Upbit, a South Korean exchange woke up to a major hack on 27 November, resulting in the loss of $51.7 million worth of Ethereum. Ever since the hack, many exchanges came forward to freeze the movement of the stolen funds; however, that has not stopped hackers from trying to move these funds to various unidentified wallets. According to Whale Alert, a part of this stolen amount was moved on 23 December.
The wallet address of the sender was identified to be, 0xB3A9B79F4D5Dc2cdcdc00dA22869502CBF65A0a5, through which they sent 2,000 ETH [worth $264,388] to an unidentified wallet address- 0x987F8cFB36086c78bEcc03e4e3369c69E195d476. The recipient’s wallet held a sum of 1,500 ETH [worth $198,855] and had received payments from the hacker’s address. After the transfer of 2,000 ETH, the address relayed a part of this amount to another wallet.
This fairly new address has an account of just 13 transactions, mainly to and from the hacker’s wallet. Whereas, the sender address held 13,171 ETH [worth $1,747,660] and was dormant for over two weeks.
Three weeks ago, on 3 December the hackers moved 11,001 Ether [worth $1,639,222 million] and had carried out a test transaction by sending 1,001 Ether to the same wallet. Initially, the hackers toyed around with the small amount of Ether like 0.00001337, where the numeric 1337 stood for “leetspeek”, a pseudo-language used in reference to “elite hackers.” The attacker was reportedly splitting the funds for easy dispersion and has over 50 accounts.
According to CryptoTicker, OTC methods on the dark web were a commonly used method to liquidate funds. However, if the attackers switch the token from privacy-focused coins like Monero, Dash, or Zcash, it might get difficult to recover the loss.