Most of the stolen funds after hacking this year’s Bithumb crypto exchange were sent to the Russian exchange Yobit according to the investigation performed by analysts.
To create a more complete picture, which led to a loss of $ 31 million, including 2,016 BTC, a team of analysts analyzed the transaction for the four days preceding the hack.
Investigators closely analyzed transactions, which took place four days before the Bithumb’s $31 million (2016 BTC) hack took place in June.
All funds withdrawn from Bithumb’s wallets from June 16 to June 20 were received by 39 wallets. By June 19, fixed assets were accumulated in one “1LhW” wallet. After that, the main transactions transferred funds to the wallet “18×5”. This address was noted by analysts as a cold wallet that belongs to the exchange itself, and it was the one that received the most funds in these four days.
However, on the 19th, the nature of the transfer of funds changed and transactions with a high commission of 0.1 BTC were initiated to two unknown purses, and then 1,050 BTC were withdrawn and deposited at addresses that had not previously appeared on the blockchain. The transfer of funds to these 38 addresses lasted more than a day with an unjustifiably high commission, reaching up to 0.2 BTC.
The remaining 38 wallets may belong to hackers and were replenished at 2002.52 BTC. All transactions took place from June 19 to June 20 and provoked a global increase in transaction fees and network overload.
At present, there are two options of all 38 wallets belonging to hackers or to Bithumb itself (even though Bithumb is taking a part in the official investigation, and such chances are not too high).
On August 2, analysts noticed the beginning of the movement of 1973.5 BTC from the tracked addresses to two accounts at Yobit exchange and from August 31 the transfer of the balance to 29 BTC to the CoinGaming.io service.