Advertisement
CRDT

Who is the hacker of Nexus Mutual, EasyFi, FinNexus ?

Apr 26th, 2021 (edited)
5,618
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.45 KB | None | 0 0
  1. This is an UPDATED article that replaces the previous one. The UPDATED article was published instead of the previous one, due to the latest changes and additions. Also, this UPDATED article has more details. Briefly, you can learn about the results of this independent investigation of ours in the video: https://www.youtube.com/watch?v=ccjcbADuTjw (Who is the hacker of Nexus Mutual, EasyFi, FinNexus?). Unlike this article, the video does not have detailed links, as well as some other details.
  2.  
  3. On December 14, 2020, it became known that an unknown hacker stole 370,000 NXM from the wallet of the CEO of Nexus Mutual DeFi.
  4. On April 20, 2021, another hack occurred, but this time, another project called EasyFi DeFi was attacked. In this case, the hacker stole almost 3,000,000 EASY tokens.
  5. On May 17, 2021, the system of the FinNexus DeFi project was hacked, in which the hacker was able to mint FNX tokens in the amount of 323,000,000 FNX and sell them on the open market.
  6. All three of these hacks have an analogy. These hacks were aimed at gaining access to wallets or private keys, which allowed a hacker to gain access to funds. Also, these break-ins were carried out at the same hour.
  7. All the results of our independent investigation that we publish in this article are obtained as a result of our own independent investigation, and these results of the investigation may differ from the official ones.
  8.  
  9. From the media, we know the ETH addresses that belong to the Nexus Mutual hacker, EasyFi hacker and FinNexus hacker. Now let's take a look at each of their addresses that belong to these hackers.
  10.  
  11. Let's start in order. The first hack we're talking about is the Nexus Mutual hack, which was carried out in December 2020. The Etherscan block explorer shows several addresses that belong to the Nexus Mutual hacker. But we will focus on one of them, which Etherscan has marked with the name Fake_Phishing4636. This hacker's address has leading digits 0x0adab45946372c2be1b94eead4b385210a8ebf0b.
  12. ETH address 0x0adab45946372c2be1b94eead4b385210a8ebf0b has a direct transaction for address 0x31499E03303dd75851a1738E88972CD998337403 - you need to remember this address:
  13. https://etherscan.io/tx/0xff9c6419ba87235a5fbcbfe85899ba0440abbf5f6e6af078682ec6ac0523bea5
  14. The next address we'll look at is the EasyFi hacker's address. This address is not tagged with Etherscan. But from the media, we know this address is 0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37. This hacker address was founded using a deposit transfer from the already known address 0x31499E03303dd75851a1738E88972CD998337403:
  15. https://etherscan.io/tx/0x84dc4924575bae826d50fd8278c307e5b8d2d7cbe05ad52a5e867f2c1aaa340a
  16. Also, the EasyFi hacker's address has an additional direct transaction for 0x31499E03303dd75851a1738E88972CD998337403, which is the last outgoing transaction that the EasyFi hacker performed.
  17. https://etherscan.io/tx/0xeaaabcafafe474cdac5d1f231a790e805fb72d1e27cd6f3e2d90c5635fe61cde
  18. In addition, the EasyFi hacker carried out several direct transactions from the address 0x77BEB16e4DB0686e36dbf01142685275785775Ed:
  19. https://etherscan.io/tx/0xcf99a55af6ee7a3d46f121fe091d2e29720881a72b5876dac25068fb73405ec5
  20. https://etherscan.io/tx/0xb189754f07f00f3e32fbfd3e60f34686afd5209c7ccfe281c7ee5ad5ba514270
  21. as well as additional transactions:
  22. https://etherscan.io/tx/0x4d6d6c5d6231614db587b52d1f8e4d58c8b804032f5ee959344ac47c51b046e6
  23. https://etherscan.io/tx/0x8ecd760060c60cb64520d803774a08c83210aac06a0ebbfcb436a5ffdc7348f5
  24. https://etherscan.io/tx/0xd843d0b9300b1cdc79c0e1280127163794c7df6c87dca06cb128b232779f0291
  25. The address 0x77BEB16e4DB0686e36dbf01142685275785775Ed is also based on the address 0x31499E03303dd75851a1738E88972CD998337403:
  26. https://etherscan.io/tx/0x7d90cbac9ff954555ee9e927598ff5daee9c3396451262fa77c44fab6bda25c0
  27. As we can see, unlike the Nexus Mutual hacker's address, the EasyFi hacker's address is linked not by one, but by several transactions with the address 0x31499E03303dd75851a1738E88972CD998337403. You need to keep on remembering the address 0x31499E03303dd75851a1738E88972CD998337403, as we will meet it many times.
