During inspection of wallet where Cryptsy hacker stored BTCs obtained from selling stolen altcoins from Cryptsy I found one big anomaly.All input transactions from the first one on 18.Aug.2014 - 16.Oct.2014 came from 2 exchanges - BTC38 and BTER in proportion 80% from BTC38 and about 20% from BTER. Hacker wallet: https://www.walletexplorer.com/wallet/1356a64174770337In that time hacker wallet received 243 BTC ( 195 from BTC38 and 48 from BTER).What is interesting what stolen altcoin hacker could sell in such large amounts on BTC38. BTCD and XC have never been traded on BTC38 and LTC were not moved until 11.July.2015.I carefully studied sale records for all coins that were traded on BTC38 at that time and not at one could sustain such large selling without total crash except DOGE.Also I didnt find in sale records for other coins any huge sales on the days when transactions occured,except for DOGE. In total, when I compared price of DOGE on the date of exit BTC transactions occured, I calculate that hacker sold ~684 millions of DOGE in that time. Cryptsy DOGE wallet was not hacked for sure during hack,but from blockchain records in the time 5th-24th.Aug.2014 , 1.1 billions of DOGE were taken out from Cryptsy new cold wallet.After that there were no any takings till the mid of November 2014. Here is a list of hacker transactions: --------------------------------------- 18.Aug.2014 - 125M DOGE (28.735 BTC) 19.Aug - 78M DOGE (17.96 BTC) 24.Aug - 129M DOGE (30.91 BTC) 02.Sep - 111M DOGE (29 BTC) 04.Sep - 44M DOGE (14.48 BTC) 09.Sep - 54M DOGE (21.98 BTC) 19.Sep - 53M DOGE (36.71 BTC) 20.Sep - 15M DOGE (10.4 BTC) 10.Oct - 11M DOGE (8.33 BTC) 14 Oct - 15M DOGE (11 BTC) 16.Oct - 18M DOGE (12.54 BTC) 17.Oct - 31M DOGE (20.98 BTC) -------------------------------------- Total : 243 BTC ~ 684M DOGE DOGE output transactions from Cryptsy DOGE cold wallet: -------------------------------------------------------- 05.Aug.2014 ---------------- 200M DOGE - d3ec0259128d2d58535b700c321bf39368300952cca4c881d1ad1536215bdf3c 200M DOGE - 1c084f18eacb716650fcfd616143de2dd259cfae48a0047de901c7b8446f17ba 100M DOGE - b054d95410d83f5dcb5f2b2193308b995005ad5fb76aaf6c0f8060085a2c3bca 12.Aug.2014 -------------- 200M DOGE - 1e87cbfd0d613b6acd6383b6eec40ab8a12ddafbc56f4a0f1af5034f51afeef6 200M DOGE - 424245f1372b6be2b720ea68020bebb84187d9784d7ffb8775e3fe6032eb5271 20.Aug.2014 ------------ 100M DOGE - 544452f86bc08be04a8a4470e4bd7dc169a197d447b9485bf467f5962b3effe8 24.Aug.2014 ------------ 100M DOGE - ffd5534688bb331c3a7dbce6db39302bb75c98781d026b8fa85a9a304a3f277a So, hacker was selling Cryptsy DOGEs which was not part of hack from 29.July.2014.So this hacker stole our alt convert it to doge and then transfer Or he stole much earlier this and they didnt do anything about it Main is that all lost coins and someone gain them No,hacker first converted DOGE to BTC(BTC38 and BTER), then BTCD and XC (Bittrex and BTER) and finally from 11.July.2015 LTC to BTC(BTC-e and BTC38-major selling of LTC) After that hacker used(and still using) Bitmixer.Io to laundry BTCs - he has already put 1730 BTCs into the mixer and rest of them - 2959 BTCs are still in his wallet.
