335.9 BTC were moved to address 14RYUUaMW1shoxCav4znEh64xnTtL3a2Ek in this security incident and later in other UTXOs. You can explore the transactions using the above link. Fee rate used in this transaction was 66.46 SAT/VB. I would expect hackers to use a higher fee rate and not RBF transaction but it is possible that hacker planned it differently or it was an insider and whole incident is fake.
Three transactions that look interesting after expanding all the transactions involved:
Not sure but some of the BTC has been sold on some exchange is not labelled on OXT right now or some OTC market in India that works locally.
The screenshot of complaint which mentions few interesting things including two addresses, time, use of blockchain.info wallet and user activity. There was some malware thing mentioned in cointelegraph article which can be true but then you dont expect such stupidity from an exchange. Not sure why they think hacker is from East Delhi.
Greg Maxwell has mentioned important thing that most of the users and exchanges are using shitty wallets and services to manage their BTC holdings. It is irresponsible and unacceptable for an exchange to use blockchain.info wallet for their users funds. They should be using their own full node, cold storage and multi-sig to have a secure setup which can be managed by people who are competent and experienced.
I tweeted quoting Cashaa’s tweet that Police will not be able to do much in this case as they couldnt do anything in Coinsecure case. You can read my old posts to know about whole thing and I had also emailed several people including DCP, Delhi Police Cyber Crime Cell but no response yet or any progress.
I will update this post if there is any new information.
Blockonomics “wallet watcher” can be helpful to keep a track of BTC movement in this case: https://www.blockonomics.co/views/wallet-watcher.html
UTXOs that you can keep an eye on:
Bitcoin wallets: https://bitcoin-only.com/#wallets
Full node and Hardware: https://bitcoin-only.com/#hardware