  28.  
  29. Now we will look at the FinNexus hacker's address. From the media, we know this address - it is the address 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F and it is marked in the Etherscan block explorer. We do not observe direct transactions between the address 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F and the address 0x31499E03303dd75851a1738E88972CD998337403. But there is a connection between these addresses using the intermediary address 0x2Da3a8738c34fFB35182670bcb76Ad722240bcC0. Despite the fact that the hacker diligently tried to hide the address 0x31499E03303dd75851a1738E88972CD998337403 from our eyes, we were still able to find this connection. The FinNexus hacker's main address has a direct transaction with the address 0x2Da3a8738c34fFB35182670bcb76Ad722240bcC0. The address has two outgoing FNX token transfer transactions for address 0x1cE5f1fe7d8543A0046E521302C3A21734309302:
  30. https://etherscan.io/tx/0x0403a2a195c94203ccc36c3a481328b478742bbb390e7ab7debbc44de534abcd
  31. https://etherscan.io/tx/0x84aaa19f5b8bb5ac58047eac0d462bdf9f7631a4d7a2a9c911718dfc35845584
  32. In turn, the address 0x1cE5f1fe7d8543A0046E521302C3A21734309302 has a multiple connection with the address 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A:
  33. https://etherscan.io/tx/0xdc54b9fc18773e04365710ca3f243c47e196218f1855d5d177ec45598c1a838c
  34. https://etherscan.io/tx/0x0403ec450fd3fd3ef1915cbcf0e5a3e3c679b81188399ac09bb7c3bf8ef21f2e
  35. https://etherscan.io/tx/0xffe4d170dd4461a173acaa694dc9220755f0bfcba0883723ef843e7b4569de8d
  36. https://etherscan.io/tx/0x968bd9ead37db5d7c7148ac5c0bd6860032a952f517d180713efeaf8dfd6971f
  37. https://etherscan.io/tx/0x7ef4693769adb3f1ee362ae0c77e695c7fb94ac291da736efd28aee554f7f3f3
  38. In total, this connection has 12 transactions.
  39. Also, 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A received a deposit with Tornado Cash:
  40. https://etherscan.io/tx/0xdf6a5aefaf5dcd44c40b881f1d2c816a560107a9b0fa12a018adf7e7e2a44e1f
  41. This is the address 0xA29bD5815AEA7ac88E9F3AaDd8F477675EDAD404 made a transfer for the address 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A amount, about 1 ETH. For this, 0xA29bD5815AEA7ac88E9F3AaDd8F477675EDAD404 made a deposit for Tornado Cash in transaction:
  42. https://etherscan.io/tx/0x000849cb2a3ab080bbda4fd6f0e41a7d2a35108c3d47a1f91655c7f33feb959f
  43. In turn, the address 0xA29bD5815AEA7ac88E9F3AaDd8F477675EDAD404 is based on the address 0x31499E03303dd75851a1738E88972CD998337403 in the following transaction:
  44. https://etherscan.io/tx/0x7e1878f62be97e245a31b426b191479704fdfcfa3044b51f9a70ef1287489a9c
  45. It also has many direct transactions that you can see:
  46. https://etherscan.io/address/0xa29bd5815aea7ac88e9f3aadd8f477675edad404#tokentxns
  47. (28 transactions in total) and https://etherscan.io/tx/0x61324b4a3624eccf5c69e7fb4292f3f22ccf295d07dbf866679a6c38ce2df0bf .
