 Show Posts
|
|
Pages: [1] 2 »
|
|
On Sep 10 someone consolidated bitcoin from 829 addresses into address 32ZHZYwYATJj8jtoFvUQ9HEz7UoWnLgG5U then he moved the 45.5k BTC 540 times with 720 cash outs (total 1k BTC) at 26 exchanges and on Sep 14 he split the remaining 44.5 BTC again into 51 addresses. From the new addresses similar behavior continues.
This is a strange behavior. A smart money launderer would probably not co-spend 829 addresses. And a honest person likely would not do 540 transactions for cashing out because one typo or software error could move the $2bn unintentional as fee to a miner and he could have done this in one or two transactions.
What's your thought?
P.S:
This demonstrates how easy tracing bitcoin is and that a scammer has no reason to sleep well even not after years. As a first indicator for traceability one can use the Bitcoin privacy score of any BTC address, the lower the score the better your chances to find traces to exchanges where the scammers funds can be frozen.
|
|
|
|
There are major risks using central exchanges: - They might block withdrawal
- They get hacked and your deposits are gone
- Their client database is hacked or a corrupt employee sells it. Then it's sold in the darknet to local criminals which knock on your door to get your coins
- your coins are trackable, so this is a privacy concern
So decentral peer to peer exchanges might be the better choice: Your keys, your bitcoin! |
|
|
|
|
Use decentral exchanges (DEX) like bisq.network and deal only with signed accounts which have some months account age or with whom you dealt before. And better you do three trades with amount X instead of one trade with amount 3x. And accept the fiat payment only in case it's from the same person and account number as registered in the DEX. Otherwise return it immediately and don't release the coins.
Doing so you have no KYC and less risk to get involved into triangle scams where e.g.
A buys bitcoin from you for $ 500 and you give him your bank account number
A sells a washing machine at ebay to B for $500 and gives B your bank account number
B sends you $500 and you release the bitcoin
B then goes to bank and police because he never got the washing machine
Police comes to you because the first impression is you're the ebay fraudster
The outcome is you have $500 in bitcoin less, A has $500 in bitcoin more and for B it was just trouble but no money loss or gain.
But don't give up to get the bitcoin back from the fraudster. Check the "Bitcoin privacy score" of the scammers BTC address and if the score is low you have good chances to get the scammer traced to exchanges. If the score is high you need to be patient, usually it goes down over time when the scammer is doing more and more transactions.
|
|
|
|
|
The senders address could be faked. But what do they want from you. Is there a link in the email asking you to visit a webpage?
Why not logging into your binance account to see if there is as well a message. But don't klick on links in emails, please.
|
|
|
|
I don't think that's the reason and it won't help to make your BTC clean and actually if someone mine that blocks with that transaction it's randomly distributed to the miners(from pool to miners). They can not control this to give the fee to selected miners and only pool operators can manually select what transaction they want to include on the block but by default most pools automatically choose a transaction with a large transaction fee.
You don't need to broadcast your transaction. You can just inform the miner cooperating with you to add it to the next block. And the code is open source. It can be changed. |
|
|
|
|
Who decides about the fee amount for a bitcoin transaction? It's the sender alone, he might have delegated this decision to his wallet or provider. E.g. in BTC transaction 3ba0c9eaf3185898164518cda7e3433d1d2049188d737f2b2a7e188aaeb8b4de someone sent 0.01088549 BTC and paid a 2.66038352 BTC fee.
The standard explanation for this is that it was a senders mistake. But it could be as well money laundering. If the sender is the miner or a person dealing with the miner it could be that this fee close to $100k was paid by intention to convert bitcoin from criminal activity into miners coins which are usually seen as innocent virgin coins.
