Today I read a very interesting article on the site https://pastebin.com/aKfJ6qHd and I was shocked that the hacker who attacked the NexusMutual, EasyFi and FinNexus projects has not been arrested yet. I will now share this information here.Briefly, in the video:
https://www.youtube.com/watch?v=ccjcbADuTjw (Who is the hacker of Nexus Mutual, EasyFi, FinNexus?).
On December 14, 2020, it became known that an unknown hacker stole 370,000 NXM from the wallet of the CEO of Nexus Mutual DeFi.
On April 20, 2021, another hack occurred, but this time, another project called EasyFi DeFi was attacked. In this case, the hacker stole almost 3,000,000 EASY tokens.
On May 17, 2021, the system of the FinNexus DeFi project was hacked, in which the hacker was able to mint FNX tokens in the amount of 323,000,000 FNX and sell them on the open market.
All three of these hacks have an analogy. These hacks were aimed at gaining access to wallets or private keys, which allowed a hacker to gain access to funds. Also, these break-ins were carried out at the same hour.
All the results of our independent investigation that we publish in this article are obtained as a result of our own independent investigation, and these results of the investigation may differ from the official ones.
From the media, we know the ETH addresses that belong to the Nexus Mutual hacker, EasyFi hacker and FinNexus hacker. Now let's take a look at each of their addresses that belong to these hackers.
Let's start in order. The first hack we're talking about is the Nexus Mutual hack, which was carried out in December 2020. The Etherscan block explorer shows several addresses that belong to the Nexus Mutual hacker. But we will focus on one of them, which Etherscan has marked with the name Fake_Phishing4636. This hacker's address has leading digits 0x0adab45946372c2be1b94eead4b385210a8ebf0b.
ETH address 0x0adab45946372c2be1b94eead4b385210a8ebf0b has a direct transaction for address 0x31499E03303dd75851a1738E88972CD998337403 - you need to remember this address:
https://etherscan.io/tx/0xff9c6419ba87235a5fbcbfe85899ba0440abbf5f6e6af078682ec6ac0523bea5The next address we'll look at is the EasyFi hacker's address. This address is not tagged with Etherscan. But from the media, we know this address is 0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37. This hacker address was founded using a deposit transfer from the already known address 0x31499E03303dd75851a1738E88972CD998337403:
https://etherscan.io/tx/0x84dc4924575bae826d50fd8278c307e5b8d2d7cbe05ad52a5e867f2c1aaa340aAlso, the EasyFi hacker's address has an additional direct transaction for 0x31499E03303dd75851a1738E88972CD998337403, which is the last outgoing transaction that the EasyFi hacker performed.
https://etherscan.io/tx/0xeaaabcafafe474cdac5d1f231a790e805fb72d1e27cd6f3e2d90c5635fe61cdeIn addition, the EasyFi hacker carried out several direct transactions from the address 0x77BEB16e4DB0686e36dbf01142685275785775Ed:
https://etherscan.io/tx/0xcf99a55af6ee7a3d46f121fe091d2e29720881a72b5876dac25068fb73405ec5https://etherscan.io/tx/0xb189754f07f00f3e32fbfd3e60f34686afd5209c7ccfe281c7ee5ad5ba514270as well as additional transactions:
https://etherscan.io/tx/0x4d6d6c5d6231614db587b52d1f8e4d58c8b804032f5ee959344ac47c51b046e6https://etherscan.io/tx/0x8ecd760060c60cb64520d803774a08c83210aac06a0ebbfcb436a5ffdc7348f5https://etherscan.io/tx/0xd843d0b9300b1cdc79c0e1280127163794c7df6c87dca06cb128b232779f0291 The address 0x77BEB16e4DB0686e36dbf01142685275785775Ed is also based on the address 0x31499E03303dd75851a1738E88972CD998337403:
https://etherscan.io/tx/0x7d90cbac9ff954555ee9e927598ff5daee9c3396451262fa77c44fab6bda25c0As we can see, unlike the Nexus Mutual hacker's address, the EasyFi hacker's address is linked not by one, but by several transactions with the address 0x31499E03303dd75851a1738E88972CD998337403. You need to keep on remembering the address 0x31499E03303dd75851a1738E88972CD998337403, as we will meet it many times.
