Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This is an UPDATED article that replaces the previous one. The UPDATED article was published instead of the previous one, due to the latest changes and additions. Also, this UPDATED article has more details. Briefly, you can learn about the results of this independent investigation of ours in the video: https://www.youtube.com/watch?v=ccjcbADuTjw (Who is the hacker of Nexus Mutual, EasyFi, FinNexus?). Unlike this article, the video does not have detailed links, as well as some other details.
- On December 14, 2020, it became known that an unknown hacker stole 370,000 NXM from the wallet of the CEO of Nexus Mutual DeFi.
- On April 20, 2021, another hack occurred, but this time, another project called EasyFi DeFi was attacked. In this case, the hacker stole almost 3,000,000 EASY tokens.
- On May 17, 2021, the system of the FinNexus DeFi project was hacked, in which the hacker was able to mint FNX tokens in the amount of 323,000,000 FNX and sell them on the open market.
- All three of these hacks have an analogy. These hacks were aimed at gaining access to wallets or private keys, which allowed a hacker to gain access to funds. Also, these break-ins were carried out at the same hour.
- All the results of our independent investigation that we publish in this article are obtained as a result of our own independent investigation, and these results of the investigation may differ from the official ones.
- From the media, we know the ETH addresses that belong to the Nexus Mutual hacker, EasyFi hacker and FinNexus hacker. Now let's take a look at each of their addresses that belong to these hackers.
- Let's start in order. The first hack we're talking about is the Nexus Mutual hack, which was carried out in December 2020. The Etherscan block explorer shows several addresses that belong to the Nexus Mutual hacker. But we will focus on one of them, which Etherscan has marked with the name Fake_Phishing4636. This hacker's address has leading digits 0x0adab45946372c2be1b94eead4b385210a8ebf0b.
- ETH address 0x0adab45946372c2be1b94eead4b385210a8ebf0b has a direct transaction for address 0x31499E03303dd75851a1738E88972CD998337403 - you need to remember this address:
- https://etherscan.io/tx/0xff9c6419ba87235a5fbcbfe85899ba0440abbf5f6e6af078682ec6ac0523bea5
- The next address we'll look at is the EasyFi hacker's address. This address is not tagged with Etherscan. But from the media, we know this address is 0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37. This hacker address was founded using a deposit transfer from the already known address 0x31499E03303dd75851a1738E88972CD998337403:
- https://etherscan.io/tx/0x84dc4924575bae826d50fd8278c307e5b8d2d7cbe05ad52a5e867f2c1aaa340a
- Also, the EasyFi hacker's address has an additional direct transaction for 0x31499E03303dd75851a1738E88972CD998337403, which is the last outgoing transaction that the EasyFi hacker performed.
- https://etherscan.io/tx/0xeaaabcafafe474cdac5d1f231a790e805fb72d1e27cd6f3e2d90c5635fe61cde
- In addition, the EasyFi hacker carried out several direct transactions from the address 0x77BEB16e4DB0686e36dbf01142685275785775Ed:
- https://etherscan.io/tx/0xcf99a55af6ee7a3d46f121fe091d2e29720881a72b5876dac25068fb73405ec5
- https://etherscan.io/tx/0xb189754f07f00f3e32fbfd3e60f34686afd5209c7ccfe281c7ee5ad5ba514270
- as well as additional transactions:
- https://etherscan.io/tx/0x4d6d6c5d6231614db587b52d1f8e4d58c8b804032f5ee959344ac47c51b046e6
- https://etherscan.io/tx/0x8ecd760060c60cb64520d803774a08c83210aac06a0ebbfcb436a5ffdc7348f5
- https://etherscan.io/tx/0xd843d0b9300b1cdc79c0e1280127163794c7df6c87dca06cb128b232779f0291
- The address 0x77BEB16e4DB0686e36dbf01142685275785775Ed is also based on the address 0x31499E03303dd75851a1738E88972CD998337403:
- https://etherscan.io/tx/0x7d90cbac9ff954555ee9e927598ff5daee9c3396451262fa77c44fab6bda25c0
- As we can see, unlike the Nexus Mutual hacker's address, the EasyFi hacker's address is linked not by one, but by several transactions with the address 0x31499E03303dd75851a1738E88972CD998337403. You need to keep on remembering the address 0x31499E03303dd75851a1738E88972CD998337403, as we will meet it many times.
