Upbit’s hackers have started to move the stolen coins from the enormous Upbit cyberheist. The $342,000 ETH loot has been divided between four new different Ethereum addresses with smaller amounts being sent to cryptocurrency exchanges Binance and Huobi to test their response.
The actions of the unknown hackers indicate that they are not only attempting to diversify their stolen funds but also see if the exchanges would block the stolen funds or allow them to cash out.
South Korean cryptocurrency exchange Upbit suffered a major security breach on November 27, where unidentified hackers transferred 342,000 ETH out of the exchange’s hot wallet.
The cyber heist, which was one of the biggest recorded Ethereum thefts, brought into question Upbit’s cybersecurity and led many crypto enthusiasts to wonder how the hackers will ultimately cash out their coins.
Ethereum‘s transparent ledger permits simple tracking, which permitted Upbit to track down the stolen funds swiftly.
Nonetheless, the hackers divided $50 million worth of coins into four different Ethereum addresses to render following the transactions more difficult.
The transactions were usually split into lots varying from 10 ETH to 100,00 ETH.
At pixel time, the hacker’s initial Ethereum wallet is completely empty, and the 342,000 ETH is currently divided between four distinct wallet addresses.
The hackers seem to be mocking any spectators. The hackers’ original address comprises a set of pending transactions that have remained unconfirmed for nearly a full day.
Every single is for a small proportion of ETH, 0.00001337. ‘1337’ refers to ‘leetspeek’ for ‘elite,’ which is frequently deployed with regard to ‘elite hackers.’
It’s possible that the transactions will proceed unconfirmed since it appears that the hackers deliberately set their Ethereum transactions fees too little to be accepted by the network.
Diversifying the funds has not benefited the hackers since blockchain security company PeckShield identified all four wallet addresses and started to monitor the coins coming out of them thoroughly. PeckShield has been assisting Upbit to recover the stolen funds.
PeckShield co-founder Chiachih Wu noted that various small transactions had been sent from the addresses of hackers. Hackers have reportedly sent small amounts of the stolen funds to Binance and Huobi accounts, though the small quantities in the transactions suggest that the hackers have likely been testing the waters to see if the funds would get frozen after being deposited.
Cryptocurrency Exchanges State That Stolen Funds Will Be Immediately Frozen, But Hackers Could Leverage DEX
Changpeng Zhao, the CEO of Binance, pointed out that any stolen funds that end up on his company’s exchange will be immediately frozen.
Zhao also mentioned that Binance would work with Upbit and other industry players to ensure that any stolen funds are recovered.
Nevertheless, Zhao said that it would be practically impossible to stop the hackers from cashing out on Binance’s decentralized exchange since there are no accounts.
Binance DEX doesn’t require users to register accounts or provide personally identifiable information (PII) in order to trade, which is why numerous crypto enthusiasts anticipate the hackers to leverage Binance DEX.
Importantly, a large number of users have been sending micro-transactions and messages to the hackers’ wallets, signifying that employees of crypto exchanges are not the only individuals closely monitoring the stolen funds.
Other individuals have sent 40 transactions of small quantities of Ether to the wallet. Hence, it’s presumably to track any additional movement of the stolen funds– a method known as a dusting attack.
Theoretically, an extensive dusting attack could increase the likelihood of tracing the funds that come out of the hackers’ wallet.
Upbit has stated that every loss resulting from the cyberheist will be covered. Moreover, the crypto exchange said it would be fully functional in approximately two weeks and that every user who lost their funds in the security breach should be repaid by then.