Bitcoin Researchers Trace a 2015 Hack to Coinbase and Poloniex Wallets

CryptoCurrency Scam

In 2015, a Reddit user offered a bounty of 50% of a 445 BTC hack from this personal computer back. Sitting idle for nearly 2 years after the attack, the Bitcoins were moved via CoinJoin (a mixer) to probably an exchange. The user who issued the bounty tweeted in 2017,

Those BTC were left sitting for roughly 1.5 year, until a few weeks ago when the thieves found out how nice bitcoin mixers are, and started to mix them, leaving back (to our limited knowledge) nearly no traces.

 

The case is filled with the police and due to Bitcoin’s property status, any comprehensive forensics proof, validated by experts can build a strong case in the court. Now, researchers Ergo BTC (alias) and Lauren MT with OXT Research has cracked open the transactions to trace the tokens to Coinbase and Poloniex. The research team tweeted,

We have attempted to contact Reddit user u/gridchain with our analysis, but have been unsuccessful so far. If anyone knows how to contact them please get in touch.

A Total Recall Attack on Hackers

The researchers found a vulnerability in the implementation JoinMarket, a Coinjoin mixer which is used to mask Bitcoin [BTC] transactions for privacy and fungibility. The researchers termed the attack as Total Recall, inspired by the film and story of “We Can Remember It for You Wholesale.” The report cites a lot of technical jargon and details of their methodology and findings.

transaction graph of mixed coins
The Transaction Graph of the Mixed Coins (Source: Report)

This: 16vBEuZD54NzqnnSStPYxFF2aktGhhuaf1 is the Poloniex Exchange address associated with the attacker. Apart from this, the attackers also found transactions on Coinbase as well. The full details of the report can be found here. In conclusion, the researchers claim that,

We traced back several additional spends to [16vBEu…]. In total, the Toxic Recall attack opened the door for the tracking of 380 BTC to a final destination (out of 445 BTC mixed).

They are now looking for the credit user who announced the theft to prosecute the attacker and probably claim a $2 million (50% bounty) dollar bounty with it as well.

Moreover, it also exposes the possibility of backtracking many other isolated hacks, which make use of the CoinJoin mixing technique which until now made tracking really difficult. Other analytics firms working on on-chain tracking and research includes Chainalysis, which helped to expose the PlusToken scam in 2019. Elliptic, CipherTrace and IdentityMind are some of the other firms.

How do you think this research will alter the hacking of Bitcoins in the future? Are there any other techniques available?