1. Home
  2. investigators

investigators

Exclusive: Hackers selling discounted tokens linked to CoinEx, Stake hacks

Blockchain analytics firm Match Systems has made contact with an individual who is believed to be selling tokens linked to the recent CoinEx and Stake hacks at discounted prices.

Blockchain analytics investigators have uncovered an individual linked to a cryptocurrency laundering operation that is offering stolen tokens at discounted prices from recent high-profile exchange hacks.

Speaking exclusively to Cointelegraph, a representative from blockchain security firm Match Systems outlined how investigations into several major breaches featuring similar methods through the summer months of 2023 have pointed to an individual who is allegedly selling stolen cryptocurrency tokens via peer-to-peer transfers.

Related: CoinEx hack: Compromised private keys led to $70M theft

The investigators managed to identify and make contact with an individual on Telegram offering stolen assets. The team confirmed that the user was in control of an address containing over $6 million worth of cryptocurrencies after receiving a small transaction from the corresponding address.

A message from the seller advertising stolen tokens being linked to CoinEx and Stake hacks. Source: Match Systems

The exchange of stolen assets was then conducted through a specially created Telegram bot, which offered a 3% discount off the token’s market price. Following initial conversations, the owner of the address reported that the initial assets on offer had been sold and that new tokens would be available some three weeks later:

“Maintaining our contact, this individual notified us about the commencement of new asset sales. Based on the available information, it is logical to assume that these are funds from CoinEx or Stake companies.”

The Match Systems team has not been able to fully identify the individual but has narrowed down their location to the European time zone based on several screenshots they had received and timings of conversations:

“We believe he is not part of the core team but is associated with them, possibly having been de-anonymized as a guarantee that he will not misuse the delegated assets.”

The individual also reportedly displayed "unstable" and "erratic" behavior during various interactions, abruptly leaving conversations with excuses like "Sorry, I must go; my mom is calling me to dinner”.

"Typically, he offers a 3% discount. Previously, when we first identified him, he would send 3.14 TRX as a form of proof to potential clients.”

Match Systems told Cointelegraph that the individual accepted Bitcoin (BTC) as a means of payment for the discounted stolen tokens and had previously sold $6 million worth of TRON (TRX) tokens. The latest offering from the Telegram user has listed $50 million worth of TRX, Ether (ETH) and Binance Smart Chain (BSC) tokens.

Blockchain security firm CertiK previously outlined the movement of stolen funds from the Stake heist in correspondence with Cointelegraph, with around $4.8 million of the total $41 million being laundered through various token movements and cross-chain swaps.

FBI later identified North Korean Lazarus Group hackers as the culprits of the Stake attack, while cyber security firm SlowMist also linked the $55 million CoinEx hack to the North Korean group. 

This is in slight contrast to information obtained by Cointelegraph from Match Systems which suggests that the perpetrators of the CoinEx and Stake hacks had slightly different identifiers in methodology.

Their analysis highlights that previous Lazarus Group laundering efforts did not involve Commonwealth of Independent States (CIS) nations like Russia and Ukraine while the 2023 summer hacks saw stolen funds being actively laundered in these jurisdictions.

Related: Stake hack of $41M was performed by North Korean group: FBI

Lazarus hackers left minimal digital footprints behind while recent incidents have left plenty of breadcrumbs for investigators. Social engineering has also been identified as a key attack vector in the summer hacks while Lazarus Group targeted “mathematical vulnerabilities”.

Lastly the firm notes that Lazarus hackers typically used Tornado Cash to launder stolen cryptocurrency while recent incidents have seen funds mixed through protocols like Sinbad and Wasabi. Key similarities are still significant. All these hacks have used BTC wallets as the primary repository for stolen assets as well as the Avalanche Bridge and mixers for token laundering.

Blockchain data reviewed at the end of Sept. 2023 suggests that North Korean hackers have stolen an estimated $47 million worth of cryptocurrency this year, including $42.5 million in BTC and $1.9 million ETH.

Magazine: Blockchain detectives: Mt. Gox collapse saw birth of Chainalysis

‘One of the Most Powerful Patterns in All of Crypto’: Raoul Pal Says Ethereum Signaling Very Big Move Ahead

Ukraine, US Shut Down 9 Cryptocurrency Exchanges

Ukraine, US Shut Down 9 Cryptocurrency ExchangesSupported by U.S. law enforcement, police in Ukraine have disrupted a network of crypto exchange services suspected of laundering criminal proceeds. The platforms were allegedly processing dirty money obtained from ransomware attacks and various fraud schemes. Cyberpolice, US Investigators Bust Crypto Exchanges in Ukraine Officers from Ukraine’s Cyberpolice unit and Main Investigative Department, working with […]

‘One of the Most Powerful Patterns in All of Crypto’: Raoul Pal Says Ethereum Signaling Very Big Move Ahead

Russian Law Enforcement Prepares to Seize Crypto Assets, Seeks Permission to Set Up Wallets