|
|
|
During inspection of wallet where Cryptsy hacker stored BTCs obtained from selling stolen altcoins from Cryptsy I found one big anomaly.All input transactions from the first one on 18.Aug.2014 - 16.Oct.2014 came from 2 exchanges - BTC38 and BTER in proportion 80% from BTC38 and about 20% from BTER. Hacker wallet: https://www.walletexplorer.com/wallet/1356a64174770337In that time hacker wallet received 243 BTC ( 195 from BTC38 and 48 from BTER).What is interesting what stolen altcoin hacker could sell in such large amounts on BTC38. BTCD and XC have never been traded on BTC38 and LTC were not moved until 11.July.2015.I carefully studied sale records for all coins that were traded on BTC38 at that time and not at one could sustain such large selling without total crash except DOGE.Also I didnt find in sale records for other coins any huge sales on the days when transactions occured,except for DOGE. In total, when I compared price of DOGE on the date of exit BTC transactions occured, I calculate that hacker sold ~684 millions of DOGE in that time. Cryptsy DOGE wallet was not hacked for sure during hack,but from blockchain records in the time 5th-24th.Aug.2014 , 1.1 billions of DOGE were taken out from Cryptsy new cold wallet.After that there were no any takings till the mid of November 2014. Here is a list of hacker transactions: --------------------------------------- 18.Aug.2014 - 125M DOGE (28.735 BTC) 19.Aug - 78M DOGE (17.96 BTC) 24.Aug - 129M DOGE (30.91 BTC) 02.Sep - 111M DOGE (29 BTC) 04.Sep - 44M DOGE (14.48 BTC) 09.Sep - 54M DOGE (21.98 BTC) 19.Sep - 53M DOGE (36.71 BTC) 20.Sep - 15M DOGE (10.4 BTC) 10.Oct - 11M DOGE (8.33 BTC) 14 Oct - 15M DOGE (11 BTC) 16.Oct - 18M DOGE (12.54 BTC) 17.Oct - 31M DOGE (20.98 BTC) -------------------------------------- Total : 243 BTC ~ 684M DOGE DOGE output transactions from Cryptsy DOGE cold wallet: -------------------------------------------------------- 05.Aug.2014 ---------------- 200M DOGE - d3ec0259128d2d58535b700c321bf39368300952cca4c881d1ad1536215bdf3c 200M DOGE - 1c084f18eacb716650fcfd616143de2dd259cfae48a0047de901c7b8446f17ba 100M DOGE - b054d95410d83f5dcb5f2b2193308b995005ad5fb76aaf6c0f8060085a2c3bca 12.Aug.2014 -------------- 200M DOGE - 1e87cbfd0d613b6acd6383b6eec40ab8a12ddafbc56f4a0f1af5034f51afeef6 200M DOGE - 424245f1372b6be2b720ea68020bebb84187d9784d7ffb8775e3fe6032eb5271 20.Aug.2014 ------------ 100M DOGE - 544452f86bc08be04a8a4470e4bd7dc169a197d447b9485bf467f5962b3effe8 24.Aug.2014 ------------ 100M DOGE - ffd5534688bb331c3a7dbce6db39302bb75c98781d026b8fa85a9a304a3f277a So, hacker was selling Cryptsy DOGEs which was not part of hack from 29.July.2014.
|
|
|
Receivership found that not just house,but Lorie Nettles QX80($82000) was paid by Cryptsy funds.What about QX60, Vernon got by divorce agreement? It will be great if receivership post Coinbase and Bittrex addresses of Cryptsy funds.
|
|
|
Ohh gleb was pull him here
Yes,Gleb pm me that he pm Burt about mine findings.
|
|
|
Things are now much clearer.Hacker used (and still using) Bitmixer.Io to laundry his BTCs.In first transactions he didnt use TOR,but in last days transactions mixer TOR network is used for every single transaction.That explains same TOR exit nodes over and over.
Only in first tranasaction to Bitmixer.io there were no splitting and mixing of hacker coins(not even mixer deposit address),so it can be lended BTCs.In all other transactions to mixer coins were splitting and mixed in regular mixer procedure.
