A Regtech/blockchain forensics firm called Clain has determined that hackers who stole 7074 Bitcoins (worth $80 million USD) from the Binance exchange in May used a tumbling service called Chipmixer to obfuscate movements of the stolen funds.
Clain, “a start-up…that provides enhanced AML/KYC solutions in decentralized networks,” says it watched hackers “bombard” Binance Bitcoins onto Bitmixer, “in the magnitude it never operated before.”
“We detected an extensive pool of Chipmixer’s addresses in the course of the previous investigations and can confidently maintain that at least 4836 BTC of the hacker’s monies was laundered through Chipmixer,” Clain writes.
Once pooled on Bitmixer, the coins were jumbled with those of other users before being “refracted” out into many smaller sized “wallets” controlled by hackers.
The hackers sent so many Bitcoins to Bitmixer that Clain concludes, “it is correct to assume that any outflow coming from Chipmixer these days is likely related to the same owner.”
Clain is now watching the smaller wallets:
“We attempted to match the input and output addresses of Chipmixer to detect further movement of the stolen funds. We assumed the hacker would periodically need to merge segregated funds from the mixer to effectively control them. Succeeded in detecting around 150 clusters, in which 10 BTC or more were eventually aggregated during the active period of money laundering, we estimated the total amount of funds sitting in those clusters to be over 5300BTC.”
Any more mergers will arouse attention, says Clain:
“As regards to remaining amounts, we think the hacker is yet to merge them, so once he attempts to do it, we will be able to effectively spot these transactions and recognize the same pattern.”
The company also believes is unlikely that funds have been cashed out on any exchanges as of yet.
Last month, however, Regtech/blockchain forensics company Coinfirm reported that hackers actually processed a small amount of the Bitcoins stolen from Binance in May on the Binance exchange itself:
“Analysis of one of the mainchains used by the hacker in layering stolen funds shows that they were able to liquidate at least 1.8087 BTC (21,000.00 USD) on the following exchanges:
Bitfinex: 0,7934 BTC
Binance: 0,4294 BTC (emphasis added)
Bitmex: 0,0022 BTC
KuCoin: 0,0713 BTC
Kuna: 0,2482 BTC
Bitmarket: 0,2560 BTC
Crypterra: 0,0072 BTC
Bitcoin.de: 0,0007 BTC
WazirX: 0,0003 BTC”
Coingeek regards the laundering of about $5000 USD in Binance bitcoins by Binance as an indictment of that exchange’s anti-money laundering controls.