Solutions Products

Binance Hack 2019 – A Deep Dive Into Money Laundering And Mixing.

This time around, Clain has investigated the Hack of Binance Exchange that took place in May 7, 2019 and resulted in disappearance of  7074 BTC . In present value, the loss stands as high as 80 million US dollars.

We noticed that hackers started to launder the stolen funds on June 12, 2019, just a month after the initiated attack, and obfuscated the proceeds by using one of the famous crypto mixing services available - Chipmixer.

Different colors imply change in address type.

It was pretty straightforward to trace the hacker's subsequent steps as it is practically impossible to launder big volume of coins in a relatively short period of time. Thus, we were able to detect the initial pool of hacker's addresses. Further extracting the features of those addresses allowed us to effectively recognise the subsequent change in ownership of the stolen funds applying the neural network.

We detected an extensive pool of Chipmixer's addresses in the course of the previous investigations and can confidently maintain that at least 4836 BTC of the hacker's monies was laundered through Chipmixer.

Chipmixer was bombarded with inflow of the hacker's funds in the magnitude it never operated before. Because of this huge volume, it is correct to assume that any outflow coming from Chipmixer these days is likely related to the same owner.

ChipMixer Capital Flow

We attempted to match the input and output addresses of Chipmixer to detect further movement of the stolen funds. We assumed the hacker would periodically need to merge segregated funds from the mixer to effectively control them. Succeeded in detecting around 150 clusters, in which 10 BTC or more were eventually aggregated during the active period of money laundering, we estimated the total amount of funds sitting in those clusters to be over 5300BTC.

A closer look into these clusters' inflow data revealed a direct connection of 183 BTC with a chain of transactions the hacker committed prior to laundering. We believe there are other 814 BTC likely to share the same connection, but it needs be validated as soon as the funds start moving. As regards to remaining amounts, we think the hacker is yet to merge them, so once he attempts to do it, we will be able to effectively spot these transactions and recognize the same pattern.

There is no evidence to support that the hacker had transferred money to exchanges. At this point in time, he actively attempts to break up the direct relationship with the illicit sources by using Chipmixer.

The unexpected outcome.

Among laundered money with Chipmixer, we have detected over 1032 BTC attributed to the previous hack of BitPoint Exchange. We are in the middle of conducting investigation related to this hack...

Subscribe to a newsletter!

We are happy to talk

we are happy to talk and will get back to you as soon as possible