  48. Address 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A has an outgoing transfer transaction of 124,977.5383 USDT tokens for address 0x860Dc1b24f96F59F4ec25ca439bcB9cDD6c1a7B0:
  49. https://etherscan.io/tx/0xae6a4ec0cf0f70f5b2bcce1149175fc71cb5f4346d3c41beffaab98265e64e68
  50. The address 0x860Dc1b24f96F59F4ec25ca439bcB9cDD6c1a7B0 is associated with the known address 0x31499E03303dd75851a1738E88972CD998337403, with its last transaction:
  51. https://etherscan.io/tx/0x61324b4a3624eccf5c69e7fb4292f3f22ccf295d07dbf866679a6c38ce2df0bf
  52. Likewise, the address 0x860Dc1b24f96F59F4ec25ca439bcB9cDD6c1a7B0 is also associated with the address 0x31499E03303dd75851a1738E88972CD998337403 using the intermediary wallet 0x67fe5B5343f963C7043cE551FADBa84a3aD6473A.
  53. By the way, I would like to say about some strange feature of the address 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F, which belongs to the hacker FinNexus, is that this address, on Etherscan, looks like a normal wallet address, but block explorers such as Bloxy and Bitquery 0x5EbC7d1Ff1687A75f76c3EdFAbCdE89D1C09Cd5F the contract that is created by the address 0x78d147015a9ef3ed9f9011fa394561670dc787cb in the following transaction:
  54. https://etherscan.io/tx/0x47dd577a9ea88215884e5eeda6ec3a8b7200b50377e906f9b7a8a7e5d6a91b9c
  55.  
  56. Thus, the hacks of the Nexus Mutual, EasyFi and FinNexus projects are related not only by the nature of these hacks, but also by the same address - this is the address 0x31499E03303dd75851a1738E88972CD998337403. This suggests that all of these hacks were carried out by the same hacker (or the same group of hackers).
  57.  
  58. Now let's try to determine the roots of the already known address 0x31499E03303dd75851a1738E88972CD998337403. Let's try to find the name of the person who owns the address 0x31499E03303dd75851a1738E88972CD998337403.
  59. Address 0x31499E03303dd75851a1738E88972CD998337403 had many mutual transactions with address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912:
  60. https://etherscan.io/tx/0x09d01a209e33e91d77b663eb52b8965f4ec88567df01cc0d00c03a5d89a283ea
  61. https://etherscan.io/tx/0xaa5f8b9d67509a1148f1da6602a4907a8d3354a64af7bd1c2172604fa4b423ac
  62. https://etherscan.io/tx/0xfdd0f75170c0d4bf882a36bcfb84ebe91eb53ad7021fea010d35a25c4317adc0
  63. https://etherscan.io/tx/0xf411e402f3b3d44100592946a173331fad7a7fad2a6f1431a43ccc446331c2b4
  64. https://etherscan.io/tx/0x055d65059df06cc2d5242c5e89e56e4f517cdb6ce101d2dfd247e9b011cac803
  65. https://etherscan.io/tx/0x0d62b86a12c8da051aeea773e3627a2218ebc093928d8cb1828647e59aaf66e8
  66. https://etherscan.io/tx/0xc3a549322212613472facec75215b287e556c4da720f3e2b30c42c6b8e746f66
  67. https://etherscan.io/tx/0xe63b26da1d6a85eb10253401fb3f26b4069d3ce44263006e65df7d55daa8646a
  68. https://etherscan.io/tx/0xd2a05b70d43eb1c2b8abff77f9f61f27cbbb0480aa0a90d376fd75920ad9a797
  69. as well as 9 direct transactions of tokens, which are indicated:
  70. https://etherscan.io/address/0x31499e03303dd75851a1738e88972cd998337403#tokentxns
  71. The total amount of direct mutual transactions between the address 0x31499E03303dd75851a1738E88972CD998337403 and the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 is 18 transactions (!!!).
