Topic: More than 50% of bitcoins from Twitter hack have been sent through mixers - page 3. (Read 921 times)

that $120k (now $150k?) worth of coin? i doubt the prosecutors even care about that, its chump change to the feds (well imo). these guys will be made an example of.

They could be good at whatever social engineering they used to get those emails and passwords but since Bitcoin is known as the money of the deep web and that currency that terrorists were using it was the obvious choice for these kids. They had no idea how to spend coins anonymously and the greatest proof to that is in the way they exchanged Bitcoins using Coinbase. I'm pretty sure they'll strike a deal and trade those coins for short jail time. If they don't they're dumb.

thanks for the links. good reads.

i cant tell you how many offices ive been to where login/passwords were posted in the plain sight of customers/clients/patients. tell management, later see nothings changed. maybe moved the post it note to the plant next to a monitor instead of the monitor itself. or etc.

even as simple a thing in view such as an internal phone list (usually has names/positions/direct numbers) is a hackers ticket to ride via social engineering.

*sigh*

As far as we know it was just the other two. The details of how the FBI linked the attack to the 17 year old aren't entirely clear, but are likely due to the fact the OGUser forum was hacked and the FBI obtained a database of all usernames, email addresses, private messages, and IP addresses.

Apparently he got access to a Twitter employee Slack channel, which had login details for one of their tech support tools pinned to it. The digital equivalent of writing your username and password on a post-it and sticking it to your monitor.

You can read more about it here: https://www.wired.com/story/how-alleged-twitter-hackers-got-caught-bitcoin/
You can see the indictments for the other two, which detail how they were tracked down, here: https://www.justice.gov/usao-ndca/press-release/file/1300121/download and https://www.justice.gov/usao-ndca/press-release/file/1300126/download

wasnt that florida kid 17? i thought coinbase minimum age was 18. or was it just the other 2 that were arrested had coinbase accounts.

gotta read up on it a bit more. peeps saying this 17 yo dude was some hacker genius. seems only that some twitter employees are just stupid instead. but then so was that kid..  didnt he (or maybe it was one of the others) reuse addresses or something? very noob, much fail.

That was insane! these guys plan it all well but those who are tracing them are doing some good job. This is some challenge and most of the people in the industry of crypto are watching this event. this is some historical tracing right here man, I wonder who will gonna win. I also think those scammers are not moving their BTC so well, they are easy to be tracked.

Turns out they actually sent coins directly to Coinbase. Not only that, but they sent to Coinbase accounts which were fully verified with copies of their own IDs, used the same email addresses as they used on their OGUsers and Discord accounts where they were selling the hacked Twitter accounts, and logged in to Coinbase from the same unobscured IPs that they used when breaking in to Twitter accounts. A simple request from law enforcement to Coinbase and now three people have been arrested. Not exactly the smartest move by the hackers.

Coinbase is an open book as far as privacy goes. Everyone should be working on the premise that anything information you send to Coinbase and all your activities on Coinbase are available to be examined by your respective government and/or law enforcement agencies.

Ah, and this is another piece of information that will put mixers and the possibility of having a bit of crypto anonymity in a bad place. It's quite obvious that smart hackers will seek to anonymize their coins one way or another to erase their traces. What kinda creeps me out is the way you can link some addresses so easily together

That 2.8% cashed out means, the funds that has been sent directly to the exchange without mixing and exchange is to fiat. These are only small amount to avoid the KYC verification.
While the other 11% I believed is the funds that was sent split into exchange, gambling, and merchants.

They could actually disclose further info on which specific exchanges the scammed Btc landed, but I think it wouldn't be necessary anymore since the suspect has been caught already.

Hacker looking for which one wallet most easy and looking hard to detect the owner, always have hack cases every time but bitcoin keep stronger on higher price, We must careful how to keep safety our assets in exchange wallet or saving in ledger nano offline wallet. Will depend on our hand how to keep safety our assets and hold for long term.

Actually, if you read correctly the blog post from Elliptic.co, it says that only a low percentage has been sent to exchange platforms, but not only, from this low percentage, some bitcoins have also be sent to casinos and merchants.

Looking at the graph it represents about 10% which means ~$12k only. So it's about $12k split between exchanges, casinos, and merchants, a relatively ridiculous amount.

