Investigating into the Fake iShares Crypto Exchange Campaign
Authored by: Uppsala Security SecOps Team
Over the course of 3 weeks, we have been investigating a scam campaign involving a fraudulent crypto exchange. This scam campaign involved the impersonation of iShares, an ETF provider under BlackRock¹, one of the world’s largest asset management firms. Based on reports we have received, the estimated sum involved in this campaign currently stands at $4.1M USD worth of lost digital assets.
This campaign was first brought to our attention through reports made via CoinSherlock², a platform borne out of Uppsala Security’s collaboration with Seoul ShinMun Daily, the oldest daily newspaper in South Korea. Through CoinSherlock, victims can report and request for investigations into crypto scams and tracking of compromised crypto assets, which will be handled by Uppsala Security’s Global Crypto Incident Response Center (CIRC).
We noticed that many reports over the past 3 weeks involved a few common crypto addresses and the following 3 domains:
- www[.]ishares-crypto[.]xyz
- www[.]isharesEx[.]com
- www[.]ishares-crypto[.]net
Modus Operandi of Threat Actors as shared by Victims
Based on information acquired and synthesized from the victim reports, we understand that the threat actors behind this campaign had promised profits on initial investments or deposits. They had also made use of messaging apps such as Telegram to reach out to potential victims, touting these investment opportunities and directing victims to the suspect platform. This platform was named iShares and promoted as a crypto exchange that also offered crypto futures.
Withdrawal of investment from the aforementioned fraudulent iShares Exchanges was promised to be allowed twice monthly but required users to pay a commission fee beforehand. This commission fee would be a variable percentage of their supposed profit earned and decreases along with an increase in investment — presumably to attract heavier investments from victims.
We understand that there were also subsequent issues faced where user assets were declared to be frozen, with the threat actor demanding additional ‘tax’ to be paid. There was, however, no clear promise that the assets would be unfrozen upon payment of this ‘tax’.
This campaign bears similarities to other scam investment or exchange platforms, wherein tactics such as impersonation of legitimate entities, promise of high return on investments, and demanding additional money to unfreeze or withdraw assets are used.
From the number of reports we received, volume of funds handled by the reported crypto addresses, and amount of lost assets reported by victims — up to 6 figure sums, it seems that this fake exchange campaign has unfortunately claimed quite a few victims and potentially amassed large amounts of stolen assets.
iShares Crypto Exchange — Real or Fake?
We shall first investigate the 3 domains identified via the reports:
- www[.]ishares-crypto[.]xyz
- www[.]isharesEx[.]com
- www[.]ishares-crypto[.]net
These domains were suspected of being used to host the fraudulent cryptocurrency exchanges platform and trying to pass off as belonging to iShares and BlackRock. As of time of writing, only the first is online — however, as we will see later, we have reason to believe that the domains could be linked.
Firstly, all 3 domains contain ‘ishares’, along with either ‘-crypto’ or ‘Ex’ (which could be interpreted as ‘Exchange’). This could be seen as an attempt to associate the websites with a crypto-related service or exchange provided by iShares.
Secondly, on the ‘About Us’ page on www[.]ishares-crypto[.]xyz, the threat actor had written on the background of BlackRock and mentioned that they were a crypto exchange launched by iShares.
Despite all the claims of being associated with iShares and Blackrock, a quick look into the still active domain, ishares-crypto[.]xyz, however, leads to multiple red flags on its authenticity.
Off-Chain Red Flags
BlackRock does not own a Cryptocurrency Exchange.
First, while there is news that BlackRock is looking into Bitcoin³, they do not venture into cryptocurrency exchange service, nor is there any news of them planning to launch one. This is the biggest red flag and clear indication on the authenticity (or lack thereof) of the websites.
Poorly Designed User Interface and Website.
Secondly, the website appears to be lacking user experience quality. The user interface seems to be poorly designed — navigation menu appears to be at the bottom, and there is plenty of blank, under-utilized space in the header.
We also found the language of page titles inconsistent. They were in Mandarin on trading pages as seen below, while in English on all other pages.
While these inconsistencies in design and page title language cannot be taken as a sure-fire indication of a scam site, it is extremely uncharacteristic for a company as large as BlackRock.
Unprofessional Presentation
The third red flag would be the poor language used on the site. Poor grammar was seen across the website, which is again, uncharacteristic for BlackRock, an American corporation. The difference is apparent if one is to compare the actual BlackRock website to this one.
Domains Validity
A deeper delve will reveal a lot more issues. According to WhoIs information, the domain ishares-crypto[.]xyz was registered only for a year — from the 5th of March 2021 to the 5th of March 2022. This trait is commonly seen in websites involved in fraudulent activity, as it is the minimum duration to register a domain. If a large corporation like BlackRock were to launch a cryptocurrency exchange, it is likely to be registered for a longer period.
