The hacker’s identity might not be a mystery any longer. A Github user made a post on August 30 about losing 1,400 Bitcoin (BTC) through an elaborate hack that affected his Electrum wallet. N-chain analysis says that the hackers used a Binance account. They also said that some of the transactions used to move the stolen funds may have come from St. Petersburg, Russia.
Nevertheless, it is crucial to note that conclusions afforded by on-chain research are generally more probabilistic than deterministic.
Also, there is no clarity on how this attack was perpetrated. Electrum’s software is considered as secure if it is properly configured. The claimant said that the attack happened after he activated his wallet for the first time since 2017.
He claims that when he installed a software update, his whole balance was transferred to an unknown address. A 5BTC Binance withdrawal is two hops away from the scammer’s address. That withdrawal happened in January 2018. Nevertheless, the corresponding transaction number links with more than 75 different addresses, based on a Binance spokesperson’s comment. It is not from a specific user.
Changpeng Zhao, the exchange’s CEO, tweeted on August 31 that Binance has blacklisted the address involved:
Not your code, not your funds. Beware of this Electrrum official update. This guy lost 1400 BTC, and plenty of others lost funds too. https://t.co/5AaMKIXnFK
— CZ Binance (@cz_binance) August 30, 2020
After taking control of more than 1,400 BTC, the hackers started to move them around. They diversified their loot into smaller wallets. On several occasions, the bitcoin node that processed these transactions was tracked to St. Petersburg, Russia. But, it is possible that these thieves were using a VPN to hide their real location.