On the top of that, the guy surely sent to exchanges not strict with AML/KYC, maybe accountless exchanges, or the one without KYC, to small to have a surveillance.... Bought a few stuff with merchants not able to block/track those bitcoins or to late because the items have been delivered.
I don't know how casinos work regarding AML, so won't comment, but maybe depositing BTC and then withdraw without playing?

Seeing how big was the hack, getting only $120k is so ridiculous by the way.

It could be part of the plan but hey, we have some good news and I think also a bad news for the update of this twitter hack and scam.

Twitter hack: Bognor Regis man one of three charged

I just noticed that BBCs SSL isn't secured.

I wont say lucky trick buddy cause if the twitter hackers could make such foolish move (cashed out 2.8% of the stolen coin without the use of tumbler for all the coins) it prove that they are still baby hackers and the twitter employee which their credentials was manipulated and used to access twitter’s internal systems need to be question. Unfortunately, things like this usually die down cause thorough investigation to be performed.

If they do, then you shouldn't be using them. Why would you try to increase your privacy by using a company which tracks, links, and de-anonymizes your deposits and withdrawals?

How? How can a mixer keep logs of everything you are doing while at the same time claiming that your privacy isn't compromised? That sounds like all the free VPN providers which harvest your data and sell to third parties. As soon as logs are kept, your privacy is zero.

There is no way to differentiate between the "correct" use or the "incorrect" use of a mixer. As soon as a mixer starts monitoring and spying on their customers to make sure that every deposit is "correct", then all privacy is out the window and there is no point in using that mixer anymore.

Mixers are like encryption. The majority of people using them are using for perfectly legal reasons. Yes, some a small minority people use them for illegal reasons. There is no way monitor who is using it and stop them from doing so without completely breaking or rendering useless the entire system. No, ordinary people shouldn't be force to give up their privacy under the guise of "safety".

Well not surprised at all, we already had a talk about this in another topic, that was an expected move although I thought they will use mainly mixers or non-KYC exchanges, and not cashing it out directly lol!

Thanks but I emphasized the importannce of private keys ownership in my post. For any reasons (mostly from hack investigations, money laundering investigations) governments can force exchanges to freeze BTC in accounts that they have proofs of relations to bad and illegal activities according to their laws. In such law enforcements, exchanges have no option to choose and they must freeze related accounts.

I am unaware of the companies have a policy to keep a track of the mixing services being performed , if they do then I do think it will be really easy for them to hand over this information to the government , at the same time for the future these services should actually make a policy like that , which won't compromise the privacy and at the same time keep logs of everything for the safe situation.

Mixing services are helpful when you are using them correctly , but if used incorrectly it may cause loss , uncompensated , causing the negative marketing of these services, they need to save the backlash from the government.

The fact that this Twitter hack happened at approximately same time means many people together worked or maybe it was just one, so even if the Government can track the Bitcoins being sent without the mixing services they can might as well make sure the guy spills out the beans .

Since in many countries Bitcoins is protected by the law , This means the Government have to intervene and make sure the people get back their money 💰 , got that they need to hire people who are familiar with the Blockchain technology like Bitcoins ( another reason why it is important for Colleges to include Bitcoins and other cryptocurrencies in ).

I don't think these services are being used by people who are just involved in the negative marketing . Maybe they just needed some privacy at a moment?

Why are you repeating this false statement after I provided you with evidence to disprove it in your last thread? A minority of funds which pass through mixers are stolen or otherwise tainted. The majority of coins being mixed are being sent directly from exchanges, by users trying to protect themselves from centralized exchanges' mass surveillance.

Bitcoin is decentralized, but exchanges certainly are not. Centralized exchanges freeze accounts and seize coins all the time for a variety of reasons, legitimate or otherwise. If there is a suggestion that some coins are stolen, then many exchanges will freeze those coins. Binance, for example, frozen a bunch of funds which were thought to be related to the Cryptopia hack.

Unfortunately, this is a big disadvantage of bitcoin transactions, that hackers can manipulate funds depending on the degree of their immersion in the sphere. Of course, mixers contribute to how you can cover up the traces of your transactions, but this is not the main problem in this area. More bitcoins are lost when people simply forget their passwords and keys to their wallets.

They were probably very self confident thinking no one will disover what thry are doing and no one will track theur lead. Unfortunately this just shows that in many cases hackers and scamers still have pretry easy job. The big mistakes were made by Twitter two and they will need to explain a lot of issues in their security
Bitcoins that were going through mixers will probably never be traced