This was also the case for the other 2 domains.
Interestingly, all three domains registrant information were from the same country, Thailand, in the same period of March and April this year. In fact, the 2 domains sharing the same name, ishares-crypto, were even registered on the same day — leading us to believe that these websites are part of the same campaign.
Broken links and empty web pages.
If a user were to click on the Whitepaper link on ishares-crypto[.]xyz’s About page, it would lead to the second domain, isharesEx[.]com — further strengthening the link between the domains. This domain is, however, down, and hence there is no way of accessing the Whitepaper. Besides broken links, we also noticed that they had a blank webpage titled ‘Rules’.
With that many red flags, including their false claim of belonging to iShares, we can be certain that these domains are fraudulent.
Tracking funds from the Suspicious Wallets
A key part of investigations into crypto-related scams and hacks involve transaction tracking and analysis, with the aim of identifying if any illicit funds enter Virtual Asset Service Provider (VASP) controlled wallets. Threat actors generally aim to encash their stolen assets after a successful heist or scam, and a possible route they could attempt as seen in previous cases would be through VASPs such as cryptocurrency exchanges.
Identifying such scenarios are important for various reasons. Firstly, control of funds would be transferred from the threat actor to the VASP upon depositing of funds into the VASP controlled wallet. If identified and flagged in a timely manner, these illicit funds could be frozen before they are successfully encashed. Secondly, in some cases, VASPs might also possess Know-Your-Customer (KYC) information tied to deposit addresses (user wallets). This information could be a critical and useful lead for law enforcement agencies investigating such cases.
Based on the information made available by the victims, we have narrowed down and will be focusing on 6 suspect addresses that seem to have been more heavily utilized in this campaign. Of the 6, 5 are on the Ethereum Chain and the last is a Bitcoin address.
Ethereum Chain (EC): Suspect Wallets
The 5 suspect wallets (SW) on the Ethereum Chain reported to belong to the threat actor are:
SW #1: 0x458b10fBFFe699E9C7F5c7749aF4a770a4a9DBf0
SW #2: 0x29d959ec2a9efb31e0b3a2e7ecb0342ebbcc31b8
SW #3: 0x5cC8750E61ca277AaA9D925ccfb8bd3882Bc5650
SW #4: 0x890d9D6d827d987EB83aF9d25b9C09Fe74192bd1
SW #5: 0x1ada1C6670D40ac7a0f46A5865BEe0e53A46e670
We will label and refer to them in the following sections as SW #1, #2, #3, #4 and #5.
As these 5 wallets are relatively new, with all transactions made after the earliest registration date of the scam domains, we will be tracking all funds that pass through them. These funds involve mostly USDT for the first 4, and both USDT and Ethereum for SW #5.
Threat Actor’s illicit funds have reached various Cryptocurrency Exchanges.
Through Uppsala Security’s tracking tools, our team was able to identify that fund from these 5 suspect wallets have flowed into user wallets (deposit wallets) of the following 13 cryptocurrency exchanges — Binance, Bitmax, Crypto.com, FixedFloat, FTX, Gate.io, Huobi, Kraken, KuCoin, MXC, OKEx, Upbit and WhiteBIT.
The list of the 175 user wallets involved can be found at the end of the article.
It should be noted that these are simply user wallets which we have identified to have received funds originating from the suspect wallets — but they may or may not belong to the threat actor. They could be user wallets belonging to third party services like OTCs (Over-the-counter) used by the threat actor or could even be wallets belonging to victims who had successfully managed to withdraw their invested assets, if any.
EC-Exchange 1: Binance
Funds from the suspect wallets were detected to have reached a total of 76 Binance user wallets. These funds were subsequently swept to different Binance hot wallets (Binance 0x3f5ce, Binance 14 0x28c6c). Except for the small amount of Ethereum originating from SW #5 that reached Binance user wallet #39, all other funds entering Binance Exchange were identified to be USDT.
Binance user wallet #1: 0x0b3f00124Cde1a7B6F9b88F7766839775B0ADd2e
We will zoom in on Binance user wallet #1 (0x0b3f00), which received a large amount of ~90K USDT identified to have been from #SW 1.
As seen above, funds moved from SW #1 to Binance user wallet #1 (0x0b3f00), passing through 2 different wallets. These funds were subsequently transferred to Binance hot wallet (0x3f5ce5).
Of these ~90K USDT, we further detected that 43K USDT and ~9970.409 USDT had originated from SW #4 and SW #5 respectively.
EC-Exchange 2: Bitmax
Bitmax user wallet #1: 0x46cd7b0810BD914D91912112dD284f4c233f8916
A total of 1000 USDT originating from SW #5 was transferred to a single Bitmax user wallet #1 (0x46cd7b) across an intermediary wallet. These funds subsequently got swept to Bitmax 2 hot wallet (0x4b1a994).
