The Shadow Brokers may finally be getting their pay cheque. A bitcoin address linked to their auction last year has reportedly been cleared out, marking the first sign of activity in the account. The hacker group also posted a message on Twitter detailing how to subscribe to their monthly NSA exploit dump scheme.

The mysterious hacker group made headlines last year after claiming to have stolen a cache of NSA hacking tools, which they promptly put up for auction in September 2016. The proceeds didn't really amount to much and the auction was eventually abandoned, but the hacker group then leaked a second set of NSA exploits for free in April.

Motherboard reported that the nearly $24,000 in their NSA exploit auction's bitcoin address has now been cleaned out. It remains unclear if the hackers themselves did it or someone else.

The group recently announced that it intended to leak further exploits in batches, on a monthly basis starting June.

Shadow Brokers is yet to mention what exploits it intends to leak. They have claimed to possess exploits for operating systems including Windows 10, as well as compromised data from banks and Swift providers and even stolen network data from North Korean missile programs.

"TheShadowBrokers is not deciding yet," the group wrote in its message, an attempt probably to further mystify the nature of contents they may potentially release soon. "Something of value to someone. Question to be asking 'Can my organization afford not to be first to get access to theshadowbrokers dumps?' "

The hacker group is asking interested parties to make payments using ZCash, a bitcoin transaction service that promises to "fully protect the privacy of transactions using zero-knowledge cryptography."

"This month theshadowbrokers using Zcash. If being not good, then maybe theshadowbrokers doing different for July? "Act quickly is good chance Zcash price increasing over time," the group added.