  72. In turn, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 received its first deposit from the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B:
  73. https://etherscan.io/tx/0x2a0bf3d67de08e384ee34242f5c45b01c58e7ee289ab6522c559e532d3f01b9f
  74. Address 0x834e6bedc304c4c610557e9ffaf0d4ec310b881b created by address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 in transaction:
  75. https://etherscan.io/tx/0xd1e99af2a9b3a446eb0387f5c61801ddccafc8f5f211cfebddf581b601979d84
  76. Address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B is associated with multiple transactions with address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4:
  77. https://etherscan.io/tx/0xdfd6869e43d614f014b6d5f0227e85f22ae50bb7d092abbf9c0b93b3f7c6baf5
  78. https://etherscan.io/tx/0xc0059c86d46a5faef8be817e07d4ccaebd1d8149d2ecbdbca7e621ff30e52e76
  79. https://etherscan.io/tx/0xaa6360699863ed640b17c645b4047a2cca4cb4055167342c038ee4d0f567bb7e
  80. https://etherscan.io/tx/0x74fd673304c52f7017819056ef29b8fbdfbe8ba0b74892c4d5e8374222c23a68
  81. https://etherscan.io/tx/0xff2d34c669ec9b8202fae4d26456af800f16077ed2cade4d3a67d3cef769cba2
  82. https://etherscan.io/tx/0xba7047ac9ecee6013f44fd03429e87410d01d43f5a68901c092471722beea586
  83. https://etherscan.io/tx/0x921763e445cca2cd400db20f23391e5c39a204c7f548b67d3a00e8a5559a2c43
  84. https://etherscan.io/tx/0xa42c5e91f312f137d16846dfda2558510280306afb2f8c28104111e8cba18b7e
  85. https://etherscan.io/tx/0xa2a293b2406d2f30e18e4f245dca39beb9ad1c13cf03c753d9eb7de04b496035
  86. https://etherscan.io/tx/0xd1e99af2a9b3a446eb0387f5c61801ddccafc8f5f211cfebddf581b601979d84
  87. https://etherscan.io/tx/0xcb5d44c2a8678e34532c5b2b98be82fbdefad5a837b65f8569706573bb3a7e1c
  88. https://etherscan.io/tx/0xafc27ac6a7201d6d0e801df286c2e72b8f9103c652dde5bee2a33c3d01aad6d8
  89. https://etherscan.io/tx/0xb17cb0896e67187818dd026c5b4b1f3146884bc357d9d59f10c5b91cd8410465
  90. https://etherscan.io/tx/0xbbb691ede2708ed3d79c3a0269a418f78864c8219e9a1849eb1a4491fc4fdb30
  91. as well as 21 direct mutual token transactions:
  92. https://etherscan.io/address/0x834e6bedc304c4c610557e9ffaf0d4ec310b881b#tokentxns
  93. The total amount of mutual transactions between the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B and the address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 is 35 transactions (!!!).
  94.  
  95. Address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 belongs to Anton Dziatkovskii. Anton Dziatkovskii publicly says that he owns the address 0x0AAf72DA643570Da1bF76E8b3063C3f378b3D3D4 in the following sources:
  96. 1. https://twitter.com/antondzyatkovsk/status/1391126347682959360 - https://app.poap.xyz/token/108903
  97. 2.
  98. https://twitter.com/antondzyatkovsk/status/1388607712355782663 -
  99. https://pay.sablier.finance/stream/4167 (https://pay.sablier.finance/stream/4167/details)
  100. Speaking about the personality of Anton Dziatkovskii, we can say that Anton Dziatkovskii is a developer of platforms for DeFi projects, a developer of smart contracts, is a specialist in the field of security of smart contracts, is a computer specialist, considers himself a white hacker, is a trader, as well as manager of bounty companies for various projects.
