COS Development analysts thoroughly researched the recent breach of the Binance exchange and got curious results, as the exchange hack could be more than it seems. Vladimir Shutemov, founder of the SecurityTrust project and cybersecurity expert notes that “The behaviour of both intruders and the Binance management seems dubious and illogical”.
“We’ve analyzed the hack pattern along with the blockchain transactions and all addresses involved. And got the following”, – comments Alex Yurov, analysts and investigator of cybercrimes in the blockchain. The research with details below.
In the official statement, a total withdrawn sum of 7000 BTC from one account is mentioned. The stolen sum seems too round and convenient. Additional questions emerged when we knew that hackers left a solid leftover on the breached account. Why someone didn’t steal all bitcoins available. Wherein by the current time the compromised waller is still in active use.
Further blockchain research let us point another account possibly connected to the fraud. This time the amount of transfer was not so cozy – 74.19295031 BTC.
Why Binance representatives didn`t mention this wallet in the official statement as well? Our blockchain research uncovered all further transactions and funds movements, which lead us to 7 final wallets where all stolen bitcoins remain still by the time this article is written. All those chaotic transactions don`t make any sense as they completely are unable to hide anything.
Recently Binance and Elliptic announced the collaboration. Elliptic is just the company for cryptocurrency frauds investigations.
All of the above mentioned leads us to the following questions:
- Why Binance did not mention the second breached wallet?
- Why only round 7000 BTC were stolen and not the whole account?
- Why compromised addresses are still in use?
- Why hackers performed multiple transactions and microtransactions? What is the sense as it is impossible to cover anything such way?
- Why stolen funds remain still?
- What will be the reaction of Elliptic, as they investigate such cases?
Certainly, there will be a logical answer to each question. Each point separately seems accidental but all of them in complex seem very strange.
All we could do is to assume that the breach could be dubious. The very round sum was stolen, wherein not critical for the business. Intruders seem not tried hard to entangle the traces. Binance recently partnered with Elliptic. They will also use the SAFU fund to cover this incident in full.
The main question remains. Why it is done? Will we ever know?