Blockchain analytics investigators have recently made a significant breakthrough in their efforts to uncover the individuals behind a cryptocurrency laundering operation. The investigators, from blockchain security firm Match Systems, have identified a person allegedly selling stolen cryptocurrency tokens from high-profile exchange hacks at discounted prices through peer-to-peer transfers. These findings shed light on the methods used in several major breaches throughout the summer months of 2023.
According to Match Systems, the investigators were able to make contact with an individual on Telegram who was offering stolen assets. After receiving a small transaction from the corresponding address, the team confirmed that the user was in control of an address containing over $6 million worth of cryptocurrencies. The exchange of stolen assets was facilitated through a specially created Telegram bot, which offered a 3% discount off the market price of the tokens.
The individual behind the operation notified the investigators about the commencement of new asset sales, indicating that these funds could potentially be from CoinEx or Stake companies. Although the investigators have not been able to fully identify this person, they have narrowed down their location to a European time zone based on received screenshots and the timings of conversations. It is believed that this individual is associated with the core team responsible for the hacks, possibly having been de-anonymized as a guarantee that they will not misuse the stolen assets.
The investigators have also noted the individual’s unstable and erratic behavior during interactions. They reported instances where the person abruptly left conversations, using excuses like “Sorry, I must go; my mom is calling me to dinner.”
Related Post
In terms of payment, the individual accepts Bitcoin (BTC) for the discounted stolen tokens. The investigators learned that the person had previously sold $6 million worth of Tron (TRX) tokens and is currently offering $50 million worth of TRX, Ether (ETH), and BNB (BNB) tokens.
This discovery by Match Systems aligns with the findings of blockchain security firm CertiK, which had previously outlined the movement of stolen funds from the Stake heist. It is estimated that around $4.8 million of the total $41 million stolen was laundered through various token movements and cross-chain swaps. The United States Federal Bureau of Investigation later identified North Korean Lazarus Group hackers as responsible for the Stake attack. Cybersecurity firm SlowMist also linked the $55 million CoinEx hack to the same North Korean group.
However, Match Systems’ analysis suggests that the CoinEx and Stake hacks had slightly different identifiers in methodology. While previous Lazarus Group laundering efforts did not involve Commonwealth of Independent States nations like Russia and Ukraine, the 2023 summer hacks saw stolen funds being actively laundered in these jurisdictions.
The investigators noted that recent incidents have left more breadcrumbs for their analysis compared to the minimal digital footprints left by Lazarus hackers. Social engineering was identified as a key attack vector in the summer hacks, while the Lazarus Group mainly targeted “mathematical vulnerabilities.” Additionally, the laundering methods employed by recent hackers differed from those used by the Lazarus Group. While Lazarus hackers typically used Tornado Cash, recent incidents have involved funds mixed through protocols like Sinbad and Wasabi. BTC wallets and platforms like Avalanche Bridge and mixers have also been used for token laundering.
As of mid-September, North Korea-linked groups had already stolen a total of $340.4 million in crypto in 2023, according to Chainalysis.
The revelations by Match Systems highlight the ongoing challenges faced by investigators in the cryptocurrency space. While the efforts of security firms and law enforcement agencies have led to significant advancements in combating crypto-related crimes, perpetrators continue to find new ways to exploit vulnerabilities. The need for advanced blockchain analytics tools and increased collaboration between stakeholders in the industry is crucial in identifying and stopping such illegal activities.