  101. Also, Anton Dziatkovskii is a co-founder of the MicroMoney project (https://www.micromoney.io/), director of education for the UBAI project (https://www.ubai.co/). One of the UBAI products is the BTCNext exchange (https: //www.btcnext.io/). Anton Dziatkovskii is a co-founder of the QDAO DeFi project (https://qdefi.io/en). Anton Dziatkovskii is also a member of the NoahCity project team (https://noahcity.org/en). Anton Dziatkovskii is the founder of the Platinum Fund project team (https://platinum.fund/en), which develops platforms for DeFi projects and blockchain solutions. Anton Dziatkovskii is directly related to the development of the SpaceSwap DeeFi project (https://spaceswap.app/) and its possible co-founder. Anton Dziatkovskii is the bounty program manager of the SpaceSwap project (https://bitcointalk.org/index.php?topic=5314607.0) and this can be seen in his bitcointalk profile which has the username Cubus or in the fraud dispute https://bitcointalk .org/index.php?topic=5185188.0.
  102. Now about Anton Dziatkovskii's personal profile (links):
  103. https://www.linkedin.com/in/Anton-Dziatkovskii-47012a95/
  104. https://www.facebook.com/AntonDziatkovskii
  105. https://twitter.com/antondzyatkovsk
  106. BTT url: https://bitcointalk.org/index.php?action=profile;u=1120647
  107. BTT username: Cubus
  108. GitHub: https://github.com/AntonDz
  109. Telegram: https://t.me/antondz
  110. Whatsapp: +79685331499
  111. ETH-address: https://etherscan.io/address/0x0aaf72da643570da1bf76e8b3063c3f378b3d3d4
  112.  
  113. Address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B has a direct transaction with address 0x4664db097caC5E006AC94705D3C778f2aC896AA8:
  114. https://etherscan.io/tx/0xcdfc173671d819852bc988561d97f012bc9077f0b7cba215cd56dac8eccfb876
  115. https://etherscan.io/tx/0x7cae308a78ea346ff12bb2aabec8006bdb102637e175284b50208102eed8b8f9
  116. https://etherscan.io/tx/0x970ae7f65cf0411cafbbcdaa967d00ed9d683a1fe348e79098f0e266c6e7771d
  117. https://etherscan.io/tx/0x34c682332b1cc547464a7792dd1fcc4e95a43fe039fdfd313ec65cf260ec8577
  118. https://etherscan.io/tx/0x83e6fa104fd2eadf061916d8a876875e40fa427915bc12ad22c27fca067eb21a
  119. https://etherscan.io/tx/0x63c2d52a1878d223031752844c159120acd28aa56e83a60ae4642e7da8143f2c
  120. https://etherscan.io/tx/0xb9ebdc1a15a6e65cdec5bf16f356d5966e893813a71798d5a2238b4b2730961d
  121. https://etherscan.io/tx/0x05577efbf0f6b9290453261d2c891aa521aa09a4d0d2237881f0be01aaee7e49
  122. https://etherscan.io/tx/0x0221d3f6f4bb312a923306c600254e0cff9e054459ede48abede99ac12ce4740
  123. https://etherscan.io/tx/0x69692e6a7cd211ad20eac4651372ce2be46bb029520e61467fe29e8ee7abff5d
  124. https://etherscan.io/tx/0x942ed370ed893dda297d9b3f4c60529f8b44f47adc9e1effcf1a4c8a2e1be5ed
  125. https://etherscan.io/tx/0x5d621d6523e2fe87a2f9027ed5aa631761bfe62160b576d1e571b65e26d29d2e
  126. https://etherscan.io/tx/0x16121cdf65d8710146a114081ccd7d1de7d01cff97d9eca33da57c10275ac0d3
  127. and an additional 15 token transactions. The total amount of related transactions between the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B and the address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 is 28 transactions (!!!). There are also several related transactions using the intermediary address 0xDaEB3B152bE7ac786E79122C4655594e7808587D.
