A team at blockchain services company Coinfirm has been watching the erratic movements of the bitcoin associated with $40 million stolen in the latest Binance breach.
At 4:11 AM on May 8 the hacker or hackers moved 1214 BTC ($7.16 million) to new addresses and then moved another 1337 “to 2 new addresses held by the hacker.”
This is the fourth major exchange hack of the year, following Cryptopia, DragonEx and Bithumb.
The hack took place at 5:15:24PM on May 7 when hackers dragged over 7,000 bitcoin from a single Binance hot wallet into in a number of smaller wallets in a single transaction. The hackers then moved small amounts into smaller wallets. Given the nature of the BTC blockchain it’s easy to see where each Binance bitcoin is going but it is difficult to perform real forensics on the wallets in order to understand who – or what – created them.
Why the brisk back and forth movement? Writer and blockchain analyst Amy Castor thinks the hackers are trying to erase their tracks.
“Money laundering 101: breaking the transactions up into smaller and smaller amounts making them more and more difficult to track,” she said.