with a chain of transactions t...