- Now we will look at the FinNexus hacker's address. From the media, we know this address - it is the address 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F and it is marked in the Etherscan block explorer. We do not observe direct transactions between the address 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F and the address 0x31499E03303dd75851a1738E88972CD998337403. But there is a connection between these addresses using the intermediary address 0x2Da3a8738c34fFB35182670bcb76Ad722240bcC0. Despite the fact that the hacker diligently tried to hide the address 0x31499E03303dd75851a1738E88972CD998337403 from our eyes, we were still able to find this connection. The FinNexus hacker's main address has a direct transaction with the address 0x2Da3a8738c34fFB35182670bcb76Ad722240bcC0. The address has two outgoing FNX token transfer transactions for address 0x1cE5f1fe7d8543A0046E521302C3A21734309302:
- https://etherscan.io/tx/0x0403a2a195c94203ccc36c3a481328b478742bbb390e7ab7debbc44de534abcd
- https://etherscan.io/tx/0x84aaa19f5b8bb5ac58047eac0d462bdf9f7631a4d7a2a9c911718dfc35845584
- In turn, the address 0x1cE5f1fe7d8543A0046E521302C3A21734309302 has a multiple connection with the address 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A:
- https://etherscan.io/tx/0xdc54b9fc18773e04365710ca3f243c47e196218f1855d5d177ec45598c1a838c
- https://etherscan.io/tx/0x0403ec450fd3fd3ef1915cbcf0e5a3e3c679b81188399ac09bb7c3bf8ef21f2e
- https://etherscan.io/tx/0xffe4d170dd4461a173acaa694dc9220755f0bfcba0883723ef843e7b4569de8d
- https://etherscan.io/tx/0x968bd9ead37db5d7c7148ac5c0bd6860032a952f517d180713efeaf8dfd6971f
- https://etherscan.io/tx/0x7ef4693769adb3f1ee362ae0c77e695c7fb94ac291da736efd28aee554f7f3f3
- In total, this connection has 12 transactions.
- Also, 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A received a deposit with Tornado Cash:
- https://etherscan.io/tx/0xdf6a5aefaf5dcd44c40b881f1d2c816a560107a9b0fa12a018adf7e7e2a44e1f
- This is the address 0xA29bD5815AEA7ac88E9F3AaDd8F477675EDAD404 made a transfer for the address 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A amount, about 1 ETH. For this, 0xA29bD5815AEA7ac88E9F3AaDd8F477675EDAD404 made a deposit for Tornado Cash in transaction:
- https://etherscan.io/tx/0x000849cb2a3ab080bbda4fd6f0e41a7d2a35108c3d47a1f91655c7f33feb959f
- In turn, the address 0xA29bD5815AEA7ac88E9F3AaDd8F477675EDAD404 is based on the address 0x31499E03303dd75851a1738E88972CD998337403 in the following transaction:
- https://etherscan.io/tx/0x7e1878f62be97e245a31b426b191479704fdfcfa3044b51f9a70ef1287489a9c
- It also has many direct transactions that you can see:
- https://etherscan.io/address/0xa29bd5815aea7ac88e9f3aadd8f477675edad404#tokentxns
- (28 transactions in total) and https://etherscan.io/tx/0x61324b4a3624eccf5c69e7fb4292f3f22ccf295d07dbf866679a6c38ce2df0bf .
- Address 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A has an outgoing transfer transaction of 124,977.5383 USDT tokens for address 0x860Dc1b24f96F59F4ec25ca439bcB9cDD6c1a7B0:
- https://etherscan.io/tx/0xae6a4ec0cf0f70f5b2bcce1149175fc71cb5f4346d3c41beffaab98265e64e68
- The address 0x860Dc1b24f96F59F4ec25ca439bcB9cDD6c1a7B0 is associated with the known address 0x31499E03303dd75851a1738E88972CD998337403, with its last transaction:
- https://etherscan.io/tx/0x61324b4a3624eccf5c69e7fb4292f3f22ccf295d07dbf866679a6c38ce2df0bf
- Likewise, the address 0x860Dc1b24f96F59F4ec25ca439bcB9cDD6c1a7B0 is also associated with the address 0x31499E03303dd75851a1738E88972CD998337403 using the intermediary wallet 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A.