Russian Law Enforcement Prepares to Seize Crypto Assets, Seeks Permission to Set Up WalletsRussian investigators are pressing the parliament and government in Moscow for permission to open their own cryptocurrency wallets. This would allow law enforcement agencies to seize digital assets during criminal cases and eventually sell them, something that authorities in the United States and Europe already do. Russian Prosecutors Lobby for Powers to Confiscate and Auction […]

‘One of the Most Powerful Patterns in All of Crypto’: Raoul Pal Says Ethereum Signaling Very Big Move Ahead

Report: DOJ and FBI Investigating Terraform Labs in Connection to Algorithmic Stablecoin Collapse

Report: DOJ and FBI Investigating Terraform Labs in Connection to Algorithmic Stablecoin CollapseThe Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) are reportedly investigating the collapse of the algorithmic stablecoin terra usd (UST) and the firm Terraform Labs. Unnamed sources say that former staff members from Terraform Labs, the company behind the Terra blockchain project, have been questioned by U.S. law enforcement. Unusual Relationship: […]

‘One of the Most Powerful Patterns in All of Crypto’: Raoul Pal Says Ethereum Signaling Very Big Move Ahead

Government Agencies Need Crypto Wallets and Access to Exchanges, Russian Prosecutors Say

Government Agencies Need Crypto Wallets and Access to Exchanges, Russian Prosecutors SayRussian authorities are finding it hard to cash out digital assets they have gotten hold of, prosecutors have warned. They have also urged the government to recognize cryptocurrency as property, allow departments to have digital wallets and use crypto exchanges. Prosecutor’s Office Insists Russian Investigators Should Have Cryptocurrency Wallets Russian prosecutors are convinced that investigative […]

‘One of the Most Powerful Patterns in All of Crypto’: Raoul Pal Says Ethereum Signaling Very Big Move Ahead

Alameda Research CEO Caroline Ellison Reportedly Spotted at a Coffee Shop in Manhattan With FTX Dog ‘Gopher’

Alameda Research CEO Caroline Ellison Reportedly Spotted at a Coffee Shop in Manhattan With FTX Dog ‘Gopher’On Dec. 4, 2022, the Twitter account and citizen journalist called Autism Capital shared two pictures of a woman that closely resembles the Alameda Research CEO, Caroline Ellison. The pictures were taken at a coffee and sandwich shop in Manhattan at 8:15 a.m. (ET). Citizen Journalist Reportedly Spots Alameda’s Caroline Ellison in New York According […]

‘One of the Most Powerful Patterns in All of Crypto’: Raoul Pal Says Ethereum Signaling Very Big Move Ahead

Crypto Influencer Bitboy Flies to the Bahamas to Question Former FTX Exec Sam Bankman-Fried

Crypto Influencer Bitboy Flies to the Bahamas to Question Former FTX Exec Sam Bankman-FriedIt’s been 16 days since FTX filed for Chapter 11 bankruptcy protection in the U.S. and the former FTX CEO Sam Bankman-Fried (SBF) is allegedly still hunkering down at his seaside resort in the Bahamas. This weekend, the Youtuber known as Bitboy decided to fly down to Nassau in order to question SBF about the […]

‘One of the Most Powerful Patterns in All of Crypto’: Raoul Pal Says Ethereum Signaling Very Big Move Ahead

Ukraine’s Cyberpolice Expose Members of Crypto Fraud Scheme Making €200 Million a Year

Ukraine’s Cyberpolice Expose Members of Crypto Fraud Scheme Making €200 Million a YearA report shows Ukrainian Cyberpolice identified members of a group that defrauded people around the world through fake crypto investment offers. The criminal organization maintained offices and customer service centers with thousands of employees in a number of European countries. Cyberpolice Department Busts Ukrainian Arm of International Financial Fraud Scheme The cybercrime combatting unit of […]

‘One of the Most Powerful Patterns in All of Crypto’: Raoul Pal Says Ethereum Signaling Very Big Move Ahead

Report: South Korean Prosecutors Accuse Do Kwon of Manipulating LUNA’s Market Price

Report: South Korean Prosecutors Accuse Do Kwon of Manipulating LUNA’s Market PriceOn Thursday, Nov. 3, 2022, local reports from South Korea disclosed that Korean prosecutors have allegedly discovered evidence that shows Do Kwon and an associate manipulated the price of LUNA, Terra’s native crypto token. The report further says South Korean prosecutors believe Kwon is hiding out in Europe. Local Report Claims South Korean Prosecutors Have […]

‘One of the Most Powerful Patterns in All of Crypto’: Raoul Pal Says Ethereum Signaling Very Big Move Ahead

Europol Sees Tools to Tackle Crime in Cryptocurrency and Blockchain Technologies

Europol Sees Tools to Tackle Crime in Cryptocurrency and Blockchain TechnologiesAbuse expands with use in the case of cryptocurrency, Europol has acknowledged while also noting that blockchain technologies offer authorities a new opportunity to fight crime. Europe’s law enforcement agency also says they can help investigate money laundering networks. Understanding Cryptocurrencies Is Vital to Tackling Organized Crime, Europol Says The growing use of cryptocurrency across […]

‘One of the Most Powerful Patterns in All of Crypto’: Raoul Pal Says Ethereum Signaling Very Big Move Ahead