EC-Exchange 3: Crypto.com
Funds from the suspicious wallets were observed to have reached 2 user wallets on Crypto.com, which subsequently got swept into Crypto.com hot wallet (0x626299).
Crypto.com user wallet #2: 0x62034b12ed809D5236F4120CCe24F1BA0f8bAeE6
We will look at Crypto.com user wallet #2 (0x62034b), which received the larger amount. A total of 3,515 USDT originating from SW #5 was transferred across 1 wallet to Crypto.com user wallet #2 (0x62034b), which subsequently got swept to the Crypto.com hot wallet (0x626299).
EC-Exchange 4: FixedFloat
A total of 27,533 USDT originating from SW #5 was transferred to a single FixedFloat user wallet #1 (0xe601A) across different paths, which subsequently got swept to FixedFloat hot wallet (0x4e5b2).
FixedFloat user wallet #1: 0xe601A2e78a5ea55E149C5b57f8a440121af3ec66
An example of one of these paths is shown below, where funds originating from SW #5 had passed through SW #1 before ending up at FixedFloat user wallet #1 (0xe601A).
EC-Exchange 5: FTX
Funds from the suspicious wallets were observed to have reached 2 user wallets on FTX Exchange, which subsequently got swept into FTX hot wallet (0x2FAF48).
FTX user wallet #1: 0x09115Fb3750582440DA65a7B9de74A9d2bD26B0B
We will look at FTX user wallet #1 (0x09115). A total of 15,015.09 USDT originating from SW #2 was transferred across 3 different wallets to FTX user wallet #1 (0x09115), which subsequently got swept to the FTX hot wallet (0x2FAF48).
EC-Exchange 6: Gate.io
Funds from the suspicious wallets were observed to have reached 2 user wallets on Gate.io Exchange, which subsequently got swept into Gate.io hot wallet (0x0D07079).
Gate.io user wallet #1: 0x90c401cF2199Ba729D75f4Cf8Ad41c7c960D48Db
Gate.io user wallet #2: 0xFDd4254f9beD17Dbc82EF642A21C5BDf40BB60C6
Both user wallets were seen to have received large sums of USDT originating from SW #5 at 110,290 USDT and 48,764.27 USDT, respectively. Below, we look at one of the money flow paths from SW #5 to Gate.io user wallet #1.
EC-Exchange 7: Huobi
Funds from the suspicious wallets were observed to have reached 39 user wallets on Huobi Exchange, which subsequently got swept into multiple Huobi hot wallets or OTC related wallets.
Huobi user wallet #5: 0xF7119c17d120f1410DB0077e46256eCe3C0DA243
Huobi user wallet #6: 0xC0482C63A03c483B0fFaF8877289EC2CB579c37c
Out of these, Huobi user wallets #5 (0xF7119) and #6 (0xC0482) were observed to have received large amounts of tracked funds originating from SW #1. These funds were subsequently sent to Huobi 4 hot wallet (0xeee28).
As seen above, funds were transferred from SW #1 to the 2 Huobi User Wallets in question, and subsequently ended up in Huobi hot wallet (Huobi 4, 0xeee28). We detected a total of 11,317 USDT and 53,000 USDT originating from SW #1 that hit into Huobi user wallets #5 and #6 respectively.
Huobi user wallet #13: 0x3C09872B77b3340FC26A34C2487f11890b98FFcb
Another seen to have received large amounts of funds was Huobi user wallet #13 (0x3C0987). It had received a total of 80,200 USDT originating from SW #5.
EC-Exchange 8: Kraken
Funds from both SW #1 and SW #2 were seen to reach Kraken Exchange through a single user wallet (0x6F1CFE) via multiple paths.
Kraken user wallet #1: 0x6F1CFEe3C8f113b77A85F172027950709D043339
An example of one of the paths originating from SW #1 is shown below. This path involved fund transfers across 3 different wallets, one of which was SW #2. These user funds were subsequently swept into a hot wallet owned by Kraken (0x89e51f).
EC-Exchange 9: KuCoin
Funds from the suspicious wallets were observed to have reached 3 user wallets on KuCoin Exchange, which subsequently got swept into KuCoin 3 hot wallet (0xa1D8d9).
KuCoin user wallet #3: 0x754Cb3E18A7Bc240D4b979Ae1f87c2417d25657a
We will look at KuCoin user wallet #3, which received the largest amount. A total of 2,850 USDT originating from SW #5 was transferred across 1 wallet to KuCoin user wallet #3 (0x754Cb3).
EC-Exchange 10: MXC
Funds from the suspicious wallets were observed to have reached 3 user wallets on MXC Exchange, which subsequently got swept into MXC 2 hot wallet (0x0211f3).