How to investigate this? If the transaction was not in the mempool of the most nodes or if the transaction wasn't in orphaned blocks at similar time then it's very suspicious that the fee was given to the miner by intention to launder the coins.
|
|
|
|
Thanks for all the additional information, it does seem highly unusual that someone would go through all that manual obfuscation only to link his final spend into an exchange (Binance, for that matter) with unspent outputs from the original. Suppose no one's immune from noob mistakes, probably did a sweep from the wrong wallet.
This was just one example. He did several mistakes. Moving the coins from address to address in long chains and then crossing the chains which isn't smart. And there are a lot of little side transactions to exchanges. This might come from the fear that higher amounts attract more attention. I think the idea is that nobody can follow this up in 200 steps depth in the blockchain because there are billions of paths. But I analysed patterns of these kinds of obfuscation behavior. They are totally different from a normal random transaction chain with 200 steps. |
|
|
|
A bit too lazy to look this up but couldn't you at least show some links or give us the address to look at? You'd have probably taken care to do this had this been your own findings, but then my first Google search didn't show anything about this, so assuming this is new and hasn't made it rounds to English-speaking channels yet. So come on, don't be shy. Share.
P.S. Make up your mind. Is this "hacker" stupid or cunning?
1A4PXZE5j8v7UuapYckq6fSegmY5i8uUyq is the BTC address where the hacker collected the stolen funds first. The findings are from myself. I think he is a cunning hacker but stupid in hiding his traces ;-) |
|
|
|
|
The cunning 307 BTC hacker of exchange Exmo is far from being able to escape undetected with the captured Bitcoin. Although the hacker tried to obfuscate the origin of bitcoin through hundreds of transfers, it is easy to prove that he deposited 15.7 BTC after 207 transactions on the Binance exchange on February 26, 2021. How is this possible?
Manually created BTC obfuscation transaction chains have a significantly different pattern than chains created by natural transactions in the blockchain. And the fraudster made the additional mistake of using the bitcoin in the 207th step together with other unspent outputs from the heist in a common transaction. The 207 obfuscation transactions were thus completely useless for the scammer, only the miners enjoyed the transaction fees.
This is just one of many mistakes the fraudster made. The next logical step for Exmo is to use the analysis results to freeze the fraudster's crypto assets on the involved exchanges.
|
|
|
|
Making a mistake is not always the result of laziness, it may simply become overwhelming at some point realistically speaking.
Or are you deeply into protocol and analytical stuff or just a hobby?
Yes, only once of 500 times at 3am in the night a little mistake and the privacy is weakened. It started as a hobby but in the meantime I do it professional. |
|
|
|
I see what you are saying and I know that companies like Chainalysis can go far beyond what many people think. But if you get your money into Monero and you send it a few steps ahead, maybe just divide it into a couple smaller transactions onto various Monero addresses, how are you going to identify the scammer? Isn't then the only way to crack Monero itself? I see why Bitcoin is relatively easy to trace even when mixers are used, but for as long as you are careful with hiding your IP and you are not unlucky using an infected TOR node, there is no way to really find you before any exit. Am I wrong?
If you have bitcoin on 10 addresses and you go with 6 of them into Monero with own Bitcoin and own Monero node via a decentral exchange and obfuscated IP and if you later on avoid co-spending any monero-ed address with one of the other 4 (including their children, grand children etc) then it's really difficult to trace you. But the weak point is that humans get lazy over time and the chance isn't low that you co-spend the wrong coins and then the obfuscations were a waste of time .... |
|
|
|
But if you use a coin switching service that doesn't require KYC and you switch into Monero and from the provided address send it to another Monero address, it's over. There is no single way in the world to trace down transactions on the Monero blockchain, at least not from what we know to date.