- By the way, I would like to say about some strange feature of the address 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F, which belongs to the hacker FinNexus, is that this address, on Etherscan, looks like a normal wallet address, but block explorers such as Bloxy and Bitquery 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F the contract that is created by the address 0x78d147015a9ef3ed9f9011fa394561670dc787cb in the following transaction:
- https://etherscan.io/tx/0x47dd577a9ea88215884e5eeda6ec3a8b7200b50377e906f9b7a8a7e5d6a91b9c
- Thus, the hacks of the Nexus Mutual, EasyFi and FinNexus projects are related not only by the nature of these hacks, but also by the same address - this is the address 0x31499E03303dd75851a1738E88972CD998337403. This suggests that all of these hacks were carried out by the same hacker (or the same group of hackers).
- Now let's try to determine the roots of the already known address 0x31499E03303dd75851a1738E88972CD998337403. Let's try to find the name of the person who owns the address 0x31499E03303dd75851a1738E88972CD998337403.
- Address 0x31499E03303dd75851a1738E88972CD998337403 had many mutual transactions with address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912:
- https://etherscan.io/tx/0x09d01a209e33e91d77b663eb52b8965f4ec88567df01cc0d00c03a5d89a283ea
- https://etherscan.io/tx/0xaa5f8b9d67509a1148f1da6602a4907a8d3354a64af7bd1c2172604fa4b423ac
- https://etherscan.io/tx/0xfdd0f75170c0d4bf882a36bcfb84ebe91eb53ad7021fea010d35a25c4317adc0
- https://etherscan.io/tx/0xf411e402f3b3d44100592946a173331fad7a7fad2a6f1431a43ccc446331c2b4
- https://etherscan.io/tx/0x055d65059df06cc2d5242c5e89e56e4f517cdb6ce101d2dfd247e9b011cac803
- https://etherscan.io/tx/0x0d62b86a12c8da051aeea773e3627a2218ebc093928d8cb1828647e59aaf66e8
- https://etherscan.io/tx/0xc3a549322212613472facec75215b287e556c4da720f3e2b30c42c6b8e746f66
- https://etherscan.io/tx/0xe63b26da1d6a85eb10253401fb3f26b4069d3ce44263006e65df7d55daa8646a
- https://etherscan.io/tx/0xd2a05b70d43eb1c2b8abff77f9f61f27cbbb0480aa0a90d376fd75920ad9a797
- as well as 9 direct transactions of tokens, which are indicated:
- https://etherscan.io/address/0x31499e03303dd75851a1738e88972cd998337403#tokentxns
- The total amount of direct mutual transactions between the address 0x31499E03303dd75851a1738E88972CD998337403 and the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 is 18 transactions (!!!).
- In turn, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 received its first deposit from the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B:
- https://etherscan.io/tx/0x2a0bf3d67de08e384ee34242f5c45b01c58e7ee289ab6522c559e532d3f01b9f
- Address 0x834e6bedc304c4c610557e9ffaf0d4ec310b881b created by address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 in transaction:
- https://etherscan.io/tx/0xd1e99af2a9b3a446eb0387f5c61801ddccafc8f5f211cfebddf581b601979d84
- Address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B is associated with multiple transactions with address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4:
- https://etherscan.io/tx/0xdfd6869e43d614f014b6d5f0227e85f22ae50bb7d092abbf9c0b93b3f7c6baf5
- https://etherscan.io/tx/0xc0059c86d46a5faef8be817e07d4ccaebd1d8149d2ecbdbca7e621ff30e52e76
- https://etherscan.io/tx/0xaa6360699863ed640b17c645b4047a2cca4cb4055167342c038ee4d0f567bb7e
- https://etherscan.io/tx/0x74fd673304c52f7017819056ef29b8fbdfbe8ba0b74892c4d5e8374222c23a68
- https://etherscan.io/tx/0xff2d34c669ec9b8202fae4d26456af800f16077ed2cade4d3a67d3cef769cba2
- https://etherscan.io/tx/0xba7047ac9ecee6013f44fd03429e87410d01d43f5a68901c092471722beea586
- https://etherscan.io/tx/0x921763e445cca2cd400db20f23391e5c39a204c7f548b67d3a00e8a5559a2c43
- https://etherscan.io/tx/0xa42c5e91f312f137d16846dfda2558510280306afb2f8c28104111e8cba18b7e
- https://etherscan.io/tx/0xa2a293b2406d2f30e18e4f245dca39beb9ad1c13cf03c753d9eb7de04b496035
- https://etherscan.io/tx/0xd1e99af2a9b3a446eb0387f5c61801ddccafc8f5f211cfebddf581b601979d84
- https://etherscan.io/tx/0xcb5d44c2a8678e34532c5b2b98be82fbdefad5a837b65f8569706573bb3a7e1c
- https://etherscan.io/tx/0xafc27ac6a7201d6d0e801df286c2e72b8f9103c652dde5bee2a33c3d01aad6d8
- https://etherscan.io/tx/0xb17cb0896e67187818dd026c5b4b1f3146884bc357d9d59f10c5b91cd8410465
- https://etherscan.io/tx/0xbbb691ede2708ed3d79c3a0269a418f78864c8219e9a1849eb1a4491fc4fdb30
- as well as 21 direct mutual token transactions:
- https://etherscan.io/address/0x834e6bedc304c4c610557e9ffaf0d4ec310b881b#tokentxns
- The total amount of mutual transactions between the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B and the address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 is 35 transactions (!!!).
