Over 170 Bitcoins from the 2016 Bitfinex hack have been moved today over to another unknown wallet. Is the hacker attempting to wash the stolen funds, and if so, why now? Let’s take a look.
The 2016 Bitfinex Hack
On August 3, 2016, leading crypto exchange, Bitfinex, suffered a devastating security breach which resulted in the loss of over 119,756 Bitcoins (approx $953 Million). At the time, it was the most severe crypto exchange hack to happen since the infamous Mt.Gox attack and sent the Bitcoin market crashing by 20% in a single day.
Last month, funds from the hack were moved for the first time, almost 3 years after the event took place. Ten transactions worth over 300 Bitcoins ($2.38 Million) in total were redistributed into unknown wallets – presumably to begin washing the funds.
Earlier this year, Bitcoinist reported, that U.S. federal law enforcement agencies returned 28 of the bitcoin stolen that were retrieved from the criminals.
Now, there has been another report of a further 170 Bitcoins ($1.35 Million) being moved this morning via 5 separate transactions.
Bitfinex White Hat Hacker Policy
According to a Bitfinex policy listed in the LEO whitepaper – their new native platform token – it mentions that,
The company is working with industry leaders to create a procedure to offer the hacker the chance to safely and privately refund the majority of the stolen funds while keeping a percentage of them as reward for collaborating in finally resolving this issue.
Essentially this means that Bitfinex is now exploring ways to ‘reward’ hackers for returning stolen funds by allowing them to keep a certain percentage of it after the majority has been handed back. While many see this as an agreeable compromise, there are those that see this as a highly lucrative incentive for hackers to continue attacking centralized crypto exchanges.
If I am the hacker , there is a way to make legal money : negotiate with bitfinex for how much I can get for returning the fund , buy $LEO first with that amount of money , Then return the whole fund to @bitfinex and wait for Bitfinex to pump LEO 😂 https://t.co/Xjm2wyro1Q
— Dong Zhao (@zhaodong1982) June 7, 2019
Coincidental Bitcoin CoinJoin Event?
What’s even more interesting, is that Wasabi wallet just completed its first 100-person CoinJoin. Thus, the plot thickens.
Huge Congratulations – @wasabiwallet just did the first ever 100 person CoinJoin, likely the largest in Bitcoin History. https://t.co/kNkeHVBz28 A monumental achievement in Bitcoin privacy. Credit to the team @lontivero @molnardavid84 @nopara73 @dwuk86 @NicolasDorier and others!
— Aviv Milner (@milner_aviv) June 6, 2019
A CoinJoin is where participants transact value between each other in order to make it impossible to ascertain, which funds originally belonged to whom.
Funds from each individual are broken up and distributed between the group anonymously. Each person walks away with the exact same amount of funds as when they started, however this time the origin of their funds is much harder to trace.
A record of all the transactions can be found here.
The recent CoinJoin event was hailed as a ‘monumental achievement in Bitcoin privacy’ by many, but it can also serve as a useful tool for thieves to mask their ill-gotten funds.
While it’s unlikely that the 2016 Bitfinex hacker(s) were involved in the Wasabi wallet event, it’s only a matter of time before cybercriminals leverage these types of privacy-focused features in order to evade blockchain analysis tools and investigators.