No. While you're right that highly sophisticated transaction and mixing protocols like Monero or (Coinjoin..)mixers cannot be traced directly it can be done in the most cases indirectly. Successful scammers have to manage earlier or later a high number of addresses. E.g. if someone is doing 500 transactions and is only once or twice co-spending the wrong coins (e.g. unmixed with mixed or monero-forth-back-exchanged coins) then the house of cards collapses often. I was able to link for this reason more than 20% of a Wasabi mixing transaction outputs to their inputs. If you think 20% is not so much then this was the success rate per single transaction. If people are doing hundreds of transactions then only a low % of scammers are able to stay untraceable over time. The scammer ripping off 307 BTC from Exmo exchange in December moved the coins for obfuscation reasons more than 300 times before he did a mistake by co-spending it with other coins. All the 300 transactions were finally a waste of time and fees. The scammers human brain thinks two or three steps deep but the analytics software goes much deeper. E.g. scammers which move the coins in long transaction chains use manually chosen transaction amounts. They have other patterns then natural transaction chains where A is trading with B and B is buying something for crypto from C. |
|
|
|
I think the Police worldwide are not really super advance to track the slander. Wallet address can simply be track once the owner is just like us a simple person. But it the owner is knowledgeable in crypto and know deeper than the Police. They cannot track and couldn't give justice to the victim. I hope one day there will have full protection not just for them but also for us who experienced hundreds of scams.
This is the good part for the victims. There is no hurry to catch the scammer immediately when cashing out. The blockchain data are written in stome and the analysis can even be done in years from now. A little mistake in one of 1000 transactions and the house of cards collapse for the scammer. |
|
|
|
It's extremely difficult to track the owner of a particular wallet. Even though it's not impossible. This difficulty in tracing can be amplified through the use of bitcoin mixers. That's the reason why cyber criminals around the world uses cryptocurrency only. Take example from the recent attack on an American pipeline.
There are many ways to cash out such illegally obtained bitcoins. They can use bitcoin mixers to hide the trail of bitcoins and the sell off in any p2p marketplaces. Bot all p2p marketplaces require kyc until you reach a certain volume. There are darknet markets are well. It's unfortunate that bitcoin is actually empowering these miscreants.
It's not so difficult but the police has no time and the victims think it's not possible so they don't try. Such a scammer is involved in thousands of transactions and only one little mistake and the analytics software will catch him. If not now then somewhere in future. So no scammer can sleep calm. The scammers brain may be think two or three steps deep in the blockchain but the software finds far deeper connections. Mixers and Monero forth and back might help but the scammers get lost in the high number of addresses to administrate and co-spend coins after mixing with other ones and the house of cards collapses. I was able to link more than 20% of a Wasabi Coinjoin transaction outputs to their inputs because of this users mistake. And this doesn't mean for 80% it works. It means if the scammer is doing 1000 transactions and fails on one then he will be caught earlier or later if the loss is not too low. |
|
|
|
They can make multiple account and withdraw less than 2 BTC from each account. Simple. And the police do have experts, they just don't fucking care.
Yes they could, but even then Binance is monitoring meta data like screen resolution, Operating and browser system and version etc. and would recognize it. In this specific case the scammer did transactions above the 2BTC limit however. |
|
|
|
He is not the brightest but also not the dumbest because the Binance limit with only email verification is 2 Bitcoin per day withdraw.The address has not received more than one bitcoin but even if it did,the guy using a fake email address can withdraw 2 Bitcoins every day and I think with today price 2 Bitcoin everyday is enough even for the hungriest money criminal in the world.We all know that is difficult to track Bitcoin transactions and this is already been discussed here with 0 people being arrested from the cloud mining scams that we all know about.
The scammer was often above the 2BTC threshold of binance, the deposit address is 1JsACYBoRCYkz7DSgyKurMyibbmHwcHbPd and here binance routed more than 16 BTC from this address into their cold wallet: https://www.blockchain.com/btc/tx/1a8bcc70904a76a09c06a62f9aa2c6ad3e2846bc1898db7a334e69485a87374f |
|
|
|
There are ways for those people to cash out without filling any KYC procedures like passport identification.
For example trading them for cash face to face under spot value to find buyers fast, in a location with no CC cameras.
They could also use btc mixers to obfuscate the coins.
