The hackers that attacked Twitter and managed to access its internal systems to hijack dozens of high-profile accounts have started to move their funds to peer-to-peer platforms and gambling websites to launder the collected BTC.
According to blockchain forensics firm CipherTrace, the hackers have started to use so-called peel chains to launder the funds. A peel chain is a chain of transactions that sees an original address move their entire BTC holdings from wallet to wallet, with each movement “peeling” a small amount of the total to another address. At the end of the chain, the funds are then moved back to one single wallet.
Often, hackers use peels chains more than once to throw off blockchain sleuths. The tactic, according to CipherTrace, is favored by North Korean hackers, as the firm claims hackers tied to Pyongyang have laundered over $100 million worth of cryptocurrency using peel chains.
Per the blockchain forensics firm, the Twitter hackers have been moving between 0.1 BTC and 0.15 BTC to cryptocurrency exchanges in India, the United States, and Turkey after moving the funds through peel chains, with one regulated exchange in Singapore receiving over 1 BTC from the hackers.
Twitter Hack Update: Scammed Funds Traced to Exchanges, P2P Marketplaces, and Gambling Site Over Weekend. The Latest: https://t.co/aWM0ZmxL22 #twitterhack #followthemoney #blockchainanalytics
— CipherTrace (@ciphertrace) July 20, 2020
The hackers have also been moving their funds to peer-to-peer trading platforms and crypto gambling websites in a bid to launder the BTC. While earlier reports suggested the hackers were moving their funds to CoinJoin wallets to mix the funds, they now appear to be using peel chains and gambling platforms to hide their tracks.
CipherTrace further noted it found a transaction going to an old Binance cold wallet that appears to now be inactive. The firm believes the transaction wasn’t made to launder funds or as a mistake, but to troll investigators following the funds.