Hacker behind 1,400 BTC Electrum wallet theft transacted on Binance

Published at: Sept. 1, 2020

On Aug. 30, a Github user made a post about losing 1,400 Bitcoin (BTC) via an elaborate hack that affected his Electrum wallet. On-chain analysis indicates that the hackers had a Binance account and that some of the transactions used to move the stolen coins may have originated in St. Petersburg, Russia. However, It is important to note that conclusions afforded by on-chain research are generally more probabilistic than deterministic. 

On-chain analysis of the hack. Source: Cointelegraph, Crystal Blockchain.

Even so, there is no clarity on how the attack was perpetrated, as Electrum's software is considered to be secure if properly configured. The claimant said that the attack happened after he ran the wallet for the first time since 2017. He alleges that when he installed a software update, his entire balance was transferred to an unknown address.

Two hops away from the scammer’s address is a 5 BTC Binance withdrawal that occurred in January 2018. However, the corresponding transaction number is associated with over 75 different addresses, according to a Binance spokesperson, and is not from a specific Binance user. The exchange's CEO Changpeng Zhao tweeted yesterday that Binance has blacklisted the addresses involved:

We blacklisted the addresses involved, but ...

— CZ Binance (@cz_binance) August 30, 2020

After gaining control to over 1,400 BTC, the criminals began to move them around and diversify them into smaller wallets. On a few occasions, the Bitcoin node that processed these transactions was traced to St. Petersburg, Russia — though it is possible the thieves were using a VPN to obscure their true location.

Tags
Related Posts
Binance CEO Suggests Crypto Exchanges Are Safer Than Keeping One’s Keys
Changpeng Zhao, the co-founder and CEO of cryptocurrency exchange Binance, suggested that for most, keeping crypto assets on an exchange is safer than keeping the keys themselves. Zhao gave his comments in a tweet on Jan. 19 after famous crypto skeptic and gold bug Peter Schiff complained that he lost access to his Bitcoin (BTC). Invoking the phrase “SAFU” — a slanger term in the crypto community for “safe,” Zhao said: “Many hardcore crypto [organizations] advocate storing your own keys. But the truth is, today most people are not able to secure a key even from themselves (losing it). A …
Bitcoin / Jan. 20, 2020
Fake Tor Browser Steals Bitcoin From Darknet Users, Warns ESET
Major antivirus software supplier ESET has discovered a trojanized Tor Browser designed to steal Bitcoin (BTC) from buyers in the darknet. Fake browser distributed via 2 websites Targeting users in Russia, the fake Tor Browser was distributed via two websites and has been stealing crypto from darknet shoppers by swapping the original crypto addresses since 2017, ESET’s editorial division WeLiveSecurity reported Oct. 18. Created back in 2014, the two fake Tor Browser websites — tor-browser[.]org and torproect[.]org — are mimicking the real website of the anonymous browser, torproject.org. According to the Slovakian software security firm, these websites display a message …
Bitcoin / Oct. 18, 2019
Binance Hackers Bombard Chipmixer to Launder at Least 4,836 BTC
At least 4,836 Bitcoin (BTC) of stolen from Binance exchange in May 2019 was laundered through crypto mixing service Chipmixer. Attackers started laundering the stolen funds in a month after the hack Following a major Binance’s security breach that resulted in a loss of 7,000 BTC (more than $80 million at press time), hackers started to launder the stolen funds on June 12, 2019, according to research published by Luxembourg-based crypto capital flow firm Clain. As Clain noted in the study, it was pretty straightforward to trace the subsequent steps of the attackers as it is “practically impossible to launder …
Bitcoin / Aug. 8, 2019
Here's how to quickly spot a deepfake crypto scam — cybersecurity execs
Crypto investors have been urged to keep their eyes peeled for "deepfake" crypto scams to come, with the digital-doppelganger technology continuing to advance, making it harder for viewers to separate fact from fiction. David Schwed, the COO of blockchain security firm Halborn told Cointelegraph that the crypto industry is more “susceptible” to deepfakes than ever because “time is of the essence in making decisions” which results in less time to verify the veracity of a video. Deepfakes use deep learning artificial intelligence (AI) to create highly realistic digital content by manipulating and altering original media, such as swapping faces in …
Blockchain / Jan. 13, 2023
Binance, Huobi team up to recover $2.5M from Harmony One hackers
Security teams at crypto exchanges Binance and Huobi worked together to freeze and recover 121 Bitcoin (BTC) from hackers behind the Harmony bridge exploit. In a tweet, Binance CEO Changpeng Zhao announced that the hackers have tried to launder their funds through the Huobi exchange. After this was detected by Binance, they contacted and assisted Huobi to freeze and recover the digital assets deposited by the hackers. We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, …
Bitcoin / Jan. 16, 2023