Malicious Crypto Transaction Report 2 : Cryptocurrencies of hacker who attacked Cryptopia flowed to Yobit

Heejin Hwang
SOOHO Blog
Published in
2 min readOct 24, 2019

Hi, this is mara who is a data analyst of SOOHO.

The followed figure is a result that we tracked cryptopia hacker’s cryptocurrency flow. And you can check that some cryptocurrencies inflowed to Yobit.

Key figures

  • Amount taken from Cryptopia : 30788.732011 ETH
  • Amount flowed to Yobit : 1420 ETH
  • Amount flowed to EtherDelta : 9000 ETH
  • Amount deposited address in purple : 17,254.553271203880180626 ETH
  • Amount deposited address in green : 3,589.9961822 ETH

We confirmed that some of the leaked Ether from the hacking of Cryptopia on the New Zealand exchange in January 19 was deposited on the Yobit on September 22 and 23.

Flow of the cryptocurrencies

The below are the details of the movement of the cryptocurrencies.

  1. Amount taken from Cryptopia was total 30788.732011 ETH.
  2. Most of the funds are still deposited at 0x845f93f489b524f19864db6e0ab581c532b58d36 (approximately 17,255 ETH).
  3. During the transfer of funds from Hacker’s account to 0x845f93f489b524f19864db6e0ab581c532b58d36, 9,000 ETH flowed into EtherDelta in May after several carrying addresses.
  4. After September, 5010 ETH among the amount deposited at 0x845f93f489b524f19864db6e0ab581c532b58d36 transferred to 0xd759ea4c6e8e2c77b7e04eeebc1fac32ed332dcc
  5. Again, 1420 ETH among the 5010 ETH was transferred to 4 addresses that are included in Yobit.
  6. The remain — about 3600ETH — are transferred to 0x3a840d0164acca60292a6b594531dfc98af2701d and still stay there.

Therefore, it is required for Yobit to do further investigation for the relevant addresses listed below. In addition, each exchange should register the following address as Blacklist as soon as possible, and do monitoring.

Wallet address list

  1. Addresses related to Yobit
  • 0x41dd55d4671756896b488626a9ca0a0ea1201539
  • 0xc3c75adc57b71fa0cba5e25cdc378101993d29a3
  • 0xa488827ffd2d5a69e76946955f10f1fef0fb94fb
  • 0xa449b6bb309c4d959539552545400f041cc4ae4c

2. Addresses related to EtherDelta

  • 0xa53fd6e0b9765b8d6081827fbf43d36bdf2eb85e
  • 0xc5883084a66ac9e08379256269c18345ccefe458
  • 0x621e2e9f1cdc03add35ab930b074f9419f294045
  • 0x338fdf0d792f7708d97383eb476e9418b3c16ff1

3. Addresses required to monitoring

  • 0x845f93f489b524f19864db6e0ab581c532b58d36
  • 0x3a840d0164acca60292a6b594531dfc98af2701d

4. Addresses included in this money laundering

  • 0x30d4bffec44037f5fe9d4336968c573cba9d018a
  • 0x3fbaa73a433daa0f6c43d1c732c3f97a86f3a427
  • 0xd96ba527be241c2c31fd66cbb0a9430702906a2a
  • 0xd4e79226f1e5a7a28abb58f4704e53cd364e8d11
  • 0x7d90b19c1022396b525c64ba70a293c3142979b7
  • 0xd759ea4c6e8e2c77b7e04eeebc1fac32ed332dcc
  • 0xb7443e088232cd680ff20b7518eba2fc9e1b3c32
  • 0x552981f6e2ec9de9811e9490b7cac486c3a9dd32

If you have any request for cryptocurrency transaction tracking and analysis, don’t hesitate to contact to us. (contact@sooho.io)

Thank you.

--

--