- Address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 belongs to Anton Dziatkovskii. Anton Dziatkovskii publicly says that he owns the address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 in the following sources:
- 1. https://twitter.com/antondzyatkovsk/status/1391126347682959360 - https://app.poap.xyz/token/108903
- 2.
- https://twitter.com/antondzyatkovsk/status/1388607712355782663 -
- https://pay.sablier.finance/stream/4167 (https://pay.sablier.finance/stream/4167/details)
- Speaking about the personality of Anton Dziatkovskii, we can say that Anton Dziatkovskii is a developer of platforms for DeFi projects, a developer of smart contracts, is a specialist in the field of security of smart contracts, is a computer specialist, considers himself a white hacker, is a trader, as well as manager of bounty companies for various projects.
- Also, Anton Dziatkovskii is a co-founder of the MicroMoney project (https://www.micromoney.io/), director of education for the UBAI project (https://www.ubai.co/). One of the UBAI products is the BTCNext exchange (https: //www.btcnext.io/). Anton Dziatkovskii is a co-founder of the QDAO DeFi project (https://qdefi.io/en). Anton Dziatkovskii is also a member of the NoahCity project team (https://noahcity.org/en). Anton Dziatkovskii is the founder of the Platinum Fund project team (https://platinum.fund/en), which develops platforms for DeFi projects and blockchain solutions. Anton Dziatkovskii is directly related to the development of the SpaceSwap DeeFi project (https://spaceswap.app/) and its possible co-founder. Anton Dziatkovskii is the bounty program manager of the SpaceSwap project (https://bitcointalk.org/index.php?topic=5314607.0) and this can be seen in his bitcointalk profile which has the username Cubus or in the fraud dispute https://bitcointalk .org/index.php?topic=5185188.0.
- Now about Anton Dziatkovskii's personal profile (links):
- https://www.linkedin.com/in/Anton-Dziatkovskii-47012a95/
- https://www.facebook.com/AntonDziatkovskii
- https://twitter.com/antondzyatkovsk
- BTT url: https://bitcointalk.org/index.php?action=profile;u=1120647
- BTT username: Cubus
- GitHub: https://github.com/AntonDz
- Telegram: https://t.me/antondz
- Whatsapp: +79685331499
- ETH-address: https://etherscan.io/address/0x0aaf72da643570da1bf76e8b3063c3f378b3d3d4
- Address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B has a direct transaction with address 0x4664db097caC5E006AC94705D3C778f2aC896AA8:
- https://etherscan.io/tx/0xcdfc173671d819852bc988561d97f012bc9077f0b7cba215cd56dac8eccfb876
- https://etherscan.io/tx/0x7cae308a78ea346ff12bb2aabec8006bdb102637e175284b50208102eed8b8f9
- https://etherscan.io/tx/0x970ae7f65cf0411cafbbcdaa967d00ed9d683a1fe348e79098f0e266c6e7771d
- https://etherscan.io/tx/0x34c682332b1cc547464a7792dd1fcc4e95a43fe039fdfd313ec65cf260ec8577
- https://etherscan.io/tx/0x83e6fa104fd2eadf061916d8a876875e40fa427915bc12ad22c27fca067eb21a
- https://etherscan.io/tx/0x63c2d52a1878d223031752844c159120acd28aa56e83a60ae4642e7da8143f2c
- https://etherscan.io/tx/0xb9ebdc1a15a6e65cdec5bf16f356d5966e893813a71798d5a2238b4b2730961d
- https://etherscan.io/tx/0x05577efbf0f6b9290453261d2c891aa521aa09a4d0d2237881f0be01aaee7e49
- https://etherscan.io/tx/0x0221d3f6f4bb312a923306c600254e0cff9e054459ede48abede99ac12ce4740
- https://etherscan.io/tx/0x69692e6a7cd211ad20eac4651372ce2be46bb029520e61467fe29e8ee7abff5d
- https://etherscan.io/tx/0x942ed370ed893dda297d9b3f4c60529f8b44f47adc9e1effcf1a4c8a2e1be5ed
