Blockchain forensics firm Ciphertrace has traced funds obtained by the Twitter hackers in the ‘giveaway’ scam to peer-to-peer (P2P) exchanges and crypto gambling sites.
On July 21, Ciphertrace reported that 0.2 Bitcoin (BTC) had been transferred to a P2P exchange via a ‘peel chain’ also used by the hackers to move funds to a crypto casino.
Peel chains comprise chains of wallets that funds incrementally pass through to obfuscate the movement of illicitly obtained crypto. The tactic is believed to be favored by North Korean hackers — with Ciphertrace estimating that Chinese nationals linked to North Korea have laundered more than $100 million using peel chains.
Funds on the move
A day earlier, on July 20, Ciphertrace reported that the Twitter hackers had established several peel chains to move the stolen funds onto a variety of crypto exchanges, P2P marketplaces, and gambling platforms.
The security firm noted sums of between roughly 0.1 and 0.15 BTC being moved to exchanges located in India, the United States, and Turkey.
Ciphertrace has identified 18 transactions in total made by the hackers to various crypto platforms in total, including more than 1 BTC that was sent to a regulated exchange in Singapore.
While early reports showed that many of the hackers’ transfers were destined for coin mixing services, the scammers appear to have since directed their laundering efforts to crypto trading venues.
Ciphertrace also identified a transfer to an old Binance cold wallet which the firm believes was intended to troll investigators.
Ciphertrace launches ‘predictive risk scoring’
Ciphertrace today announced the introduction of “real-time transaction risk scoring” intended to flag suspicious Bitcoin transactions prior to their confirmation to its software suite.
The new software is intended to allow crypto exchanges, payment processors, and ATM operators to rapidly freeze and investigate suspicious transactions before they are finalized on the blockchain.