Privacy protocol RAILGUN said the 4,064 bitcoin stolen in a high-profile security breach on August 19 did not receive any privacy benefits on its platform.
The platform clarified that the stolen funds were deprotected and returned to their original addresses as they were unable to generate a Private Identification (POI).
The breach, one of the largest in recent history, was first reported on Aug. 19 by on-chain sleuth ZachXBT, who revealed that a suspicious transfer involving $238 million worth of BTC had occurred approximately 12 hours prior.
Violations
The breach targeted Bitcoin millionaires, resulting in the theft of 4,064 BTC from victim wallets, with initial reports suggesting the wallets may belong to Genesis Trading creditors.
Notably, this wallet had received 642.4 BTC (worth roughly $37.73 million) from Genesis Trading's bankruptcy distribution wallet just two weeks prior to the breach, while two years prior to that wallet had received 2,173 BTC, worth $127.6 million, from Genesis Trading.
The exact method of the hack is unclear, but experts believe the attackers may have used a combination of phishing, social engineering and exploiting security vulnerabilities in the wallet.
The incident raised widespread concern within the cryptocurrency community, highlighting the ongoing risks associated with holding large amounts of digital assets and the vulnerabilities of existing security infrastructure.
Blockchain forensics teams are working to trace transaction paths to identify perpetrators and recover stolen assets, but the use of multiple platforms and privacy-enhancing tools makes the task particularly difficult.
Trading History
During this breach, stolen bitcoins were cleverly and quickly moved across multiple platforms, including THORChain, KuCoin, ChangeNow, RAILGUN, and Avalanche Bridge.
Detailed analysis of transaction history revealed the meticulous strategy the hackers used to distribute and conceal their stolen assets.
After the initial theft, the 4,064 BTC was quickly split into smaller amounts and transferred across various platforms in a complex series of transactions designed to make it difficult to trace the funds' original source.
However, when the hackers attempted to use RAILGUN to secure their funds, their attempt failed: the stolen bitcoins did not meet the privacy standards within RAILGUN, so they were de-secured and returned, leaving the stolen assets vulnerable rather than protected by the intended privacy protocols.
The transaction map also shows that some of the stolen bitcoins moved through the Avalanche Bridge, which likely facilitated cross-chain transfers, a step that further complicated the hackers' efforts to cover their tracks.
In addition to using these platforms, the hackers also used mixing services to further complicate the traceability of the funds, effectively combining multiple transactions to conceal the origins and destination of their Bitcoin.
As the investigation continues, the breach serves as an important reminder that cybercriminal tactics are evolving and the need for continuous innovation in security measures.
Mentioned in this article