- https://etherscan.io/tx/0x5d621d6523e2fe87a2f9027ed5aa631761bfe62160b576d1e571b65e26d29d2e
- https://etherscan.io/tx/0x16121cdf65d8710146a114081ccd7d1de7d01cff97d9eca33da57c10275ac0d3
- and an additional 15 token transactions. The total amount of related transactions between the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B and the address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 is 28 transactions (!!!). There are also several related transactions using the intermediary address 0xDaEB3B152bE7ac786E79122C4655594e7808587D.
- Address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 is associated with Anton Dziatkovskii address 0x0aaf72da643570da1bf76e8b3063c3f378b3d3d4:
- https://etherscan.io/tx/0xc75a093e8da8232cda46e64a244d08ea77ef53e3cfd3879c851f24acdef8a06e
- https://etherscan.io/tx/0xff9211c8a521f000d9e9f96bf78c5f1630892a7c42f8858aa779dfde9deb54c1
- https://etherscan.io/tx/0x9a204b1f662e00747961b31ad6ba858d1b38fbc31f1f8c4cc56e3359d9ca8a86
- https://etherscan.io/tx/0x6d4194f76b4dbeac399be2a096684ad4e1347e3928cfb674c339cbc186391d1e
- https://etherscan.io/tx/0xba9a9807e2969d5f0d9296426492a38cdcd4e4b8071c64e7d453f7c63b32f4cd
- Address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 is associated with address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 (which has made many transactions with address 0x31499E03303dd75851a1738E88972CD998337403, at least two transactions:
- https://etherscan.io/tx/0xa6e43e8d7ee9455ebc5291a031548a346fcf4176df41f4201ded66436ab9b115
- https://etherscan.io/tx/0xadc4495b302dcb747c7f1db98d79f588ce42ec88369bd653fbfe9e790fdcaaa1
- All this means that the overall hacking address 0x31499E03303dd75851a1738E88972CD998337403, which has a lot of mutual transactions with the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912, in consequence, the two roads meet with the address 0x0aaf72da643570da1bf76e8b3063c3f378b3d3d4, which belongs to Anton Dziatkovskii: first road - with the help of mediation addresses 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B (laid the groundwork for 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 address); the second is through the intermediary address 0x4664db097caC5E006AC94705D3C778f2aC896AA8.
- Address 0x4664db097caC5E006AC94705D3C778f2aC896AA8, is associated with address 0x5a6a52a7bf22813882e988135a7d2be805bb0649 by numerous transactions:
- https://etherscan.io/tx/0x5b07bf2f9bd2c796621d0960e43623791ed3b97248401b480a7f5cc13188440a
- https://etherscan.io/tx/0x741aed055bed684f1149c130f3ebdffe414da3bf4026d002d30c8fa12a179220
- https://etherscan.io/tx/0x6e4d6693cee30d4b077489820f32d380913f18810285be608ca3e8d9a0982ed6
- https://etherscan.io/tx/0x7b83d4b6d2a93dd0a10420381ebec9b8a2d5791073e0dae799731c2ebf7b0449
- https://etherscan.io/tx/0x2128a3d2785868c553d8a82c501239cd246c2ec0acc949710ce2388dd8d2b069
- https://etherscan.io/tx/0xf0e6f25433ed29f917761a09d055b87889532f2a9e9f6d2a4f7d91cd9cda590f
- https://etherscan.io/tx/0xc22f519e47a86d1429dac5be5cec802fbe2d975a17fe1d9562821a5c41a25261
- https://etherscan.io/tx/0x8fb76aeae37295b2ecee24c4d83e7a689162de88eec475a088fdea7c2fc3ae99
- https://etherscan.io/tx/0xba49ca3ec1b8abecbe1bb0cb37a72f5632004371a4844bd9b9a80885f3ada3a8
- https://etherscan.io/tx/0xbfc65a07cbc1d9160c943622a6c00b9d9f3a0752858ffd0bb94b3e4ecbdeded2
- https://etherscan.io/tx/0x6c83d5f6dfcdd80bb3fc4b80c5bb7a0e37ca5a6d35765b5bea5da7567d0514ba
- and an additional 58 transactions (https://etherscan.io/address/0x5a6a52a7bf22813882e988135a7d2be805bb0649#tokentxns).
