It's crossed paths with sales addresses over multiple addresses with amounts that are too large for individual sales transfers and too consistent/regular to be for paying electric expenses. The multisig address (3Mkw) has inputs from 1KYXrw4Ftkmomfs4iyVXUSqQeRX75Unoi8, and repeatedly puts outputs through to 19iVyH1qUxgywY8LJSbpV4VavjZmyuEyxV, which I identified as a nexus in my OP.
Two things: with the amount of BTC we're considering, you don't fux around without at least one multisig lockbox. I think that 19iVyH1qUxgywY8LJSbpV4VavjZmyuEyxV and 13p5iQkqBEVgKmPeJqEL2LBRS44PjX1dZL are likely two addresses in separate wallets with a very large number of change addresses attached to them, both of which contain signing keys for the lockbox. This is going a bit into wallet-cashflow strategies and how they might play into bolstering security, but I would say that according to the timestamps of the transactions across these 3 addresses, that the 19iVy and 13p5i keys are held on different machines, and that either 13p5i is hosted on an offline machine (output tx's are often numerous and clustered at the same timestamp, indicating that these transactions are created and signed offline and then broadcast in tandem with other operating tx's).
However, again, this is just my theory from what I've been observing over the past two months. I'll reiterate once more - the key to being able to link the wallets was the transfer from the old mining address that occurred this morning. It pinned the least common denominator at that multisig address and related wallets.
Additionally, it seems that friedcat likes to effectively shatter the inputs he receives into small outputs across many wallets, which I would guess he encrypts with a unique, computer-generated key schematic (if he's as witty as I think he's been with security). Just this morning, I traced transactions through over 500 addresses that saw 500 BTC from December 2013 split into ~0.1BTC addresses backtracking out from a few small inputs from the original mining address (withheld capital from last round's divs)...so it's possibly, if not probably, that only a moderate fraction of AM's holdings may be traceable via tractable methods at any given time.
Example: look at the recent outputs from
https://blockchain.info/address/1KryFUt9tXHvaoCYTNPbqpWPJKQ717YmL5 - nice, even pieces of 1 BTC to individual addresses that clump back up again over time.
Precisely. You use the same analytical thinking as I do to cull through the ledger - keep looking. It might take a while, but I think you'll see what I'm talking about.
From the 2nd link past the originating (AM mining) address, look through
https://blockchain.info/address/17whCacdyEzKJ8ArDmkvjRg8WFvoDZbqPS. It's a multi-change transaction that filters back through to 19iVy and other associated addresses and again through to the multisig. Think about the perspective that many of these addresses may be in the same wallets.