MXC user wallet #3: 0x1728B329354ecC9Aa21a45FA50f1f76041A5e015
We will look at MXC user wallet #3. A total of 2,280 USDT originating from SW #5 was transferred across 1 wallet to MXC user wallet #3 (0x1728B3).
EC-Exchange 11: OKEx
Funds from the suspicious wallets were observed to have reached 6 user wallets on OKEx Exchange, which subsequently got swept into an OKEx hot wallet (0x5041ed).
OKEx user wallet #6: 0x1F772F301fA91e475a4c069B6F42D498a981bb42
We will look at the last user wallet #6, which received the most funds. A total of 5,357 USDT originating from SW #5 was transferred across 9 different wallets to OKEx user wallet #6 (0x1F772F).
EC-Exchange 12: Upbit
On the Ethereum Chain, funds from the suspicious wallets were seen to reach 7 different Upbit user wallets, which were then subsequently swept into multiple Upbit hot wallets. Interestingly, these funds hitting into Upbit Exchange all originated from SW #5 and were mostly Ethereum.
Upbit user wallet #6: 0x432033662Ee50251d934a31367A9473a4Af4A6Df
We will look at the user wallet which received the most funds — Upbit user wallet #6 (0x43203). This user wallet received 0.8147 ETH.
EC-Exchange 13: WhiteBIT
Funds from the suspicious wallets were seen to reach 32 different WhiteBIT user wallets, which were then subsequently swept into a WhiteBIT hot wallet (0x39F6a6).
WhiteBIT user wallet #9: 0x9374b739Cf6F623a359cE4Cd922dC983015Aa853
We will look at one of the user wallets which received a relatively larger amount of funds from the suspicious wallets — WhiteBIT user wallet #9 (0x9374). This user wallet received 1451.76 USDT originating from SW #2.
Token Swapping via Decentralized Exchanges.
We observed that the threat actor had carried out swapping of tokens for some funds originating from SW #5. These swaps were seen to have been executed mainly via a decentralized exchange called Tokenlon and were predominantly between ETH and USDT.
An example of such a swap is seen below, where SW #5 did a swap of 20 ETH for ~41,896 USDT via Tokenlon DEX.
Tx Hash: 0x06cc05f5d87df604440363faed234a180e62322c8d1c7c46f5039a010ce77f54
Some of these swapped funds were detected to have ended up at a few centralized exchanges too.
Flow of funds from Suspicious Wallets show that they are related.
Through money flow analysis, we have also managed to establish links between these suspicious wallets.
As mentioned earlier, the money flow from SW #1 to Kraken Exchange had passed through SW #2. Funds originating from both SW #4 and #5 were also detected to have passed through SW #1 over multiple transactions and hops, including those seen earlier in the money flow analysis to Binance user wallet #1 (0x0b3f00).
Additionally, some funds from the suspicious wallets have also been detected to end up in the same exchange user wallets. Even though USDT outflows from SW #1 have not been detected to pass through SW #3 and vice versa, we found that USDT from both SW #1 and SW #3 have ended up at the same Huobi user wallet (Huobi #8–0xb126E).
Bitcoin: Suspect Wallet
Moving on to Bitcoin, we will carry out transaction flow analysis on the 1 suspect Bitcoin address:
BTC-SW #1: 3LyL836J7vuxMm2LBLbbEo14BoxNgwYqHV
Likewise, funds from this suspect BTC wallet were also detected to have reached VASP entities. These entities include 2 cryptocurrency exchanges (Upbit and Huobi), and a known entity (HaoBTC).
BTC-Exchange 1: Upbit
As seen below, funds from BTC-SW #1 were seen to flow to 2 Upbit user wallets (37Q3La5, 31hmgo). They were subsequently transferred to 3 different addresses also belonging to Upbit Exchange.
The 3 destination Upbit addresses and the value of funds they received from BTC-SW #1 are:
- 3Mptox8RPyC8x67gQCzxfs98ENqLGAMi8h — Received 0.1462 BTC
- 3F3oXPkBMgMxcKsySrue16ySmVsLJYV7zG — Received 0.1304 BTC
- 351yZhnPPbV8Y9C4NBaK1w4GSoRkUzUaU7 — Received 0.1596 BTC
BTC Exchange 2: Huobi
Funds from BTC-SW #1 were also seen to have reached Huobi Exchange. The amount of funds received by Huobi is notably much higher than that of Upbit.
As seen above, funds from BTC-SW #1 were transferred to 1AmajNxtJyU7JjAuyiFFkqDaaxuYqkNSkF, which was identified to belong to Huobi Exchange. The amount involved was detected to be 4.6714 BTC.