- In total, the number of mutual transactions is 69 transactions (!!!).
- Address 0x5a6a52a7bf22813882e988135a7d2be805bb0649 is the foundation https://etherscan.io/tx/0x9e872cf2555bd5b07f1420b2195f9e397190971ea928725158ee7103142f801c to form the address 0x71e0d074bb70fdc5345f986e3435117f52afcebb - the creator of a smart contract for QDAO tokens issued by the QDAO DeFi project, where Anton Dziatkovskii is a co-founder:
- https://etherscan.io/address/0x3166c570935a7d8554c8f4ea792ff965d2efe1f2
- Address 0x71e0d074bb70fdc5345f986e3435117f52afcebb, is the creator of the smart contract for the BNX token, which belongs to the BTCNext exchange, which is part of the UBAI project, where Anton Dziatkovskii is the co-founder.
- Address 0x71e0d074bb70fdc5345f986e3435117f52afcebb also cooperates with address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 in transactions.
- Address 0x5a6a52a7bf22813882e988135a7d2be805bb0649 also has several direct related transactions with address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2:
- https://etherscan.io/tx/0xd016bd35a947a95af6505db3f426b53d9429f21705cd340f29cf96d6bb7d478a
- https://etherscan.io/tx/0xf7adf5ff89bb7a00bbaf7dbc81bf8a889f01139766f45756f22615a3bebbbadf
- and many transactions with different tokens,
- as well as using the intermediary address 0x3c586d0e07f312a180ec46d4c27d831731c41d23 with multiple transactions.
- Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 also cooperates with address 0x4664db097caC5E006AC94705D3C778f2aC896AA8.
- Just address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2, has a direct transaction with the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B, which is the founder 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 addresses having a plurality of transactions with the common hacker location 0x31499E03303dd75851a1738E88972CD998337403:
- https://etherscan.io/tx/0x3084669504ddca7161a0afc35207a961c4870581fa2d1740dc11f5f2ede43322
- as well as transactions using the intermediate address 0x3c586d0e07f312a180ec46d4c27d831731c41d23.
- Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 is the creator of smart contracts for MILK2 tokens (https://etherscan.io/address/0x66d1b01c0fd7c2d8718f0997494b53ff5c485688) and SHAKE tokens (https://etherscan.io/address/0x6006FC2a849fEdABa8330ce36F5133DE01F96189) , which belong to the SpaceSwap project, to which Anton Dziatkovskii has at some direct relation.
- Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 is the creator of the smart contract for CNYQ tokens (https://etherscan.io/address/0xc541b907478d5CD334C0cbfcB9603b6dac6e9ee3) , JPYQ (https://etherscan.io/address/0x558A069a3A1a1e72398607b9E3577fCe1C67EA63) , which belong to the QDAO DeFi project, Anton Dziatkovskii is a co-founder.
- Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 is the creator of the smart contract for NOAH ARK tokens (https://etherscan.io/address/0xfce94fde7ac091c2f1db00d62f15eeb82b624389), and tokens NOAHP (https://etherscan.io/token/0x41b3F18c6384Dc9A39c33AFEcA60d9b8e61eAa9F), which belong to the NoahCity project, in which Anton Dziatkovskii is a member of the team.
- I would like to note the following that many wallet addresses associated with the EasyFi hacker address 0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37 (including some intermediate addresses) have MILK, MILK2, SHAKE, NOAH, QDAO tokens on their balance. Even the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912, which has many mutual transactions with the well-known common hacker address 0x31499E03303dd75851a1738E88972CD998337403, contains these tokens.