From 4-6th.May, hacker sent 560 BTCs to Bitmixer.io.That was a lot of BTCs and mixer used not just their 2000 BTC reserve,but like other mixers,they are using big BTC exchanges(OKCoin,Huobi and Bitfinex) for laundering such a lot of BTCs.
|
|
|
Burt,thanks a lot for your clarification !
Whole thing is now much more clearer.
It seems that mixer you used - Bitmixer.io did something very unusual in this case - in your exit transactions, as a part of it, they sent you totally unmixed coins,directly taken from Cryptsy hacker wallet. There was no even mixer deposit address for Cryptsy hacker coins,nothing.
They did not mix or split them,they were just taken from Cryptsy hacker wallet and put them in Burt exit transaction.
How they can explain that? Are they have some direct agreement with Cryptsy hacker ?
From analysis of other output transactions,it seems that Cryptsy hacker used Bitmixer.Io for almost all output transactions(every mixer has a specific culprit),not just for this one with Burt.
Again,Burt thank you for your valuable informations!
|
|
|
As everyone knows I am a long time supporter, enthusiast and activist of Bitcoin. As I have repeatedly stated (check my post history) I personally believe the single largest threat to the entire concept of Bitcoin would be the loss of the fungible nature of Bitcoin. Loss of the fungible nature of Bitcoin would demote it from a "money like" thing to a collectible thing. The difference is that a collectible must be appraised and graded by a "trusted third party" in order to determine its value (think diamonds for example). This would totally destroy Bitcoin and is the most likely path anyone who wanted to destroy it would take. I am not one to just sit back and do nothing when it comes to my ideals and beliefs. Therefore believing that periodic mixing of coins is one sure fire way to ensure the long term viability of Bitcoin I periodically run my coins through a mixing service. On the day in question I sent about 105 BTC through a mixer and got back about 100 that were totally unrelated to the 105 BTC I sent into the mixer. As you have found out from your extensive research some or all of those 100 BTC came from the entity you were tracking. They simply put them into the mixer at about the same time as I put my into the mixer. Good news: The BTC you are tracking are now in the possession of the Federal government here: https://blockchain.info/address/1Eu38i1DkRAPAJhSqbseVroJDpMRfJbAx3Thanks for your quick answer.You have valuable informations which can identify Cryptsy hacker,so your help would be much appreciated. You are right,some of Cryptsy hacker BTCs are really now in federal possesion,but let that put apart and concentrate on how these BTCs got to you. You said that on that 27th.Aug.2014 you put about 105 BTC in mixer and got back 100 BTC unrelated to these ones you put in mixer.I carefully look at that 100 BTC input transaction I can say they were not in any mixer.I know how mixers are tumbling and splitting BTCs ,but this one was direct transaction to your wallet. Cryptsy hacker moved his 28.7359 BTCs on 18.Aug.2014 from his wallet to wallet from which you directly got 100 BTCs.If he likes you put them in the same mixer,mixer would split his coins in many small pieces and tumble them many times with other coins before exit.But these BTC were no splitted or tumbled at all,just removed from one to the other wallet. Hacker transation: https://www.walletexplorer.com/txid/22947bd79b21b9afd85f15cb2941c994a070f99440bb45ac1002409ef19e5015Maybe you think on some others transactions on that day ? - because you have numerous input transactions in your stache(or cold) wallet on same days - 27th and 28th.August.2014 - wallet federal agents seized with 800 BTC in it(mark red) : https://www.walletexplorer.com/wallet/1171b3f241b86bacOnly last one input transaction of 100 BTCs(which came from yours personal wallet and contains hacker 28.7359 BTC in it) was made on other date - 1st.Oct.2014 (mark purple),but even that one came in your personal wallet on 27th.Aug.2014 When I look at other input transactions to your big 800 BTC wallet,I see striking resemblance with the wallet from which you got 100 BTCs and with hackers 28.7359 in it: Compare wallet where hacker 28.7359 were(first input transaction): https://www.walletexplorer.com/wallet/00751a63ec1b72e0and others which filled your big wallet: https://www.walletexplorer.com/wallet/03647a46a057c5b3
https://www.walletexplorer.com/wallet/04c6fc3ece11c8e5
https://www.walletexplorer.com/wallet/02d11321be0650b2
https://www.walletexplorer.com/wallet/04f68e5293356453
they were all formed at the same time(18-20.Aug.2014) like 100 BTC wallet and moved BTCs in close to 100 BTC batches to your big wallet There were no mixers - if you look at one of these wallets : https://www.walletexplorer.com/wallet/02d11321be0650b2you will see, it sent 2 transaction to your big wallet in 2 days - no mixers work like that: So it is essential that you remember from who you bought these 28.7359 BTCs on 18th.August.2014. That was direct input in your wallet,no mixing.