- 1AmajNxtJyU7JjAuyiFFkqDaaxuYqkNSkF — Received 4.6714 BTC
BTC Entity: HaoBTC
Lastly, funds from BTC-SW #1 were also detected to reach a known entity identified to be HaoBTC. HaoBTC is a wallet provider entity that provides BTC wallets to users. They previously provided Crypto Exchange services, but no longer do so. Despite that, the wallet used previously by HaoBTC as a hot wallet (32rtpdd4) is still active and was also seen to receive 2.2607 BTC from BTC-SW #1.
As seen above, the funds originating from BTC-SW #1 passed through another wallet (3EdBupC), before reaching the HaoBTC wallet.
This intermediary wallet 3EdBupCc8P2e8AKYdG72HSoLqh92tu3SH1 was identified as a Private Wallet which was created from HaoBTC.
- 32rtpdd4FMgc5pRWcx7KXEW2isKkGAncya — Received 2.2607 BTC
More than just Fake iShares?
When tracking the money flow, we realized that one of the identified user wallets, FTX user wallet #2 (0x87dBF716a9) had already been blacklisted in our Threat Reputation Database. It had also received illicit funds related to previous scam reports received by our team. These reports involved 2 main domains –
- wap[.]coinbene[.]shop
- coinbene[.]world
Like the iShares domains shared earlier, it seems that these domains were also trying to impersonate a trusted entity — this time, Coinbene, a cryptocurrency exchange.
This all suggests that the fake iShares exchange campaign might just be part of a larger fake exchange campaign, all carried out by the same threat actor.
What can be done?
Though difficult to retrieve one’s stolen assets, it is however not entirely impossible as seen here. In this previous case, the victim managed to retrieve his scammed assets with the assistance and analysis provided by our team.
As the stolen assets in this campaign have been detected to hit certain VASP entities, it might be possible, depending on their jurisdiction, for victims to reach out to an appropriate Law Enforcement Agency (LEA). In turn, these LEAs might be able to officially open investigations and formally seek cooperation from the VASPs involved, just like what happened in the previous case.
Steps can also be taken to further protect oneself against future crypto scams or phishing websites. Besides familiarizing with potential red flags, one can consider utilizing professional cyber protection tools from trusted Security vendors. One such tool would be UPPward, a free-to-use browser extension developed by Uppsala Security. UPPward is powered by crowdsourced threat intelligence verified by our team of Security analysts and helps flag suspicious or blacklisted sites visited by users.
Falling victim to a crypto scam is indeed a traumatizing experience, especially when you are not equipped with the proper tools and expertise to track your stolen assets.
Here at Uppsala Security, we offer a comprehensive suite of tools that help you or your organization stay compliant in the Crypto space and keep your Crypto assets safe. We also provide Digital Asset Tracking Services to both individuals and companies who require help tracking down their assets.