- By the way, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 has BABYMILK tokens on its balance (smart contract https://etherscan.io/address/0xe00edf07bbab7f9e7a93ffbffdd4c16c5dbc6b03 - BabyMilk TEST token by SpaceSwap v2, at the same time, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 takes the #13 place among the holders of these tokens (https://etherscan.io/token/0xe00edf07bbab7f9e7a93ffbffdd4c16c5dbc6b03#balances) . As a rule, such a high rating among the holders is occupied either by the co-owners of the project or by the leading investors in the project.
- Also, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 (which has a lot of mutual transactions with the common hacker address 0x31499E03303dd75851a1738E88972CD998337403), has a direct link with the address 0x72d49544D17e3C98B0f94D97eE851981279f3aa9:
- https://etherscan.io/tx/0x11cf0326b7b0ee31db33231d2b5eac63763d323f065a72bbfe77baf147e90fe7
- https://etherscan.io/tx/0x11cf0326b7b0ee31db33231d2b5eac63763d323f065a72bbfe77baf147e90fe7
- This address 0x72d49544D17e3C98B0f94D97eE851981279f3aa9 also belongs to the SpaceSwap project, which can be confirmed on the Rarible website page:
- https://rarible.com/spaceswap
- https://coinranking.com/ms/nft/a0a0d045cc-rarible-fallen-puppet
- By examining the block conductors, we can determine where the Nexus Mutual hacker sent funds:
- 1. Transaction to convert renBTC to BTC https://etherscan.io/tx/0xd0b498293d36e2f264b377d3cfec5d1701a92808f0f7580881f6459a6e9c0062 got an exit in a transaction https://www.blockchain.com/ru/btc/tx/75e7645350615dcb1526010af5c9ca264f962136dec83e11120056ff66d579f0. So this is the BTC address bc1qmyxuldmsec6xm7gm7dnmmth4lz776tr5mtluvp followed by outgoing transactions.
- 2. . Transaction to convert renBTC to BTC https://etherscan.io/tx/0xfdd36a0c510bb7acf66ab3f42f8682eae563f52767f8a897d03f087426f683c0 got an exit in a transaction https://www.blockchain.com/ru/btc/tx/b59fd9206d1e81e520c5000e60907a7c2ba730d18f34b488ea60f29c718886bc . So this is the BTC address bc1q6qsnqt98g3aggqy6adlpxkgngughwc66f93dve followed by outgoing transactions.
- 3. Transaction to convert renBTC to BTC https://etherscan.io/tx/0xe6c87c15e0f71640cb61be417a651a532b7321a12b2022203f6a16f2f3f64e4f got an exit in a transaction https://www.blockchain.com/ru/btc/tx/a3191751822b488aed9be4712992271dfd51ff71f1a4f1c40df23c6e559b7894 . Hence, this is the BTC address bc1qun448hv5cudqlwrmghju58jnprkguy48emtj8a with subsequent outgoing transactions.
- By examining the block conductors, we can determine where the EasyFi hacker sent funds:
- 1. Transaction to convert renBTC to BTC https://etherscan.io/tx/0x2e575a4f490423bd49d79cce9a5f5b6067fb3aabcdd695ee9caa8fd91193d1c0 got an exit in a transaction https://www.blockchain.com/ru/btc/tx/f0dafd9b6377bc2ed4899ab8a982ca23ce30b2c3f217e13f86a2e49a450397bc . So this is the BTC address bc1qfl085d0fxy8s6grja5qf8cgqvx8w94ufaygg9y with subsequent outgoing transactions.
- 2. Transaction to convert renBTC to BTC https://etherscan.io/tx/0xf3932eb7ae1a0ad8c74b9e05e5b2a81333576e69d798805f06e816724596c077 got an exit in a transaction https://www.blockchain.com/ru/btc/tx/e0d56ea73302b422b1f377e297f9581f133924fb1db5ceb7847ff22c80a8b956 . Hence, this is the BTC address 17WFZENdcgkCvVjENQWJnqwXyiCkgTdGbi with subsequent outgoing transactions.
- 3. Transaction to convert renBTC to BTC https://etherscan.io/tx/0xf4316088f83c541027feaea0fdf798a844eda364ef7c965c9625d58da43ba30c got an exit in a transaction https://www.blockchain.com/ru/btc/tx/c2949b10e22c3a235c08f2b78c6c839ea8955a5e89c69232627b31f77636f967 . Hence, this is the BTC address 1395hgVUB2P7yv145sRbt6Ykbi3qargnoD with subsequent outgoing transactions.
