Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
tag
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Diğerleri
TradFi
Rewards
Square
Latest
Hot
News
Profile

Analysis of the Bitrefill security incident and tracking of stolen funds flow

金色财经_vip
robot
Abstract generation in progress

On March 17th, Bitrefill officially disclosed a cyberattack that occurred on March 1st. The attack method shares many similarities with previous Lazarus Group / BlueNoroff cyberattacks targeting other cryptocurrency industry companies. Beosin’s security team combined threat intelligence and publicly available information from Bitrefill to analyze the attack techniques and fund flow, and the results are shared below:

Attack Method Analysis

According to Bitrefill, the attack initially involved hacking into an employee’s laptop and stealing old credentials.

Wallet access: Exported 18,500 order records in bulk, including user emails, encrypted addresses, and IPs; and forged purchase to deplete gift card inventory.

Stolen Funds Tracking

Combining threat intelligence and on-chain transaction data, Beosin used its blockchain investigation and tracking platform Beosin Trace to conduct a detailed analysis of the funds lost by Bitrefill, and the results are shared below:

Currently, Beosin has identified three addresses suspected of being involved in the Bitrefill hacking incident:

0x5a0128e21cb8dc515ab8c4e5079b1f0444e92763

0x3d79f9012a13fe7948daaee3b8e9118371450d69

TVfA8wz2quUvRvhqs8VtnCeMyV2VzFAW9R

The flow of funds is shown in the diagram below:

Flow analysis of stolen funds by Beosin Trace

Among them, address 0x5a0128e21cb8dc515ab8c4e5079b1f0444e92763 transferred 174 ETH to Tornado Cash. Due to the difficulty of tracing funds through mixing protocols like Tornado Cash, Beosin relied on its experience in tracing multiple mixing and money laundering cases. By continuously monitoring all deposit and withdrawal data, and analyzing transaction timing, amounts, and behavioral patterns through multi-dimensional correlation analysis, and using its proprietary intelligent tracking algorithm, Beosin penetrated the mixing fund chain and identified the withdrawal address: 0x3d79f9012a13fe7948daaee3b8e9118371450d69.

Subsequently, this address bridged from ETH to TRON via cross-chain exchange, converting 179 ETH into **413,763.75 USDT. Currently, this address, **TVfA8wz2quUvRvhqs8VtnCeMyV2VzFAW9R, holds a total of 575,212.91 USDT.

All these addresses have been marked as high-risk addresses by Beosin KYT. For example:

ETH-4,38%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments

  • Pin

Sitemap