You can find out more about CATV, our Transaction Tracking tool which we used for this investigation here.
If you require Digital Asset Tracking services, please email us at support@uppsalasecurity.com (Global), or visit our website https://uppsalasecurity.com/ko/trackingsvc/ (Korea).
List of Exchange Wallets detected to have received funds originating from suspect wallets:
(Ethereum Chain) EC-Exchange 1: Binance User Wallets
#1: 0x0b3f00124Cde1a7B6F9b88F7766839775B0ADd2e
#2: 0xc1c904d2686cf7e5f972995d5a4950005d238c40
#3: 0x613263695b90ac0f1e8858a7971d438f6f5a6b74
#4: 0xa2503e16b68f1979a33a2ee326475a9b803ece9a
#5: 0x635df389ef13bdf402ca7d2525c52abf836dcbeb
#6: 0xdbb4036df266409fa9fc6414172414fa9a0ad5f9
#7: 0x07bfff01d12e8374d04cf4b21bd803e9f130cc3d
#8: 0x7d94109c90e25dec9f4c1f7e7e8448460649c019
#9: 0x1c457a710140f5bf42142248efdc773aaf7e62cd
#10: 0x4bf0e0bcdbb7d4b45d277bfdfb2895e1f64b805a
#11: 0x1e0c546e6431e87784d15d2bcd1208fc898643d2
#12: 0x6e32b069038d255df455993248dfb7b427fbec0d
#13: 0xa503ed5959744cd66ac2cfa162c184aeff32c496
#14: 0x2e557836289d680b59bf1c715f735f01a7efaf6d
#15: 0xae10d16e51b6aafec52e9d69e37dd5a3fe9fafda
#16: 0x58733c11343e003be1855ec8d7f0b91f22622fc6
#17: 0x9b7072ebb23128aba60cc3d33ac6db6eef345477
#18: 0x4733907994e8da8d49aaebf932fc6640fb6413b1
#19: 0x51f4Ba56b6b4B91845CC4512828BA8a88C589975
#20: 0xD0A14240bfA9B95ED4D8b68ffe81eE42eC6dbe9b
#21: 0x9006e170f8CBcf60812E40c6795b7eD0939199e1
#22: 0xE539cF84AE5270DbB41dD382D0b8848535a8Ba57
#23: 0x99ed9b1d168Eb86CaF1692EF6403b7C8C8Ac9307
#24: 0xc0151c47f93e836c495534c8a1ae093665090Ce8
#25: 0x2Bda85bc56b0e82F9112509d646bb6CA6CDD3bC4
#26: 0x81E3DB97388810b96E0dA842C1290B9D834cEf6a
#27: 0x77999f718d2EE19ef6fd7f328d1d670978C2BAA5
#28: 0x8387c16C4aE61aA3e908B8F83E385D5957Ed68EB
#29: 0x717651808759897Aa265d1d20FDb49de507aeBDD
#30: 0x6D6d75800F94cC5f350df5237937b3402047E4E6
#31: 0x0Cc8a451B7A0d639d65b1afed66Aa7789CE19Cab
#32: 0x348B86104C13bAe7B8f7243737363D9DEf85082f
#33: 0xe092672f6AC84D2094359d548d8f68fC571A8E74
#34: 0x8f533a9939F386Bf3C42F84F4480c22c0F353ecF
#35: 0x6447a0652712675f73B4b9FeE4fD2a4b614B901a
#36: 0xc63a4a68a225D0EA68F903936bEf826566e28E53
#37: 0xf9aefa55d69Ed028e0dbd362D508B251d95f9217
#38: 0xD5B75786735bdb2ad67231CB16eb5f1b814e6712
#39: 0xf9098656110016D6F213c22813FBD1Ee68BFdd45
#40: 0x88D21dDCa923af0D3ae4eDc103f60B88Ed98EACd
#41: 0x87a74F697e8c710110c8eBF87196C9D29d2754C0
#42: 0x9e97a4aD8A2d4118a3F77b0D92B7161935E0E1eB
#43: 0x442Ea0f47b7370e2E489B668c30779d8d77f3412
#44: 0x10a138ace2f046d01b0e07ec9dc4db56d86fbf51
#45: 0x443b5160d2d9052ccddf3ec395a049b98c284c34
#46: 0xd202c0383e784d6fddbf7cda79e3d14c6a98fe7e
#47: 0xe577a5897e746787c377e9aebc803bcb979fabb3
#48: 0x909d223735d073dafdb3d8554aa51719affd9193
#49: 0xd9a58784cfc80a30dcc9f586529c47f725f15a1c
#50: 0x95bb6089b3118cbca6eedf147438203deb75cf5e
#51: 0x1176372247b36e2192192485e74f64d38a5bbaad
#52: 0xfe0a8ec1627d2bd2c511db4dad53a25c19b87fc0
#53: 0x5cf42a5bdaa2f6db05877abd9ddf274de88dde1c
#54: 0xf530944a7eab6780dfe5ec6e980a8f957899eb83
#55: 0xec56482c90b3f8a6c605f74487ecc4546ee54270
#56: 0xbfa35dd5292b765e98f91d492819b8f5aa4d73b2
#57: 0x8c9feab899d2506f6940c63c6e995f1efc3f3f04
#58: 0x9843a8f2f2cb05fdc52b639392eb3257db4e719c