- 4. Transaction to convert renBTC to BTC https://etherscan.io/tx/0x6cb20a995a7e722622d8648f7853b550fa04dae4f8fe5d9625f19025159a1d3c got an exit in a transaction https://www.blockchain.com/ru/btc/tx/47d23bd06022cdafa62f038cf2b9e0b912d0ec0b1da884252ce67dbb8f8a3bd4 . Hence, this is the BTC address 1DzGYwnUKu9ukGBKm8kTvoezjfCQ2qLwYr with subsequent outgoing transactions.
- By examining the block conductors, we can determine where the FinNexus hacker sent funds:
- At the time of this writing, the FinNexus hacker has only made a deposit for Tornado Cash:
- https://etherscan.io/tx/0xdfff5f1f94045f87569eca8100393861d847fb558115031aec4173b1dd9b5df4
- We can see the exit from Tornado Cash in the transaction:
- https://etherscan.io/tx/0xa0346bf9cdb454e3e59fcd969ef351297f4850629d806f75992841a700b8b63a
- This means ETH-address 0x996f5CcbF2856137744603b382dE559b78a096fC is the recipient to whom the FinNexus hacker sent 10 ETH using Tornado Cash.
- Next, 0x996f5CcbF2856137744603b382dE559b78a096fC sent 3 ETH for address 0x487927e4c49ac6e03d0168dade4a400017197c65 in the transaction:
- https://etherscan.io/tx/0x4cfd671ba3c6b376c9b56573f9727d3ae74155621e099b097bfc35ef5ecd4097
- Address 0x487927e4c49ac6e03d0168dade4a400017197c65 created 2 smart contracts:
- - He created a smart contract 0x2dd4bffd9d4fc1fd48cca3b1e83d96ece4b51460
- (https://etherscan.io/tx/0xd476c5eef7664c38cb77d5dfe54295c64ac7a19f6bc020920fcdd825b1f0bc68)
- - He created a smart contract 0x3c690e31359f83d7b82cbf105d9b71e813f016bb
- (https://etherscan.io/tx/0x0e117c3fbedbd8bd3cb549daa2fdeefa90bea46bc51632e1fb05caf296b6ca37)
- Both of these smart contracts are created to interact with smart contract 0x606246e9ef6c70dcb6cee42136cd06d127e2b7c7:
- https://bloxy.info/graphs/0x3c690e31359f83d7b82cbf105d9b71e813f016bb
- https://bloxy.info/graphs/0x2dd4bffd9d4fc1fd48cca3b1e83d96ece4b51460
- Smart contract 0x606246e9ef6c70dcb6cee42136cd06d127e2b7c7 belongs to the Bondly project (DeFi) https://www.bondly.finance/.
- I doubt the hacker is going to start some kind of fair play by making a simple tranche with Tornado Cash where he can be traced. Maybe now the hacker has chosen a new victim for a new hack and this victim may be the Bondly Finance project ???
- In all three attacks on projects, the hacker also used complex transactions using Tornado Cash. A detailed study of these complex transactions will take a lot of time and labor, which is comparable to the total amount of time and labor that we spent on this investigation. Unfortunately, we cannot spend that amount of our resources (time and labor) for free to determine the outputs of their Tornado Cash, as we still have not received the slightest financial support from our readers and viewers.
- Many people showed interest in this article and our video, but none of them provided us with material support. We are very upset about this. Not finding financial support from our readers, perhaps on this we will stop this our investigation, and also, we will no longer participate in any other public investigations. Now it only depends on you: will we continue this independent investigation, as well as the further existence of our project, according to our further independent investigations, to study hacks and frauds in the crypto space, which will have a positive impact on the security of crypto projects and investments.
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- To thank the contributors to this independent investigation, you can send any amount of funds to any of these addresses of ours:
- BTC address: 15TFrZCEWn2FbaXhCX2R7tWCotSjGMmZvp
- ETH address: 0x6c629437eF38Aa610fb14FfF8BebA7Dc5B21B29E
- TRX address: TRbEpq38kNfJp7smiRPNaXAYKPGycvjnts
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement