In summary
- A US government-controlled wallet that had been stripped of $20 million on Thursday received most of its funds back on Friday, adding another layer of mystery to transactions flagged by Blockchain analysts as likely connected to a high profile robbery.
- Approximately $19.3 million in funds, including Ethereum and the USDC stablecoin, were returned to the wallet early on Friday, according to on-chain data collected by Arkham Intelligence.
- The funds transferred to exchanges had not yet been returned, and the government-controlled wallet is still about $1.2 million short of what it had lost.
A US government-controlled wallet that had been stripped of $20 million on Thursday received most of its funds back on Friday, adding another layer of mystery to transactions flagged by blockchain analysts as likely connected to a high profile robbery.
Blockchain researcher ZachXBT had said in a tweet on Thursday that the transfers resembled the modus operandi of a malicious actor. Interacting with several decentralized finance protocols, the wallet had also used so-called instant exchanges after funds were moved through a series of transfers that “appeared suspicious.”
Approximately $19.3 million in funds had been returned to the wallet by early Friday, according to on-chain data collected by Arkham Intelligence, including Ethereum and the stablecoin USDC. Still, ZachXBT said on its Telegram community that funds transferred to exchanges had not yet been returned.
As of this writing, the government-controlled wallet is still about $1.2 million short of what it had lost, according to Arkham’s analytics platform. The funds had originally been seized by the US Department of Justice two years ago, in connection with the famous Bitfinex hack in 2016.
An hour after the government-controlled wallet received the funds back, they began flowing to a wallet with an address starting with “0x0Ca.” A small amount of Ethereum was transferred first, followed by a transfer of $6.1 million. Then, a small amount of aUSDC, an Aave-based version of the interest-bearing stablecoin, was followed by $11.6 million of aUSDC.
Lastly, $10 of USDC was sent to “0x0Ca,” followed by $7,180 of the stablecoin. That left the wallet in a condition resembling its depleted state on Thursday, containing just over $130 of a Trump-themed meme coin after another $170 worth of ETH was moved. The TRUMP token had been sent to the wallet by an unknown party earlier this year.
Previously, governments have sent small amounts of Cryptocurrency before exchanging digital assets in bulk. The German government, for example, used test transfers when selling millions of dollars in Bitcoin in July.
On Thursday, it was the use of the government-controlled wallet of Aave, a decentralized lending platform, that initially raised suspicions on Crypto Twitter. About $1.1 million in the Tether stablecoin and $5.4 million in USDC had been withdrawn.
Global Ledger, a blockchain analytics firm, wrote in a report on Friday that the threat actor had traded stablecoins for Ethereum using decentralized exchange (DEX) Uniswap and exchange aggregator 1inch, which seeks operations in multiple locations. The Ethereum flowed to a service called n.exchange and to nine different deposit addresses for Binance. According to ZachXBT, these are exchanges that use Binance as a source of liquidity.
In a 2021 blog post, Binance warned that nested exchanges “offer less security and fewer guarantees” than most trading venues, and are often used by cybercriminals. Often nested exchanges also have multiple accounts on different exchanges.
The blog post claimed that Binance has previously taken action against nested exchanges, including Suex, an exchange operated from Russia that was sanctioned by the US Treasury Department’s Office of Foreign Assets Control (OFAC) in 2021. The exchange said it proactively closed several accounts associated with Suex services.
Binance did not immediately respond to a request for comment from Decrypt.
Editor’s note: This story was updated after publication with additional details.
Edited by Andrew Hayward
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
For the Latest Crypto News, Follow ©KeynoteUSA on Twitter Or Google News.
Disclaimer: Please note that the information provided on this page is for News purposes only and should not be considered investment or trading advice. ©Crypto.keynoteusa.com strongly recommends that you conduct independent research and/or consult with a qualified professional before making any investment decisions.