Now we will look at the FinNexus hacker's address. From the media, we know this address - it is the address 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F and it is marked in the Etherscan block explorer. We do not observe direct transactions between the address 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F and the address 0x31499E03303dd75851a1738E88972CD998337403. But there is a connection between these addresses using the intermediary address 0x2Da3a8738c34fFB35182670bcb76Ad722240bcC0. Despite the fact that the hacker diligently tried to hide the address 0x31499E03303dd75851a1738E88972CD998337403 from our eyes, we were still able to find this connection. The FinNexus hacker's main address has a direct transaction with the address 0x2Da3a8738c34fFB35182670bcb76Ad722240bcC0. The address has two outgoing FNX token transfer transactions for address 0x1cE5f1fe7d8543A0046E521302C3A21734309302:
https://etherscan.io/tx/0x0403a2a195c94203ccc36c3a481328b478742bbb390e7ab7debbc44de534abcdhttps://etherscan.io/tx/0x84aaa19f5b8bb5ac58047eac0d462bdf9f7631a4d7a2a9c911718dfc35845584 In turn, the address 0x1cE5f1fe7d8543A0046E521302C3A21734309302 has a multiple connection with the address 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A:
https://etherscan.io/tx/0xdc54b9fc18773e04365710ca3f243c47e196218f1855d5d177ec45598c1a838chttps://etherscan.io/tx/0x0403ec450fd3fd3ef1915cbcf0e5a3e3c679b81188399ac09bb7c3bf8ef21f2ehttps://etherscan.io/tx/0xffe4d170dd4461a173acaa694dc9220755f0bfcba0883723ef843e7b4569de8dhttps://etherscan.io/tx/0x968bd9ead37db5d7c7148ac5c0bd6860032a952f517d180713efeaf8dfd6971fhttps://etherscan.io/tx/0x7ef4693769adb3f1ee362ae0c77e695c7fb94ac291da736efd28aee554f7f3f3In total, this connection has 12 transactions.
Also, 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A received a deposit with Tornado Cash:
https://etherscan.io/tx/0xdf6a5aefaf5dcd44c40b881f1d2c816a560107a9b0fa12a018adf7e7e2a44e1fThis is the address 0xA29bD5815AEA7ac88E9F3AaDd8F477675EDAD404 made a transfer for the address 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A amount, about 1 ETH. For this, 0xA29bD5815AEA7ac88E9F3AaDd8F477675EDAD404 made a deposit for Tornado Cash in transaction:
https://etherscan.io/tx/0x000849cb2a3ab080bbda4fd6f0e41a7d2a35108c3d47a1f91655c7f33feb959fIn turn, the address 0xA29bD5815AEA7ac88E9F3AaDd8F477675EDAD404 is based on the address 0x31499E03303dd75851a1738E88972CD998337403 in the following transaction:
https://etherscan.io/tx/0x7e1878f62be97e245a31b426b191479704fdfcfa3044b51f9a70ef1287489a9cIt also has many direct transactions that you can see:
https://etherscan.io/address/0xa29bd5815aea7ac88e9f3aadd8f477675edad404#tokentxns(28 transactions in total) and
https://etherscan.io/tx/0x61324b4a3624eccf5c69e7fb4292f3f22ccf295d07dbf866679a6c38ce2df0bf .
Address 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A has an outgoing transfer transaction of 124,977.5383 USDT tokens for address 0x860Dc1b24f96F59F4ec25ca439bcB9cDD6c1a7B0:
https://etherscan.io/tx/0xae6a4ec0cf0f70f5b2bcce1149175fc71cb5f4346d3c41beffaab98265e64e68 The address 0x860Dc1b24f96F59F4ec25ca439bcB9cDD6c1a7B0 is associated with the known address 0x31499E03303dd75851a1738E88972CD998337403, with its last transaction:
https://etherscan.io/tx/0x61324b4a3624eccf5c69e7fb4292f3f22ccf295d07dbf866679a6c38ce2df0bfLikewise, the address 0x860Dc1b24f96F59F4ec25ca439bcB9cDD6c1a7B0 is also associated with the address 0x31499E03303dd75851a1738E88972CD998337403 using the intermediary wallet 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A.