In short, that money is permanently lost unless the thieves are exceptionally stupid and try to cash in at legal traders.
Theoretically you're right but the most could be caught becasue they do mistakes. They split the amount and move it around for obfuscation. They use mixers, exchange in monero forth and back etc. Successfull scammers have to manage a lot of addresses after a while and then earlier or later they start co-spending some of them. Even if they do it 500 times right one little mistake (co-spending a coin after mixing with coins before mixing) then the house of cards collapse. As said by far the most do earlier or later a mistake and then it's written in stone and cannot be taken out of the blockchain anymore. The reason why the police isn't catching them is because many people don't try it (under the assumption that it's not posssible) and because the police has not enough specialists to follow up. Btw with mixers. I did recently a check of a Coinjoin Wasabi mixer transaction where people were very carefully and mixed the coins three times in a row. Neverthless I could link more than 20% of the mixers output addresses with the inputs because the users did the mistake to co-spend mixed coins with other coins. 20% might sound not very promising but if you take into account that a person with 500 transaction can be caught if only one transaction was not carefully enough then it's a number where scammers should start sleeping bad. Even after years all evidences are available in the blockchain and the analytics software (from us btctester or from forensicsone or chainalysis or others) are getting better and better. The brain of a scammer might think two or three steps but the analytics software use sophisticated heuristics to find all addresses of the scammer and follows all paths of these addresses to see when it goes to an exchange. Mostly there are paths to exchanges because the scammers don't want to go with a hugh amount to an exchange.
I conclude that our police simply do not have enough experts to follow up on something like this.
And that's why Chainalysis is trying to take over the space of forensic blockchain analysis. I have nothing against using their methods to catch criminals and whatnot, but it appears that some of their 'investigations' aren't really connected into some criminal activities. They literally peer into any transaction that they find interesting and connect all the dots, somehow lessening the anonymity of those people involved in the said transaction. Police intelligence divisions aren't really well versed in the said area just yet, but contracting Chainalysis and other blockchain analysis companies for forensic analyses of crimes involving cryptocurrencies isn't really good either. It's all about likelihoods. So the analytics result is never 100% true, it might be 99% likely. And therefore many people will need analytics. E.g. if chainalysis sells their reports to the tax authorities and the tax authority comes to you accusing that you didn't pay all your bitcoin tax then you need to defense yourself if it's not true or only partly true. Then you need as well an expert statement saying the mentioned transactions could be have another meaning because it could be a payjoin transaction and the judge finally has to decide whether or not he'll deide against you if it's only 90% likely that the chainalysis report is saying the truth. The same could happen in criminal cases. I saw a lot of rubbish from analytics.
This is where the scammer collected the funds finallly: https://www.blockchain.com/btc/address/1JsACYBoRCYkz7DSgyKurMyibbmHwcHbPd. The 1GYNGZ... address he used successfully with about 10 victims but there are thousands others all ending up in the 1JsAC.... in total more than 4000 BTC. The scammer followed Satoshis advice not to use always the same address a bit. [moderator's note: consecutive posts merged] |
|
|
|
|
A sextortion victim received a mail to pay $1000 in bitcoin within 48h to address 1GYNGZLEUGkkQjHo19dHDnGE87WsAiGLLB otherwise, a captured intimate video of the victim is sent to all his email contacts. Can the extortionist be tracked down with only knowledge of the Bitcoin address? In this case the wanted person doesn't seem to be the brightest candle on the cake.
A free short analysis with our "Bitcoin privacy check" tool already shows the connection to a Binance client:. For less than $100 a report is available from forensicsone showing that the address sent funds to a binance deposit address.
But the amazing thing is that despite the naive approach, the extortionist was able to collect many millions of $ (more than 4,000 BTC) from thousands of people, even though Binance already demands KYC at 2 BTC and there were hundreds of criminal complaints at the police.
I conclude that our police simply do not have enough experts to follow up on something like this.
|
|
|
|
|
