Twitter hackers who compromised more than a dozen celebrity accounts on Wednesday seem to be consolidating their money into an address that previously sent money to BitPay and Coinbase.
After a detection From Whitestream, a blockchain analytics company, three transactions at “1Ai5” lead to wallets related to Coinbase and BitPay that offer business solutions. The legacy address was the first to be offered by hackers who later switched to a Bech32 address when targeting non-cryptocurrency accounts.
However, The original address is now the consolidation point of all profits from the attack. He received 14.75 Bitcoin (BTC) with an approximate value of USD 135,000.
Three transactions are believed to result in Coinbase and Bitpay. The first involves a transfer of approximately 1.2 BTC in May 2020, worth approximately $ 11,000 at that time. The last two were shipped two days before the hack and are in much smaller quantities.
Certain, The last transactions are much more complex because the exchange address is always of a different type than all other entries. This makes tracing difficult, although the hacker may be about to switch to a Bech32 address.
According to Whitestream, the first transaction sent a small amount of money to an address associated with BitPay, while the other two were sent to Coinbase.
The hackers’ address appears to be clearly based on these companies and may reveal their identity. However, these transactions are likely to be related to commercial use, which could make investigations more difficult.
It is also unclear why hackers used an old address to carry out the attack, as this seems to provide unnecessary clues for future investigations.. With hackers holding at least $ 11,000 before the attack, such a massive trade-off compromise could have been used to run ads that would move the market. By entering heavily leveraged positions before tweets, hackers would probably have made a lot more money.
Vulnerability in Twitter employees exploited
As Cointelegraph reported in detail on Wednesday, dozens of Twitter accounts from cryptocurrency exchanges and influencers, technology companies, politicians and celebrities gradually fell to hackers. The accounts released a known cryptocurrency scam that promised to double the money of everyone who sent Bitcoin to a specific address.
Twitter said that The problem was due to a social engineering attack that was carried out on high-ranking employees with administrator access. Hackers took control of accounts through the admin panel by changing their passwords and recovery emails.
This is similar to a BlockFi data breach in May in which criminals used a SIM swap attack to gain access to customers’ internal records.