By the way, I would like to say about some strange feature of the address 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F, which belongs to the hacker FinNexus, is that this address, on Etherscan, looks like a normal wallet address, but block explorers such as Bloxy and Bitquery 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F the contract that is created by the address 0x78d147015a9ef3ed9f9011fa394561670dc787cb in the following transaction:
https://etherscan.io/tx/0x47dd577a9ea88215884e5eeda6ec3a8b7200b50377e906f9b7a8a7e5d6a91b9c Thus, the hacks of the Nexus Mutual, EasyFi and FinNexus projects are related not only by the nature of these hacks, but also by the same address - this is the address 0x31499E03303dd75851a1738E88972CD998337403. This suggests that all of these hacks were carried out by the same hacker (or the same group of hackers).
Now let's try to determine the roots of the already known address 0x31499E03303dd75851a1738E88972CD998337403. Let's try to find the name of the person who owns the address 0x31499E03303dd75851a1738E88972CD998337403.
Address 0x31499E03303dd75851a1738E88972CD998337403 had many mutual transactions with address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912:
https://etherscan.io/tx/0x09d01a209e33e91d77b663eb52b8965f4ec88567df01cc0d00c03a5d89a283eahttps://etherscan.io/tx/0xaa5f8b9d67509a1148f1da6602a4907a8d3354a64af7bd1c2172604fa4b423achttps://etherscan.io/tx/0xfdd0f75170c0d4bf882a36bcfb84ebe91eb53ad7021fea010d35a25c4317adc0https://etherscan.io/tx/0xf411e402f3b3d44100592946a173331fad7a7fad2a6f1431a43ccc446331c2b4https://etherscan.io/tx/0x055d65059df06cc2d5242c5e89e56e4f517cdb6ce101d2dfd247e9b011cac803https://etherscan.io/tx/0x0d62b86a12c8da051aeea773e3627a2218ebc093928d8cb1828647e59aaf66e8https://etherscan.io/tx/0xc3a549322212613472facec75215b287e556c4da720f3e2b30c42c6b8e746f66https://etherscan.io/tx/0xe63b26da1d6a85eb10253401fb3f26b4069d3ce44263006e65df7d55daa8646ahttps://etherscan.io/tx/0xd2a05b70d43eb1c2b8abff77f9f61f27cbbb0480aa0a90d376fd75920ad9a797as well as 9 direct transactions of tokens, which are indicated:
https://etherscan.io/address/0x31499e03303dd75851a1738e88972cd998337403#tokentxnsThe total amount of direct mutual transactions between the address 0x31499E03303dd75851a1738E88972CD998337403 and the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 is 18 transactions (!!!).
In turn, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 received its first deposit from the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B:
https://etherscan.io/tx/0x2a0bf3d67de08e384ee34242f5c45b01c58e7ee289ab6522c559e532d3f01b9fAddress 0x834e6bedc304c4c610557e9ffaf0d4ec310b881b created by address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 in transaction:
https://etherscan.io/tx/0xd1e99af2a9b3a446eb0387f5c61801ddccafc8f5f211cfebddf581b601979d84Address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B is associated with multiple transactions with address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4:
https://etherscan.io/tx/0xdfd6869e43d614f014b6d5f0227e85f22ae50bb7d092abbf9c0b93b3f7c6baf5https://etherscan.io/tx/0xc0059c86d46a5faef8be817e07d4ccaebd1d8149d2ecbdbca7e621ff30e52e76https://etherscan.io/tx/0xaa6360699863ed640b17c645b4047a2cca4cb4055167342c038ee4d0f567bb7ehttps://etherscan.io/tx/0x74fd673304c52f7017819056ef29b8fbdfbe8ba0b74892c4d5e8374222c23a68https://etherscan.io/tx/0xff2d34c669ec9b8202fae4d26456af800f16077ed2cade4d3a67d3cef769cba2https://etherscan.io/tx/0xba7047ac9ecee6013f44fd03429e87410d01d43f5a68901c092471722beea586https://etherscan.io/tx/0x921763e445cca2cd400db20f23391e5c39a204c7f548b67d3a00e8a5559a2c43https://etherscan.io/tx/0xa42c5e91f312f137d16846dfda2558510280306afb2f8c28104111e8cba18b7ehttps://etherscan.io/tx/0xa2a293b2406d2f30e18e4f245dca39beb9ad1c13cf03c753d9eb7de04b496035https://etherscan.io/tx/0xd1e99af2a9b3a446eb0387f5c61801ddccafc8f5f211cfebddf581b601979d84https://etherscan.io/tx/0xcb5d44c2a8678e34532c5b2b98be82fbdefad5a837b65f8569706573bb3a7e1chttps://etherscan.io/tx/0xafc27ac6a7201d6d0e801df286c2e72b8f9103c652dde5bee2a33c3d01aad6d8https://etherscan.io/tx/0xb17cb0896e67187818dd026c5b4b1f3146884bc357d9d59f10c5b91cd8410465https://etherscan.io/tx/0xbbb691ede2708ed3d79c3a0269a418f78864c8219e9a1849eb1a4491fc4fdb30as well as 21 direct mutual token transactions:
https://etherscan.io/address/0x834e6bedc304c4c610557e9ffaf0d4ec310b881b#tokentxnsThe total amount of mutual transactions between the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B and the address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 is 35 transactions (!!!).
Address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 belongs to Anton Dziatkovskii. Anton Dziatkovskii publicly says that he owns the address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 in the following sources:
1.
https://twitter.com/antondzyatkovsk/status/1391126347682959360 -
https://app.poap.xyz/token/1089032.
https://twitter.com/antondzyatkovsk/status/1388607712355782663 -
https://pay.sablier.finance/stream/4167 (
https://pay.sablier.finance/stream/4167/details)
Speaking about the personality of Anton Dziatkovskii, we can say that Anton Dziatkovskii is a developer of platforms for DeFi projects, a developer of smart contracts, is a specialist in the field of security of smart contracts, is a computer specialist, considers himself a white hacker, is a trader, as well as manager of bounty companies for various projects.
Also, Anton Dziatkovskii is a co-founder of the MicroMoney project (
https://www.micromoney.io/), director of education for the UBAI project (
https://www.ubai.co/). One of the UBAI products is the BTCNext exchange (https: //www.btcnext.io/). Anton Dziatkovskii is a co-founder of the QDAO DeFi project (
https://qdefi.io/en). Anton Dziatkovskii is also a member of the NoahCity project team (
https://noahcity.org/en). Anton Dziatkovskii is the founder of the Platinum Fund project team (
https://platinum.fund/en), which develops platforms for DeFi projects and blockchain solutions. Anton Dziatkovskii is directly related to the development of the SpaceSwap DeeFi project (
https://spaceswap.app/) and its possible co-founder. Anton Dziatkovskii is the bounty program manager of the SpaceSwap project (
https://bitcointalksearch.org/topic/--5314607) and this can be seen in his bitcointalk profile which has the username Cubus or in the fraud dispute
https://bitcointalk .org/index.php?topic=5185188.0.
Now about Anton Dziatkovskii's personal profile (links):
https://www.linkedin.com/in/Anton-Dziatkovskii-47012a95/ https://www.facebook.com/AntonDziatkovskii https://twitter.com/antondzyatkovsk BTT url:
https://bitcointalksearch.org/user/cubus-1120647 BTT username: Cubus
GitHub:
https://github.com/AntonDzETH-address:
https://etherscan.io/address/0x0aaf72da643570da1bf76e8b3063c3f378b3d3d4 Address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B has a direct transaction with address 0x4664db097caC5E006AC94705D3C778f2aC896AA8:
https://etherscan.io/tx/0xcdfc173671d819852bc988561d97f012bc9077f0b7cba215cd56dac8eccfb876https://etherscan.io/tx/0x7cae308a78ea346ff12bb2aabec8006bdb102637e175284b50208102eed8b8f9https://etherscan.io/tx/0x970ae7f65cf0411cafbbcdaa967d00ed9d683a1fe348e79098f0e266c6e7771dhttps://etherscan.io/tx/0x34c682332b1cc547464a7792dd1fcc4e95a43fe039fdfd313ec65cf260ec8577https://etherscan.io/tx/0x83e6fa104fd2eadf061916d8a876875e40fa427915bc12ad22c27fca067eb21ahttps://etherscan.io/tx/0x63c2d52a1878d223031752844c159120acd28aa56e83a60ae4642e7da8143f2chttps://etherscan.io/tx/0xb9ebdc1a15a6e65cdec5bf16f356d5966e893813a71798d5a2238b4b2730961dhttps://etherscan.io/tx/0x05577efbf0f6b9290453261d2c891aa521aa09a4d0d2237881f0be01aaee7e49https://etherscan.io/tx/0x0221d3f6f4bb312a923306c600254e0cff9e054459ede48abede99ac12ce4740https://etherscan.io/tx/0x69692e6a7cd211ad20eac4651372ce2be46bb029520e61467fe29e8ee7abff5dhttps://etherscan.io/tx/0x942ed370ed893dda297d9b3f4c60529f8b44f47adc9e1effcf1a4c8a2e1be5edhttps://etherscan.io/tx/0x5d621d6523e2fe87a2f9027ed5aa631761bfe62160b576d1e571b65e26d29d2ehttps://etherscan.io/tx/0x16121cdf65d8710146a114081ccd7d1de7d01cff97d9eca33da57c10275ac0d3and an additional 15 token transactions. The total amount of related transactions between the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B and the address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 is 28 transactions (!!!). There are also several related transactions using the intermediary address 0xDaEB3B152bE7ac786E79122C4655594e7808587D.
Address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 is associated with Anton Dziatkovskii address 0x0aaf72da643570da1bf76e8b3063c3f378b3d3d4:
https://etherscan.io/tx/0xc75a093e8da8232cda46e64a244d08ea77ef53e3cfd3879c851f24acdef8a06ehttps://etherscan.io/tx/0xff9211c8a521f000d9e9f96bf78c5f1630892a7c42f8858aa779dfde9deb54c1https://etherscan.io/tx/0x9a204b1f662e00747961b31ad6ba858d1b38fbc31f1f8c4cc56e3359d9ca8a86https://etherscan.io/tx/0x6d4194f76b4dbeac399be2a096684ad4e1347e3928cfb674c339cbc186391d1ehttps://etherscan.io/tx/0xba9a9807e2969d5f0d9296426492a38cdcd4e4b8071c64e7d453f7c63b32f4cdAddress 0x4664db097caC5E006AC94705D3C778f2aC896AA8 is associated with address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 (which has made many transactions with address 0x31499E03303dd75851a1738E88972CD998337403, at least two transactions:
https://etherscan.io/tx/0xa6e43e8d7ee9455ebc5291a031548a346fcf4176df41f4201ded66436ab9b115https://etherscan.io/tx/0xadc4495b302dcb747c7f1db98d79f588ce42ec88369bd653fbfe9e790fdcaaa1All this means that the overall hacking address 0x31499E03303dd75851a1738E88972CD998337403, which has a lot of mutual transactions with the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912, in consequence, the two roads meet with the address 0x0aaf72da643570da1bf76e8b3063c3f378b3d3d4, which belongs to Anton Dziatkovskii: first road - with the help of mediation addresses 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B (laid the groundwork for 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 address); the second is through the intermediary address 0x4664db097caC5E006AC94705D3C778f2aC896AA8.