  128. Address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 is associated with Anton Dziatkovskii address 0x0aaf72da643570da1bf76e8b3063c3f378b3d3d4:
  129. https://etherscan.io/tx/0xc75a093e8da8232cda46e64a244d08ea77ef53e3cfd3879c851f24acdef8a06e
  130. https://etherscan.io/tx/0xff9211c8a521f000d9e9f96bf78c5f1630892a7c42f8858aa779dfde9deb54c1
  131. https://etherscan.io/tx/0x9a204b1f662e00747961b31ad6ba858d1b38fbc31f1f8c4cc56e3359d9ca8a86
  132. https://etherscan.io/tx/0x6d4194f76b4dbeac399be2a096684ad4e1347e3928cfb674c339cbc186391d1e
  133. https://etherscan.io/tx/0xba9a9807e2969d5f0d9296426492a38cdcd4e4b8071c64e7d453f7c63b32f4cd
  134. Address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 is associated with address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 (which has made many transactions with address 0x31499E03303dd75851a1738E88972CD998337403, at least two transactions:
  135. https://etherscan.io/tx/0xa6e43e8d7ee9455ebc5291a031548a346fcf4176df41f4201ded66436ab9b115
  136. https://etherscan.io/tx/0xadc4495b302dcb747c7f1db98d79f588ce42ec88369bd653fbfe9e790fdcaaa1
  137. All this means that the overall hacking address 0x31499E03303dd75851a1738E88972CD998337403, which has a lot of mutual transactions with the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912, in consequence, the two roads meet with the address 0x0aaf72da643570da1bf76e8b3063c3f378b3d3d4, which belongs to Anton Dziatkovskii: first road - with the help of mediation addresses 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B (laid the groundwork for 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 address); the second is through the intermediary address 0x4664db097caC5E006AC94705D3C778f2aC896AA8.
  138.  
  139. Address 0x4664db097caC5E006AC94705D3C778f2aC896AA8, is associated with address 0x5a6a52a7bf22813882e988135a7d2be805bb0649 by numerous transactions:
  140. https://etherscan.io/tx/0x5b07bf2f9bd2c796621d0960e43623791ed3b97248401b480a7f5cc13188440a
  141. https://etherscan.io/tx/0x741aed055bed684f1149c130f3ebdffe414da3bf4026d002d30c8fa12a179220
  142. https://etherscan.io/tx/0x6e4d6693cee30d4b077489820f32d380913f18810285be608ca3e8d9a0982ed6
  143. https://etherscan.io/tx/0x7b83d4b6d2a93dd0a10420381ebec9b8a2d5791073e0dae799731c2ebf7b0449
  144. https://etherscan.io/tx/0x2128a3d2785868c553d8a82c501239cd246c2ec0acc949710ce2388dd8d2b069
  145. https://etherscan.io/tx/0xf0e6f25433ed29f917761a09d055b87889532f2a9e9f6d2a4f7d91cd9cda590f
  146. https://etherscan.io/tx/0xc22f519e47a86d1429dac5be5cec802fbe2d975a17fe1d9562821a5c41a25261
  147. https://etherscan.io/tx/0x8fb76aeae37295b2ecee24c4d83e7a689162de88eec475a088fdea7c2fc3ae99
  148. https://etherscan.io/tx/0xba49ca3ec1b8abecbe1bb0cb37a72f5632004371a4844bd9b9a80885f3ada3a8
  149. https://etherscan.io/tx/0xbfc65a07cbc1d9160c943622a6c00b9d9f3a0752858ffd0bb94b3e4ecbdeded2
  150. https://etherscan.io/tx/0x6c83d5f6dfcdd80bb3fc4b80c5bb7a0e37ca5a6d35765b5bea5da7567d0514ba
  151. and an additional 58 transactions (https://etherscan.io/address/0x5a6a52a7bf22813882e988135a7d2be805bb0649#tokentxns).
  152. In total, the number of mutual transactions is 69 transactions (!!!).
  153. Address 0x5a6a52a7bf22813882e988135a7d2be805bb0649 is the foundation https://etherscan.io/tx/0x9e872cf2555bd5b07f1420b2195f9e397190971ea928725158ee7103142f801c to form the address 0x71e0d074bb70fdc5345f986e3435117f52afcebb - the creator of a smart contract for QDAO tokens issued by the QDAO DeFi project, where Anton Dziatkovskii is a co-founder:
  154. https://etherscan.io/address/0x3166c570935a7d8554c8f4ea792ff965d2efe1f2
  155. Address 0x71e0d074bb70fdc5345f986e3435117f52afcebb, is the creator of the smart contract for the BNX token, which belongs to the BTCNext exchange, which is part of the UBAI project, where Anton Dziatkovskii is the co-founder.