Maybe some of other inputs to this your wallet ( https://www.walletexplorer.com/wallet/00751a63ec1b72e0 )passed through some sort of mixing(most of them are BTC-e output),but Iam 100% sure that this is not case with first input of 28.7359 BTCs
|
|
|
OKCoin address 1NLCnAtWijTNoZG97uPAXVjMRA4HJzHkzH got 60.89 BTCs from Cryptsy hacker.OKCoin is mixing coins,so when you withdraw you get someone other coins.These coins from OKCoin went to Huobi and then to Bitfinex,but I dont believe they belong to same person.
Important thing is that OKCoin in entering point.
|
|
|
Bitebi9 is online again,though reduced from 5 to 2 servers and daily volume of $0.8 Just look at Bitebi 9 security page about their organization: " Employees must pass a criminal background check as part of the hiring process. We use separate two factor authentication for admin level services. " https://www.bitebi9.com/pages/security
|
|
|
In that case keep an eye on the exchanges that swap BTC to USD. All you need is one amount to match that movement into an exchange that does BTC USD to know where he is hiding his money. I doubt his lawyer is accepting BTC payment or doing conversions for him. Or his clever enough to think to move btc to cny to usd or any other mix.
He cash out till now probably all BTCs taken after Cryptsy theft. 6000 BTC for the house and SUVs,764 BTC for Bitebi9 opening,few thousands for salaries of Cryptsy employees and various exchange expenses,he paid his wife lawyers during divorce lawsuit and tax for big house. Dont forget he tried to move and sell UNOs in April,just 2 days before receivership.These Unos were worth ~ 50.000 dollars Bitebi9 brought to him only expenses,he gave all his assets and bank accounts in US to his former wife.Now he must pay alimony,his lawyer,Chinese lover, ... just expenses and no incomes. Bitebi9 closure is just one example that he is in serious cash shortage.He took 43 BTCs from Bitebi9 wallet,so if he is a hacker he has no choice but to take BTCs from stolen altcoins,because BTCs from Cryptsy cold wallet are too hot.Hacker does not use mixers,because he is afraid that they will steal BTCs from him and if he put them directly on exchanges they will seize them.
|
|
|
Cryptsy "hacker" made big move yesterday.
In multiple transactions he moved 463 BTC ~ 208.000 dollars from the wallet where are BTCs obtained from selling altcoins.He is constantly using TOR with exit node on IP 185.38.14.215
He is not moving BTCs on exchanges,but sending them in small amounts on multiple single addresses(every address got only 1 input transaction) trying to shake off and confuse blockchain investigators.Obviously he thinks that will be much harder to monitor so many addresses,but because they have same point of origin, it is not nearly as hard as he thinks.
Are you writing the FBI's guide to tracking cryptocurrency movements? No,that guide is for mine eyes only.
|
|
|
Cryptsy "hacker" made big move yesterday.
In multiple transactions he moved 463 BTC ~ 208.000 dollars from the wallet where are BTCs obtained from selling altcoins.He is constantly using TOR with exit node on IP 185.38.14.215
He is not moving BTCs on exchanges,but sending them in small amounts on multiple single addresses(every address got only 1 input transaction) trying to shake off and confuse blockchain investigators.Obviously he thinks that will be much harder to monitor so many addresses,but because they have same point of origin, it is not nearly as hard as he thinks.
Timing is suspicious - btc migrating - Bitebi9 migrating all connected through one big vern any way to monitor bitebi9 wallets and see if transactions in ultimately add up to sum of those moving out from the stolen funds? Bitebi9 BTC wallet is virtually dead.He took all of BTCs from it on 13th.April - 43.41 BTC and sent them to BTCC China to sell Last transaction was on 26th April and now there is 4.5 BTC in it: https://www.walletexplorer.com/wallet/00abfb6d632bc9b7He has alimony expenses plus he hired the best lawyer for scam cases in Florida and Iam sure it cost a lot.Would be interesting if he is paying his former wife lawyers,because she is accused too.
|
|
|
Cryptsy "hacker" made big move yesterday.
In multiple transactions he moved 463 BTC ~ 208.000 dollars from the wallet where are BTCs obtained from selling altcoins.He is constantly using TOR with exit node on IP 185.38.14.215
He is not moving BTCs on exchanges,but sending them in small amounts on multiple single addresses(every address got only 1 input transaction) trying to shake off and confuse blockchain investigators.Obviously he thinks that will be much harder to monitor so many addresses,but because they have same point of origin, it is not nearly as hard as he thinks.
|
|
|
I was staying out of this for a while to keep my head (and the thread) cleaner... but I just had to chime in... Anyone been to www.bitebi9.com today? LOLOLOLOLOLOL Looks like the craptsy crew screwed the Chinese customers over too! Lol yap it gone or he kidnap hahahahahaha As I see Bitebi9 changed provider and goes to HICHINA.They previously used 5 servers,now only 2. Liu Xiuxia is still registrant,but site is inactive. http://www.whoismind.com/whois/bitebi9.com.html do you think they come back It looks like they are moving site on new servers,but it is suspicious they did not put any information on index page or on Twitter. We will see for few days.
|
|
|
I was staying out of this for a while to keep my head (and the thread) cleaner... but I just had to chime in... Anyone been to www.bitebi9.com today? LOLOLOLOLOLOL Looks like the craptsy crew screwed the Chinese customers over too! Lol yap it gone or he kidnap hahahahahaha As I see Bitebi9 changed provider and goes to HICHINA.They previously used 5 servers,now only 2. Liu Xiuxia is still registrant,but site is inactive. http://www.whoismind.com/whois/bitebi9.com.html
|
|
|
ALERT!!!BTCs obtained from "hacker" selling altcoins are in the move.
4 transactions(24 BTCs) came out yesterdayFourth(last) transaction came out of Belize"Hacker" used Tor ,but I sucessfully found his Bitcoin network exit nodes in Nederland 185.38.14.215 and more important 62.45.122.228 Coins are moved to address 1NHu8rMmMPezBX3uQEjtSCtFLRrVtGQYnnhttps://www.walletexplorer.com/wallet/fa618e6ed487073a?from_address=1NHu8rMmMPezBX3uQEjtSCtFLRrVtGQYnnAll points that "hacker" has moved BTCs to his wallets in Nederland (Cryptsy servers were too in Nederland) Are these the hacker coins from that address paul posted i.e. the fabled 13,000 stash? If not and its cryptsy coins is it possible that the receivers now have proper control and are moving? These BTCs are from wallet where hacker put BTCs he obtained from selling stolen altcoins of Cryptsy on different exchanges. Last transactions he made yesterday - he used TOR trying to conceal them,but in fact just by following blockchain txs you can find exit nodes.Cant conceal blockchain. All his exit nodes were in Nederland. One more detail - I carefully studied how he transmitted transactions and Iam sure it is not ordinary desktop BTC wallet,but specialized version used by exchanges,but it is not multisignature. Well done. What makes you think its not an ordinary desktop BTC wallet? I assume it the frequency and split of the transactions which makes it program like nature on the movements. I.e. time delays exact split amounts etc. We all know its paul vernon or someone in cryptsy that did the stealing. What i can't for the life of me understand is why are they moving the altcoin sell funds and not the stolen btc funds. Those just don't move but its the biggest cash cow. Its defying logic. Is he hoping he can move sold altcoins and nobody will notice? If those btc go to a china exchange its almost definite that its paul. No other reason. I wonder if these findings can be submitted to an exchange alliance to prevent any acceptance of the coins or freeze them when they come in. The way how hacker BTC wallet is automatically branching transactions is the same I saw at Cryptsy, Bittrex,BTC-e. Withdrawal requests are grouping and transmitting one by one in each new mined block. Why hacker did not move stolen BTCs first? Good question. Unlikely to the other hackers,this hacker does not trust Bitcoin mixers,but was absolutely convinced that is perfectly safe to sell stolen altcoins sending them directly to the exchanges for almost a year.He was right,nobody from Cryptsy did not react and stop him. He does not want to use mixers and probably he is not sure that BTC exchanges wont take his Bitcoins if he try to move them from huge stash,so he moves BTCs obtained from selling altcoins. From monitoring his transactions,he uses TOR(which is useless for this purpose), splitting and sending BTCs in small amount to his numerous BTC wallets on different servers,mimicking mixers.From there he puts them in different sites for one more mixing round.Intersetingly,all his TOR exit nodes are in Nederland. I performed one more thing.I did temporal analysis of his wallet.Through monitoring the time he did transactions,it can be easily viewed in what time zone he is,when he sleeps,works.All point that he lives in East Coast of US. Today he took additional 10 BTCs, 35 BTCs for 2 days ~ $15500 or 6 months Vern alimony. Dissapearing of Bitebi9 and starting moving BTCs at the same time? - maybe it is not coincedence at all - Vern is trying to cut expenses,cash shortage,plus he is paying best lawyer in Florida for scam cases and it is not cheap for sure.
|
|
|
ALERT!!!BTCs obtained from "hacker" selling altcoins are in the move.
4 transactions(24 BTCs) came out yesterdayFourth(last) transaction came out of Belize"Hacker" used Tor ,but I sucessfully found his Bitcoin network exit nodes in Nederland 185.38.14.215 and more important 62.45.122.228 Coins are moved to address 1NHu8rMmMPezBX3uQEjtSCtFLRrVtGQYnnhttps://www.walletexplorer.com/wallet/fa618e6ed487073a?from_address=1NHu8rMmMPezBX3uQEjtSCtFLRrVtGQYnnAll points that "hacker" has moved BTCs to his wallets in Nederland (Cryptsy servers were too in Nederland) Are these the hacker coins from that address paul posted i.e. the fabled 13,000 stash? If not and its cryptsy coins is it possible that the receivers now have proper control and are moving? These BTCs are from wallet where hacker put BTCs he obtained from selling stolen altcoins of Cryptsy on different exchanges. Last transactions he made yesterday - he used TOR trying to conceal them,but in fact just by following blockchain txs you can find exit nodes.Cant conceal blockchain. All his exit nodes were in Nederland. One more detail - I carefully studied how he transmitted transactions and Iam sure it is not ordinary desktop BTC wallet,but specialized version used by exchanges,but it is not multisignature.
|
|
|
ALERT!!!BTCs obtained from "hacker" selling altcoins are in the move.
4 transactions(24 BTCs) came out yesterdayFourth(last) transaction came out of Belize"Hacker" used Tor ,but I sucessfully found his Bitcoin network exit nodes in Nederland 185.38.14.215 and more important 62.45.122.228 Coins are moved to address 1NHu8rMmMPezBX3uQEjtSCtFLRrVtGQYnnhttps://www.walletexplorer.com/wallet/fa618e6ed487073a?from_address=1NHu8rMmMPezBX3uQEjtSCtFLRrVtGQYnnAll points that "hacker" has moved BTCs to his wallets in Nederland (Cryptsy servers were too in Nederland)
|
|
|
|