The attackers received just over 400 payments, valued at $US121,000, according to Elliptic. The largest payment came from a Japan-based exchange, and totalled about $US42,000.
Soon after they were initially collected in the three accounts, the funds started moving around. About $US65,000 of the $US120,000 quickly moved to other bitcoin addresses, one of which has been active in the past and has transacted with a US exchange, Robinson said.
Of the amount moved, about $US60,000 was directed to a bitcoin address that has been active since May, Whitestream said. That address had interacted with Coinbase, the largest US crypto exchange, as well as payment processors BitPay and CoinPayments, Whitestream said. Coinbase declined to comment. BitPay and CoinPayments didn’t immediately return requests for comment.
The money that was initially collected in three bitcoin addresses has now been moved to 12 new addresses, according to Elliptic.
The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued an advisory Thursday saying crypto exchanges and other financial institutions should report any suspicious activities related to the hack as soon as possible. New York Governor Andrew Cuomo said the New York Department of Financial Services will investigate the incident, and, according to Reuters, the Federal Bureau of Investigation is also on the case.
Discovering the perpetrators could still take time and prove challenging.
“It depends on what they do next, it depends on how they try to cash out,” Robinson said. If they try to use a regulated exchange in the US, finding them will be easy. But if they try to cash out through one of the hundreds of small, unregulated exchanges, that could be harder, he said.
“They are obviously sophisticated in that they didn’t send these funds directly to an exchange to cash out,” Robinson said.
About a quarter of the funds the hackers acquired came from accounts tied to North America, and more than 50 per cent from accounts in Asia, according to Elliptic.
While bitcoin is supposed to be difficult to track, a number of tracing firms have sprung up to help law enforcement. Exchanges and other providers have begun collecting more information on their customers. So law-enforcement agencies have been able to track stolen bitcoins many times in the past.
Aside from prominent political and business leaders, the attacks also affected many crypto companies like the Gemini exchange. The hacked accounts promised to double the amount of money sent to their bitcoin address.
Coinbase has begun blocking its users’ payments sent to the hackers’ accounts. “We are essentially blacklisting addresses as we see them posted in the scam tweets,” said Elliott Suthers, a spokesman for Coinbase.
Gemini also blocked the attackers’ accounts, according to a Gemini spokesperson.
Another reason bitcoin is an attractive target for scammers is that it can be used worldwide. While bitcoin’s price dropped at the beginning of the COVID-19 pandemic, it has since recovered, and is up roughly 30 per cent since the beginning of the year.