Part of the funds stolen yesterday as part of a Twitter scam and hack involving several high profile Twitter accounts including Elon Musk, Barack Obama, Justin Sun, Binance, Coinbase and more has been observed moving in what appears to be a change address possibly linked to the hack points to KYC likely held by Binance. This is a small amount of the split $7007 that was moved through transaction ID but represents a trail that could be used to unmask the hackers identity: ca8a6ac971b25d34598b4c241e51b80982f11229bccd6b9fd24a96bc41062986.
The remaining funds from this split are being held in addresses 37jiyhZ1xe8pQn8zfQg55x4cmKPUHfSrV4, 3JkFd23hsNqTACyaPL7EtNTegY6s23voA4, and bc1qy53m65dz7c472dtrgs2snp724asvpcnf6pwy8m at this time.
We have seen on many occasions the change address is a point of failure for hackers and appears in this instance that the hackers may have made a fatal error in hiding their trail.
Screen capture of QLUE, Blockchain Intelligence Group’s (BIG) Visual Forensics Platform.
Significant funds are moving to known exchanges.
Blockchain Intelligence Group (BIG) will continue to investigate and monitor for movement of funds.
Please contact Robert Whittaker at [email protected] and +1 778 819 1257 for more information.
