None of the roughly 13 bitcoin (BTC) acquired through Wednesday’s Twitter hack have been laundered, according to chain analysis conducted by Samourai Wallet.
But whoever it was is deep into the cryptocurrency space, with the BitMEX receipts to prove it, according to preliminary analysis from Samourai Wallet’s research arm, OXT Research. (A pastebin can be found here.)
“Confirmed, no signs of mixing. Majority of funds spent 1 or two hops and [are] now parked,” Samourai said in a Twitter DM to CoinDesk. “Really curious what their cash-out plan is.”Address histories can be matched against known wallets to paint a user's transaction history. The OXT bookmark with further information can be found here: https://oxt.me/BOOKMARK/5F1085FEE5C1653AB4A0A44CSource: Samourai Wallet
As of 14:00 UTC, the funds in at least one address are already under the control of Coinbase, Samourai added.
“Based on the history of the first destination address of the cryptoforhealth scam addresses, the scammers have a history of gambling on Bitmex and Coinbase usage,” Samourai researcher Ergo said in a Tweet.
“This is peak crypto,” Ergo added.
No coin-mixing involvement (yet)
Overall, Samourai says the hacker only used three Bitcoin addresses and has not sent any funds through a mixing service, as data provider CryptoQuant had previously tweeted. (CryptoQuant has since told CoinDesk it no longer believes the funds have been mixed.)
“Always a possibility the address is an unlabeled mixer, but I don’t see any hints, and one-time use addresses are very common in general and not a definitive pattern for mixers,” Ergo told CoinDesk.
Those addresses, however, linked to other addresses that Samourai tracked to the popular crypto derivatives platform BitMEX.
“Everything from the first address is being spent to this address 1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF, which looks to have been first funded via BitMex,” Samour...