Tx: 2e901e2455e38a250504528af5f7e3ccb2a6626a6fa74e5d434c63cedb0966d0

One output ANON-1672652767 goes to Huobi, looks like its the favorite destination for all the hackers, scammers etc. I will focus on the other output in this part which goes to “Bitcoin Fog” a darknet centralized bitcoin mixing website which has even been reported as scam by many but still used.

This 0.2 BTC output from Bitcoin Fog is surely associated with the hacker who sent BTC to the tumbler because it is used as input in a transaction which also spends a UTXO linked to original transaction in this case.

So now we are looking at tx: https://www.kycp.org/#/1b2b2d179c35284c099c4e2b00003b1669b55ea812be7148258e316e1128b179

I will follow the output with 88 BTC because we are following an amount more than 0.01, it might take us to an exchange where the hacker tried to cashout after mixing.

BTC moved from the address and few others to 2 outputs after few days, this most probably is an internal transaction done by an exchange from hot wallet to cold storage.

And the above transaction shows that it was Bitstamp.

The two squares you see in the end are unspent transaction outputs which may not belong to hacker and most probably Bitstamp addresses.

Conclusion: The hacker used a centralized mixer on darknet, still we could track one of his outputs to an exchange. If people would have tried to keep an eye on this transaction would have helped to contact Bitstamp and inform about the case. If it was a KYCed account, people can still reach out to Bitstamp and know about the owner of this account who had deposited BTC.