Twitter hack update: What happened to the stolen BTC?

On July 15th, Twitter was compromised by a group of hackers, some of whom recently spoke to the New York Times in an attempt to clear their names.

The hackers were able to gain access to high-profile Twitter accounts, such as that of former U.S. Vice President Joe Biden, Tesla CEO Elon Musk, as well as Amazon CEO Jeff Bezos, and used their Twitter accounts to promote a digital currency scam, encouraging the millions of individuals who followed these high-profile people to send BTC to one of three wallet addresses the hackers owned. The hackers also created a few tweets encouraging followers to send XRP to a Ripple address, although no XRP was sent to the address. 

In total, the hackers received 13.1364 BTC across three BTC wallets.

Where is the money now?

Several blockchain analytic firms, as well as the FBI, are investigating the Twitter breach. The blockchain analytics firm CipherTrace has been closely tracking the hackers’ wallet addresses and says the hackers are moving the stolen funds to peer-to-peer digital currency exchanges, coin mixers, and gambling sites to cash out their stolen BTC and obfuscate their cash flows.

Shortly after the breach, the hackers began sending the stolen funds to digital currency mixers. According to CipherTrace, there were 11 outbound transactions from the scammer’s wallets as of July 17, with 10 of the 11 transactions consolidated funds into a new address.

On July 16, the hackers transferred 2.89 BTC from their wallet addresses to the Wasabi Wallet to obfuscate their transaction trail; and on July 17th, the hackers sent 0.1022 BTC to the coin mixing service ChipMixer.

Since then, the hacker moved:

  • BTC to an India-based exchange via TX ff0c4d2146c205ea9a01cee11909f59fc5ac81b69e283f3b0ee95717ff8d87b1 (July 18)
  • 0.0959 BTC to a peer-to-peer marketplace in TX f8e380571e3ff47241030b5f619d7b75504263614b322376443ecc44a3b0e7e3 (July 18)
  • 0.018 BTC to a digital currency gambling site via TX 7a662dcc4ed06007682ee8193f9119480841c1fd1329b74de9555c633b8e89ff (July 19)
  • 0.15 BTC to a US-based exchange via TX f5b27d96fd008fa78aa3e9d3ab3aa75552dab10a0aed97fc301750956ac8bf1e (July 19)
  • 0.04 BTC to an exchange based in Turkey via TX
  • 1cf7ac2aa8e9a31183138a3c89369ec8af2d3142e0346911bbd3406b3da4d305 (July 19) 
  • 0.0858 BTC to moved to a US-based exchange via TX 34e27f78f76656b743a2b18ba3c02a52c03a0b4b8d6924a22bb2bd8d5c749a8c (July 19)
  • 0.2 BTC to a peer-to-peer marketplace in TX c5422d2da844c89db9ae620d9dfaf1ba07a92049378e8117b59d3715b206282c (July 20)

CipherTrace also believes that the hackers sent a minimum of 1.08945 BTC to a mixer and then from the mixer to a Singapore based exchange.

That being said, it is estimated that a total of 1.58325 is on some sort of digital currency market-place waiting to be cashed out.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.