#59: 0xa9c1f1a83b3f0be3787833be3515465017380dc8
#60: 0xef6a2779f670f65c58f2d61c9674d9c49842c279
#61: 0x010c0684ecb89ba6e9d31f9c99284fb8f474efc0
#62: 0xfac2a5e21a947f417498a29a7bd41ab2f54452eb
#63: 0x5004e16647d24ea940a94e7a3bf14f1a8ad74681
#64: 0xd402962714883f29899604a4218f8896cf24dfa8
#65: 0xab47cb5d24ce0189b49cf8363cd86f72511bc176
#66: 0x74bfd0630431A49D5fE2fA90984a2f0Bb2e83A27
#67: 0x61044eE203818f443D146D592F080152A1Df7303
#68: 0x3bFCabFfcc1Df310f6dD9bca46313c7195B85786
#69: 0x465027555588D22Ff1770A2cecB66555A14A677b
#70: 0x9328b2e4074d4235eCD89b245877540B348D4d18
#71: 0x732aCf2c12378301939C6878201703e3f19506c7
#72: 0x40B55F358233Ec64cf363C70a58254626a4a329b
#73: 0x5942725d074a3e6B4381cC24b9A98cD6C798f5B4
#74: 0x98F5c0f12c219a64a0719Ad5D24fc217dd4cB087
#75: 0x9bB4381F58188Bf11DA82c7d5bbF7ADf1f815030
#76: 0x9c31DF08475785DfB5D53b6969b9658b0296cbF8
EC-Exchange 2: Bitmax User Wallets
#1: 0x46cd7b0810BD914D91912112dD284f4c233f8916
EC-Exchange 3: Crypto.com User Wallets
#1: 0xA69E8Ff6971db17601CC06c45c248e308Be8B142
#2: 0x62034b12ed809D5236F4120CCe24F1BA0f8bAeE6
EC-Exchange 4: FixedFloat User Wallets
#1: 0xe601A2e78a5ea55E149C5b57f8a440121af3ec66
EC-Exchange 5: FTX User Wallets
#1: 0x09115Fb3750582440DA65a7B9de74A9d2bD26B0B
#2: 0x87dBF716a9bF6281FAfEeb79263D5f485d71B1d0
EC-Exchange 6: Gate.io User Wallets
#1: 0x90c401cF2199Ba729D75f4Cf8Ad41c7c960D48Db
#2: 0xFDd4254f9beD17Dbc82EF642A21C5BDf40BB60C6
EC-Exchange 7: Huobi User Wallets
#1: 0x1536B525d3E607139d7D6bb7e6Ee62f94acda41A
#2: 0x44f4C77495C4EBC3aB2A78B871bA3b5d10F7FA52
#3: 0xbE9e4ff77461f8c27E3A0bd4b3d9D8778235337f
#4: 0x3cC1C0eca5d08f32FBC0DF12c86BD8F1507D9c31
#5: 0xF7119c17d120f1410DB0077e46256eCe3C0DA243
#6: 0xC0482C63A03c483B0fFaF8877289EC2CB579c37c
#7: 0x54B5Afe1980dc61c165d1016245495C3d157ebf4
#8: 0xb126EF7C21093af8986CEE2b49d6695DfaC9470B
#9: 0x6ddCBA24821b4752F6ebeE92A20b52E5c47bfA23
#10: 0x0a9e37Ba38A299F3Ed202ac2F1156433A721dEc2
#11: 0xDed6D13230fCa0Ebb487D29b1019d6b154C173A6
#12: 0xa70fDA94bFDEc6e0A3D439B82745B1E0cE302564
#13: 0x3C09872B77b3340FC26A34C2487f11890b98FFcb
#14: 0x48B563C07bDc522FF4C9D322c6D169D759a4040E
#15: 0x3F11E6120D624E7a12837fbC78AE029103CAe9eD
#16: 0x55259eC47705B919F81474DBb33b97A4aF0c08Fa
#17: 0x7C5D76f445DC18b19d99869d6A4862B2dda9d0d3
#18: 0xC63301165a0493DF65312B94ac22Aac9AD4dA664
#19: 0x8572DC2a1230eA025c77bEDF4836cbf1200CCe6d
#20: 0x23c055F139a446a45EF2E088174cdC3f45d8F97F
#21: 0x8a3B2554e5A522c3f726638488C17D4a7E0B5b42
#22: 0xeD23a52499BaA017F1e28599e8B4DA2E1148431c
#23: 0xF63d50612cC07A04258a9083883045691fe11993
#24: 0x1311f7970d7a8b9C9405F6f68E120D3417604f51
#25: 0xE81dc638C99F07f7a6552863ae26A7e6E1140463
#26: 0x87935ce3B9a35cDdA8f5fa10710290Ca3f32d4Ee
#27: 0x8E427b1ba41c918E1B66f63C4ec7EFa5DEe70dE4
#28: 0x64A2Aa4558a64B16075136d7Ac0d712B9CC11987
#29: 0xcab799eb1d1410B2E58e505869CfB6cE07f9AecB
#30: 0xF191a9539C693343800FE38c2B0923777b9F0B20
#31: 0x0AeeEb68e2E2f2ba6412DeEC6CbBA91fc3b8c9ED
#32: 0x9E805d4CEdF1aD13106090FeE6074af271eD081e
#33: 0x08f2d25361A5Bc010F357863A3aef4158B8D1C32
#34: 0x68C37F88A72d714318AD762a24949efA22D537b1
#35: 0x76EF22a45C7ab8aA6AbE5EA065e8d449CfB93F6A
