Author

Topic: Bitstamp - Taint analysis (Read 1635 times)

legendary
Activity: 1100
Merit: 1032
January 08, 2015, 04:38:38 AM
#8
How did you get the hot wallet addresses? If you're just using addresses connected to the "hack address", it's normal that they have less traffic on other days (since you would be missing other hot wallet addresses).

It was based on prior taint analysis, not just the addresses related to the hack, though the hack did generate extra taint, it was minor in the grand scheme of things (at least 140k addresses in that wallet, counting tainted change addresses, it's one of the top 20 hot wallets)
full member
Activity: 125
Merit: 101
January 07, 2015, 06:13:31 PM
#7
How did you get the hot wallet addresses? If you're just using addresses connected to the "hack address", it's normal that they have less traffic on other days (since you would be missing other hot wallet addresses).
legendary
Activity: 1470
Merit: 1004
January 07, 2015, 05:15:33 AM
#6
here is another one...

the 9k coins were a deposit from someone planning to crash the price. they cleared in the account and the dump started, but they also got stolen

9k coins belong to Bitstamp. they wanted to crash the price. Price down, they earn a lot Smiley)
sr. member
Activity: 381
Merit: 251
January 07, 2015, 02:54:30 AM
#5
here is another one...

the 9k coins were a deposit from someone planning to crash the price. they cleared in the account and the dump started, but they also got stolen
hero member
Activity: 616
Merit: 500
I got Satoshi's avatar!
January 07, 2015, 02:00:01 AM
#4
Could those 9000 coins moving through the wallet on the 3rd be the start of the crash? It lines up with the start of the price drop quite suspiciously... and it was a day before Stamp noticed anything. Perhaps he was already selling those 9000 coins when he stole the other 18000 the next day.
newbie
Activity: 20
Merit: 0
January 05, 2015, 11:10:42 PM
#3
What I think is very weird about this whole mess is... How come no kind of custom firewall was programmed? This would be impossible if some simple filters would be put in place aswell as an automatic analysis tool in combination. This all happened in a day or so Huh And no red flags at all? Okey... That's quite shocking.

Mr Kodrič should be worried for his own safety if this won't be repaid (speculating, not making threats).
newbie
Activity: 26
Merit: 0
January 05, 2015, 08:25:13 PM
#2
Thanks for the analysis!

It doesn't seem suspicious to me. It makes sense.

If I were going to steal coins and knew the target kept between 500 and 2k coins. I'd want to wait to steal until there were 2k coins (if possible) and try to trigger an event to make it fill to 2k (if possible) before stealing to maximize my illicit gains.
legendary
Activity: 1100
Merit: 1032
January 05, 2015, 03:51:50 PM
#1
What follows is a Bitstamp Hot Wallet from taint analysis

This is guesstimated, from blockchain analysis only, so take it with a shovel of salt and a critical eye.
It's at best an under-estimation, as the taint will naturally not affect all change addresses and other things, though from experience on altcoins, it's not usually complete bollocks either Wink

Hot Wallet guesstimated Balance
day
01/01/2015
02/01/2015
03/01/2015
04/01/2015
05/01/2015
received
1,657.5
2,778.2
9,592.7
18,614.2
1,223.1
Jump to:
© 2020, Bitcointalksearch.org