A team at blockchain services company Coinfirm has been watching the erratic movements of the bitcoin associated with $40 million stolen in the latest Binance breach.

At 4:11 AM on May 8 the hacker or hackers moved 1214 BTC ($7.16 million) to new addresses and then moved another 1337 “to 2 new addresses held by the hacker.”

This is the fourth major exchange hack of the year, following Cryptopia, DragonEx and Bithumb.



Image via Coinfirm

The hack took place at 5:15:24PM on May 7 when hackers dragged over 7,000 bitcoin from a single Binance hot wallet into in a number of smaller wallets in a single transaction. The hackers then moved small amounts into smaller wallets. Given the nature of the BTC blockchain it’s easy to see where each Binance bitcoin is going but it is difficult to perform real forensics on the wallets in order to understand who – or what – created them.

According to @Coinfirm_io analysis the @Binance hacker has recently moved over 1214 #BTC (~$7.16M) to new addresses But almost 5786 BTC (~$34.14M) still sit on the #Binance hackers original addresses

More exclusive insights coming!https://t.co/CdRIXAT8dC pic.twitter.com/YUVrHeVOhn — Coinfirm (@Coinfirm_io) May 8, 2019

The #Binance hacker just moved the funds again! Coinfirm analysis shows 1227 #BTC of the #BinanceHack funds moved to 2 new addresses held by the hacker(Red bubbles) One holds 707 BTC the other 520 BTC Below is also a Coinfirm #aml Risk Report of one https://t.co/CdRIXAT8dC pic.twitter.com/c2VZwtfub6 — Coinfirm (@Coinfirm_io) May 8, 2019

Why the brisk back and forth movement? Writer and blockchain analyst Amy Castor thinks the hackers are trying to erase their tracks.

“Money laundering 101: breaking the transactions up into smaller and smaller amounts making them more and more difficult to track,” she said.



Image via Coinfirm

Image via Shutterstock