Investigation Reveals Individual Selling Stolen Cryptocurrency from Exchange Hacks at Discounted Prices

Blockchain Security Firm Uncovers Operation

Blockchain analytics investigators have uncovered an individual linked to a cryptocurrency laundering operation that is offering stolen tokens at discounted prices from recent high-profile exchange hacks. The investigation, conducted by blockchain security firm Match Systems, found evidence of an individual allegedly selling stolen cryptocurrency tokens via peer-to-peer transfers.

Identifying the Individual

Match Systems managed to identify and make contact with the individual on Telegram offering stolen assets. The team confirmed that the user was in control of an address containing over $6 million worth of cryptocurrencies after receiving a small transaction from the corresponding address. The exchange of stolen assets was then conducted through a specially created Telegram bot, which offered a 3% discount off the token’s market price.

Unstable Behavior and Location

The individual reportedly displayed "unstable" and "erratic" behavior during interactions and abruptly left conversations with excuses like "Sorry, I must go; my mom is calling me to dinner". The investigative team has narrowed down the individual's location to the European time zone based on screenshots and conversation timings.

Sale of Stolen Assets

The individual accepted Bitcoin (BTC) as a means of payment for the discounted stolen tokens and had previously sold $6 million worth of TRON (TRX) tokens. The latest offering from the Telegram user includes $50 million worth of TRX, Ether (ETH), and Binance Smart Chain (BSC) tokens.

Contrasting Identifiers

While cyber security firm CertiK previously outlined the movement of stolen funds from the Stake heist, Match Systems' analysis suggests that the CoinEx and Stake hacks had slightly different identifiers in methodology. The investigation also highlights that the recent hacks involved laundering funds in Commonwealth of Independent States (CIS) nations like Russia and Ukraine, which was not previously seen in Lazarus Group laundering efforts.

Pattern of Similarities

Despite the differences, there are still significant similarities between the recent hacks and previous Lazarus Group activities. The hackers have used BTC wallets as the primary repository for stolen assets, and they have utilized mixing protocols for token laundering.

Estimated Stolen Amount

Blockchain data suggests that North Korean hackers have stolen an estimated $47 million worth of cryptocurrency this year, including $42.5 million in BTC and $1.9 million in ETH