#36: 0x7F25Afa0E2619089d3b6747c66c3a59CFb887fdB
#37: 0xF47eD80137A86bbE143007c962245Ef388ada58D
#38: 0xc622f2ba648Ff8d22d420D33ef68D91c45cC7Fd8
#39: 0xe37b530B71b480Dc6B537DFDb013Dd2724904344
EC-Exchange 8: Kraken User Wallets
#1: 0x6F1CFEe3C8f113b77A85F172027950709D043339
EC-Exchange 9: KuCoin User Wallets
#1: 0xC50dD832DF176C99951E9f1D240f8281Ba4Db95e
#2: 0xd9F99A4d70B4e099e155744815655025Aee3E8DB
#3: 0x754Cb3E18A7Bc240D4b979Ae1f87c2417d25657a
EC-Exchange 10: MXC User Wallets
#1: 0x7B64Afd0AdEa1DDC4af31d0C9F62693c392BDb3F
#2: 0x908657B0339B600337ADe727Fd53Fd5050D64526
#3: 0x1728B329354ecC9Aa21a45FA50f1f76041A5e015
EC-Exchange 11: OKEx User Wallets
#1: 0xaE2EB981093Ba63047384C83aaFeEe3cc589647C
#2: 0x7a5b874434f52324be09fdcE383e49141921f3FC
#3: 0x48411f166141dEfAF063C5Df0259C7eAfc9Fde8E
#4: 0xb5A122be082bd4B3bc74785357713392e0eaa6d2
#5: 0x9cb7b8749d77776dADb7ddc67e259a76AF72A898
#6: 0x1F772F301fA91e475a4c069B6F42D498a981bb42
EC-Exchange 12: Upbit User Wallets
#1: 0x79C2e18125c7ed7267bd719B4467ff2b7a61969c
#2: 0xD4999e39D377eB130E1697D58f34EB871F38b5f0
#3: 0x04Ae6C78fCf0707C33C882f3940b19712a8d658E
#4: 0x438B1669dA15cF4813a152b51113610E6f16bDcA
#5: 0xaa1F74EF9DC35C7b6DE50972c8C55aeC52C14f2A
#6: 0x432033662Ee50251d934a31367A9473a4Af4A6Df
#7: 0x1836DB4ed50f36b5463B7880514459472Bd09733
EC-Exchange 13: WhiteBIT User Wallets
#1: 0x49511C6D1A1Ae4123bA4ed0ABF46A557D747E4AF
#2: 0xEd74E00BA0f1236f13BcE2Ac626C72c43816a3b1
#3: 0xC350E8a67dB7D8c1Cfc0AE564b052EfF1A1156f4
#4: 0x38E73b184f22A01cA86bB43c13ea6a08b878eDe9
#5: 0x34241f4C8832f100987266738946B41cEE375D20
#6: 0xa7De17ec8f855035DBFEcD4CD4764f4a8c8ac90D
#7: 0x75B5E7D7181917Af3A1bCEa8900Fea4D5BBd9b3c
#8: 0x839DE8F71A13AFFa359787ac201F90057f54061e
#9: 0x9374b739Cf6F623a359cE4Cd922dC983015Aa853
#10: 0xe2073d8493bA9068a9BA618997ea2c6cCce152F7
#11: 0xE6C2643a7d5409027AA6B3C3300CCBE69A57cC85
#12: 0xeB9a0b67bB13982447a3975147f8974Ab747Be5a
#13: 0x3E86b5418E438eCA30Dd82fe4361ad740dF2566C
#14: 0xE92aFA2735d9E55B11581187b9A1B9B2925Eb139
#15: 0xCd667c8F134635F9Df9e67FF534b7D70987370Fa
#16: 0x3A58563C1266EE710Ed504CaE679cF0ED29a5807
#17: 0x204219000Ef86FE0268DF75ef70B45e5Ee79044C
#18: 0x2d27e47C22756ED19440D3e0090e70b5aa0e5437
#19: 0xb7FC204beAE85Df26b23ECD6B6af9c961b7c42eD
#20: 0xe0e7E0bbea799B9FbE92D878dD5aC7194a455856
#21: 0xe001E4238f6D5e47183Fea2cBC0673E725720D6C
#22: 0xb46597142522bf721e83e2D85B7b54F09Cb678Da
#23: 0x4719781fAE0a3A27B19c2DC50B1678845fc3Cdca
#24: 0x0092a68002f9F01599A49e9b8d1C8cf512871040
#25: 0x7dE4Cb773c3C44a1534e6a61B085A7Df7AE29D07
#26: 0x517505a1b5E4FB129E0cC842a731bCE433Bc2534
#27: 0x179850e20d23af4A04A6F761e5f655123f6137c8
#28: 0x6d1a4babdfDd53d78F16B844830d9ad13d5147Ed
#29: 0xFffe9eB0C00e48Ed24A86E0294AFAb118D214f8c
#30: 0x4e87435d3DcE46068f8B844f4195a6D68A1f9241
#31: 0xF70d34992EF477DF6A0C5E74b53BEa2bBe068B84
#32: 0xD2ffA6c0A68ce9D73809283DFdbb71e8e67eE590
BTC-Exchange 1: Upbit
#1: 3Mptox8RPyC8x67gQCzxfs98ENqLGAMi8h
#2: 3F3oXPkBMgMxcKsySrue16ySmVsLJYV7zG
#3: 351yZhnPPbV8Y9C4NBaK1w4GSoRkUzUaU7
BTC-Exchange 2: Huobi
#1: 1AmajNxtJyU7JjAuyiFFkqDaaxuYqkNSkF
BTC-Entity: HaoBTC
#1: 32rtpdd4FMgc5pRWcx7KXEW2isKkGAncya
