Twitter Hacking Autopsy: Coinbase, Binance and BitGo may know hackers‘ identities

The hackers who carried out the mass Twitter hijacking on July 15 do not appear to be very sophisticated users of Bitcoin (BTC), as they left traces leading to and from the main exchanges that allegedly hold the keys to their identities.

More than $1.4 billion laundered this year has been moved to crypto currency exchanges.

Address bc1qxy summary

The Bitcoin address used by hackers to solicit illicit donations is:

bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh. A couple of hours after the event, the perpetrators started moving Bitcoin to other addresses. The trail of Bitcoin they are leaving behind suggests that they are not exactly very sophisticated when it comes to blockchain technology. They’re reusing the same addresses, they’re not covering their tracks to and from the exchanges enough. They’ve barely used any other methods that make tracking difficult.

Abra’s CEO agrees with Bitcoin’s role as digital gold
According to the chain of evidence we gathered, several important exchanges should be able to find the identities of the perpetrators.

Coinbase and BitMex

We will focus on one direction to a jump from the original:

1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF. This address received 14.76 BTC, most of it on July 15; however, the address was first activated on May 3. Approximately half of the BTC came from the original (bc1qxy), the rest was from various sources.

Some of the incoming Bitcoin came from the exchanges, Coinbase and BitMex. Two addresses were identified as belonging to Coinbase by Crystal Blockchain, 37p3PS1hKqzYhiVswbqN6nxbwyUoTZvf1E and 32V6a7K46pSb1XQNGdrmdE2wjgndVfJPet, are two jumps away from the second (1Ai52), the same address that received direct transactions from the original hacker’s address.

Whale Alert can no longer tweet due to Twitter’s anti-hacking measures
What appears to be a 10 BTC retreat at Coinbase occurred on the morning of July 15. A couple of hours later, 0.4 BTCs from the alleged Coinbase retreat ended up at 1Ai52U. Since this is not a direct route, there is a possibility that the coins will change hands in this interval. However, this seems very unlikely, considering that there are no major entities involved.

What appears to be a BitMex withdrawal from address 3BMEXqT4andGBFiVBeJFHF4Ak5PyhqTnidKP is three jumps away from address 1Ai52. On April 27, 14.18 BTC moved from that address, by May 3, they ended up at address 1Ai52U.