Address 0x4664db097caC5E006AC94705D3C778f2aC896AA8, is associated with address 0x5a6a52a7bf22813882e988135a7d2be805bb0649 by numerous transactions:
https://etherscan.io/tx/0x5b07bf2f9bd2c796621d0960e43623791ed3b97248401b480a7f5cc13188440ahttps://etherscan.io/tx/0x741aed055bed684f1149c130f3ebdffe414da3bf4026d002d30c8fa12a179220https://etherscan.io/tx/0x6e4d6693cee30d4b077489820f32d380913f18810285be608ca3e8d9a0982ed6https://etherscan.io/tx/0x7b83d4b6d2a93dd0a10420381ebec9b8a2d5791073e0dae799731c2ebf7b0449https://etherscan.io/tx/0x2128a3d2785868c553d8a82c501239cd246c2ec0acc949710ce2388dd8d2b069https://etherscan.io/tx/0xf0e6f25433ed29f917761a09d055b87889532f2a9e9f6d2a4f7d91cd9cda590fhttps://etherscan.io/tx/0xc22f519e47a86d1429dac5be5cec802fbe2d975a17fe1d9562821a5c41a25261https://etherscan.io/tx/0x8fb76aeae37295b2ecee24c4d83e7a689162de88eec475a088fdea7c2fc3ae99https://etherscan.io/tx/0xba49ca3ec1b8abecbe1bb0cb37a72f5632004371a4844bd9b9a80885f3ada3a8https://etherscan.io/tx/0xbfc65a07cbc1d9160c943622a6c00b9d9f3a0752858ffd0bb94b3e4ecbdeded2https://etherscan.io/tx/0x6c83d5f6dfcdd80bb3fc4b80c5bb7a0e37ca5a6d35765b5bea5da7567d0514baand an additional 58 transactions (
https://etherscan.io/address/0x5a6a52a7bf22813882e988135a7d2be805bb0649#tokentxns).
In total, the number of mutual transactions is 69 transactions (!!!).
Address 0x5a6a52a7bf22813882e988135a7d2be805bb0649 is the foundation
https://etherscan.io/tx/0x9e872cf2555bd5b07f1420b2195f9e397190971ea928725158ee7103142f801c to form the address 0x71e0d074bb70fdc5345f986e3435117f52afcebb - the creator of a smart contract for QDAO tokens issued by the QDAO DeFi project, where Anton Dziatkovskii is a co-founder:
https://etherscan.io/address/0x3166c570935a7d8554c8f4ea792ff965d2efe1f2Address 0x71e0d074bb70fdc5345f986e3435117f52afcebb, is the creator of the smart contract for the BNX token, which belongs to the BTCNext exchange, which is part of the UBAI project, where Anton Dziatkovskii is the co-founder.
Address 0x71e0d074bb70fdc5345f986e3435117f52afcebb also cooperates with address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 in transactions.
Address 0x5a6a52a7bf22813882e988135a7d2be805bb0649 also has several direct related transactions with address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2:
https://etherscan.io/tx/0xd016bd35a947a95af6505db3f426b53d9429f21705cd340f29cf96d6bb7d478ahttps://etherscan.io/tx/0xf7adf5ff89bb7a00bbaf7dbc81bf8a889f01139766f45756f22615a3bebbbadfand many transactions with different tokens,
as well as using the intermediary address 0x3c586d0e07f312a180ec46d4c27d831731c41d23 with multiple transactions.
Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 also cooperates with address 0x4664db097caC5E006AC94705D3C778f2aC896AA8.
Just address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2, has a direct transaction with the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B, which is the founder 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 addresses having a plurality of transactions with the common hacker location 0x31499E03303dd75851a1738E88972CD998337403:
https://etherscan.io/tx/0x3084669504ddca7161a0afc35207a961c4870581fa2d1740dc11f5f2ede43322as well as transactions using the intermediate address 0x3c586d0e07f312a180ec46d4c27d831731c41d23.
Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 is the creator of smart contracts for MILK2 tokens (
https://etherscan.io/address/0x66d1b01c0fd7c2d8718f0997494b53ff5c485688) and SHAKE tokens (
https://etherscan.io/address/0x6006FC2a849fEdABa8330ce36F5133DE01F96189) , which belong to the SpaceSwap project, to which Anton Dziatkovskii has at some direct relation.
Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 is the creator of the smart contract for CNYQ tokens (
https://etherscan.io/address/0xc541b907478d5CD334C0cbfcB9603b6dac6e9ee3) , JPYQ (
https://etherscan.io/address/0x558A069a3A1a1e72398607b9E3577fCe1C67EA63) , which belong to the QDAO DeFi project, Anton Dziatkovskii is a co-founder.
Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 is the creator of the smart contract for NOAH ARK tokens (
https://etherscan.io/address/0xfce94fde7ac091c2f1db00d62f15eeb82b624389), and tokens NOAHP (
https://etherscan.io/token/0x41b3F18c6384Dc9A39c33AFEcA60d9b8e61eAa9F), which belong to the NoahCity project, in which Anton Dziatkovskii is a member of the team.
I would like to note the following that many wallet addresses associated with the EasyFi hacker address 0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37 (including some intermediate addresses) have MILK, MILK2, SHAKE, NOAH, QDAO tokens on their balance. Even the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912, which has many mutual transactions with the well-known common hacker address 0x31499E03303dd75851a1738E88972CD998337403, contains these tokens.
By the way, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 has BABYMILK tokens on its balance (smart contract
https://etherscan.io/address/0xe00edf07bbab7f9e7a93ffbffdd4c16c5dbc6b03 - BabyMilk TEST token by SpaceSwap v2, at the same time, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 takes the #13 place among the holders of these tokens (
https://etherscan.io/token/0xe00edf07bbab7f9e7a93ffbffdd4c16c5dbc6b03#balances) . As a rule, such a high rating among the holders is occupied either by the co-owners of the project or by the leading investors in the project.
Also, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 (which has a lot of mutual transactions with the common hacker address 0x31499E03303dd75851a1738E88972CD998337403), has a direct link with the address 0x72d49544D17e3C98B0f94D97eE851981279f3aa9:
https://etherscan.io/tx/0x11cf0326b7b0ee31db33231d2b5eac63763d323f065a72bbfe77baf147e90fe7https://etherscan.io/tx/0x11cf0326b7b0ee31db33231d2b5eac63763d323f065a72bbfe77baf147e90fe7This address 0x72d49544D17e3C98B0f94D97eE851981279f3aa9 also belongs to the SpaceSwap project, which can be confirmed on the Rarible website page:
https://rarible.com/spaceswaphttps://coinranking.com/ms/nft/a0a0d045cc-rarible-fallen-puppet By examining the block conductors, we can determine where the Nexus Mutual hacker sent funds:
1. Transaction to convert renBTC to BTC
https://etherscan.io/tx/0xd0b498293d36e2f264b377d3cfec5d1701a92808f0f7580881f6459a6e9c0062 got an exit in a transaction
https://www.blockchain.com/ru/btc/tx/75e7645350615dcb1526010af5c9ca264f962136dec83e11120056ff66d579f0. So this is the BTC address bc1qmyxuldmsec6xm7gm7dnmmth4lz776tr5mtluvp followed by outgoing transactions.
2. . Transaction to convert renBTC to BTC
https://etherscan.io/tx/0xfdd36a0c510bb7acf66ab3f42f8682eae563f52767f8a897d03f087426f683c0 got an exit in a transaction
https://www.blockchain.com/ru/btc/tx/b59fd9206d1e81e520c5000e60907a7c2ba730d18f34b488ea60f29c718886bc . So this is the BTC address bc1q6qsnqt98g3aggqy6adlpxkgngughwc66f93dve followed by outgoing transactions.
3. Transaction to convert renBTC to BTC
https://etherscan.io/tx/0xe6c87c15e0f71640cb61be417a651a532b7321a12b2022203f6a16f2f3f64e4f got an exit in a transaction
https://www.blockchain.com/ru/btc/tx/a3191751822b488aed9be4712992271dfd51ff71f1a4f1c40df23c6e559b7894 . Hence, this is the BTC address bc1qun448hv5cudqlwrmghju58jnprkguy48emtj8a with subsequent outgoing transactions.
By examining the block conductors, we can determine where the EasyFi hacker sent funds:
1. Transaction to convert renBTC to BTC
https://etherscan.io/tx/0x2e575a4f490423bd49d79cce9a5f5b6067fb3aabcdd695ee9caa8fd91193d1c0 got an exit in a transaction
https://www.blockchain.com/ru/btc/tx/f0dafd9b6377bc2ed4899ab8a982ca23ce30b2c3f217e13f86a2e49a450397bc . So this is the BTC address bc1qfl085d0fxy8s6grja5qf8cgqvx8w94ufaygg9y with subsequent outgoing transactions.
2. Transaction to convert renBTC to BTC
https://etherscan.io/tx/0xf3932eb7ae1a0ad8c74b9e05e5b2a81333576e69d798805f06e816724596c077 got an exit in a transaction
https://www.blockchain.com/ru/btc/tx/e0d56ea73302b422b1f377e297f9581f133924fb1db5ceb7847ff22c80a8b956 . Hence, this is the BTC address 17WFZENdcgkCvVjENQWJnqwXyiCkgTdGbi with subsequent outgoing transactions.
3. Transaction to convert renBTC to BTC
https://etherscan.io/tx/0xf4316088f83c541027feaea0fdf798a844eda364ef7c965c9625d58da43ba30c got an exit in a transaction
https://www.blockchain.com/ru/btc/tx/c2949b10e22c3a235c08f2b78c6c839ea8955a5e89c69232627b31f77636f967 . Hence, this is the BTC address 1395hgVUB2P7yv145sRbt6Ykbi3qargnoD with subsequent outgoing transactions.
4. Transaction to convert renBTC to BTC
https://etherscan.io/tx/0x6cb20a995a7e722622d8648f7853b550fa04dae4f8fe5d9625f19025159a1d3c got an exit in a transaction
https://www.blockchain.com/ru/btc/tx/47d23bd06022cdafa62f038cf2b9e0b912d0ec0b1da884252ce67dbb8f8a3bd4 . Hence, this is the BTC address 1DzGYwnUKu9ukGBKm8kTvoezjfCQ2qLwYr with subsequent outgoing transactions.
By examining the block conductors, we can determine where the FinNexus hacker sent funds:
At the time of this writing, the FinNexus hacker has only made a deposit for Tornado Cash:
https://etherscan.io/tx/0xdfff5f1f94045f87569eca8100393861d847fb558115031aec4173b1dd9b5df4We can see the exit from Tornado Cash in the transaction:
https://etherscan.io/tx/0xa0346bf9cdb454e3e59fcd969ef351297f4850629d806f75992841a700b8b63aThis means ETH-address 0x996f5CcbF2856137744603b382dE559b78a096fC is the recipient to whom the FinNexus hacker sent 10 ETH using Tornado Cash.
Next, 0x996f5CcbF2856137744603b382dE559b78a096fC sent 3 ETH for address 0x487927e4c49ac6e03d0168dade4a400017197c65 in the transaction:
https://etherscan.io/tx/0x4cfd671ba3c6b376c9b56573f9727d3ae74155621e099b097bfc35ef5ecd4097Address 0x487927e4c49ac6e03d0168dade4a400017197c65 created 2 smart contracts:
- He created a smart contract 0x2dd4bffd9d4fc1fd48cca3b1e83d96ece4b51460
(
https://etherscan.io/tx/0xd476c5eef7664c38cb77d5dfe54295c64ac7a19f6bc020920fcdd825b1f0bc68)
- He created a smart contract 0x3c690e31359f83d7b82cbf105d9b71e813f016bb
(
https://etherscan.io/tx/0x0e117c3fbedbd8bd3cb549daa2fdeefa90bea46bc51632e1fb05caf296b6ca37)
Both of these smart contracts are created to interact with smart contract 0x606246e9ef6c70dcb6cee42136cd06d127e2b7c7:
https://bloxy.info/graphs/0x3c690e31359f83d7b82cbf105d9b71e813f016bbhttps://bloxy.info/graphs/0x2dd4bffd9d4fc1fd48cca3b1e83d96ece4b51460Smart contract 0x606246e9ef6c70dcb6cee42136cd06d127e2b7c7 belongs to the Bondly project (DeFi)
https://www.bondly.finance/.
I doubt the hacker is going to start some kind of fair play by making a simple tranche with Tornado Cash where he can be traced. Maybe now the hacker has chosen a new victim for a new hack and this victim may be the Bondly Finance project