  156. Address 0x71e0d074bb70fdc5345f986e3435117f52afcebb also cooperates with address 0x4664db097caC5E006AC94705D3C778f2aC896AA8 in transactions.
  157. Address 0x5a6a52a7bf22813882e988135a7d2be805bb0649 also has several direct related transactions with address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2:
  158. https://etherscan.io/tx/0xd016bd35a947a95af6505db3f426b53d9429f21705cd340f29cf96d6bb7d478a
  159. https://etherscan.io/tx/0xf7adf5ff89bb7a00bbaf7dbc81bf8a889f01139766f45756f22615a3bebbbadf
  160. and many transactions with different tokens,
  161. as well as using the intermediary address 0x3c586d0e07f312a180ec46d4c27d831731c41d23 with multiple transactions.
  162. Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 also cooperates with address 0x4664db097caC5E006AC94705D3C778f2aC896AA8.
  163. Just address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2, has a direct transaction with the address 0x834e6BEdC304C4C610557e9fFAf0D4Ec310b881B, which is the founder 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 addresses having a plurality of transactions with the common hacker location 0x31499E03303dd75851a1738E88972CD998337403:
  164. https://etherscan.io/tx/0x3084669504ddca7161a0afc35207a961c4870581fa2d1740dc11f5f2ede43322
  165. as well as transactions using the intermediate address 0x3c586d0e07f312a180ec46d4c27d831731c41d23.
  166. Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 is the creator of smart contracts for MILK2 tokens (https://etherscan.io/address/0x66d1b01c0fd7c2d8718f0997494b53ff5c485688) and SHAKE tokens (https://etherscan.io/address/0x6006FC2a849fEdABa8330ce36F5133DE01F96189) , which belong to the SpaceSwap project, to which Anton Dziatkovskii has at some direct relation.
  167. Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 is the creator of the smart contract for CNYQ tokens (https://etherscan.io/address/0xc541b907478d5CD334C0cbfcB9603b6dac6e9ee3) , JPYQ (https://etherscan.io/address/0x558A069a3A1a1e72398607b9E3577fCe1C67EA63) , which belong to the QDAO DeFi project, Anton Dziatkovskii is a co-founder.
  168. Address 0x81cfe8efdb6c7b7218ddd5f6bda3aa4cd1554fd2 is the creator of the smart contract for NOAH ARK tokens (https://etherscan.io/address/0xfce94fde7ac091c2f1db00d62f15eeb82b624389), and tokens NOAHP (https://etherscan.io/token/0x41b3F18c6384Dc9A39c33AFEcA60d9b8e61eAa9F), which belong to the NoahCity project, in which Anton Dziatkovskii is a member of the team.
  169. I would like to note the following that many wallet addresses associated with the EasyFi hacker address 0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37 (including some intermediate addresses) have MILK, MILK2, SHAKE, NOAH, QDAO tokens on their balance. Even the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912, which has many mutual transactions with the well-known common hacker address 0x31499E03303dd75851a1738E88972CD998337403, contains these tokens.
  170. By the way, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 has BABYMILK tokens on its balance (smart contract https://etherscan.io/address/0xe00edf07bbab7f9e7a93ffbffdd4c16c5dbc6b03 - BabyMilk TEST token by SpaceSwap v2, at the same time, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 takes the #13 place among the holders of these tokens (https://etherscan.io/token/0xe00edf07bbab7f9e7a93ffbffdd4c16c5dbc6b03#balances) . As a rule, such a high rating among the holders is occupied either by the co-owners of the project or by the leading investors in the project.
  171.  
  172. Also, the address 0x1aa6eb6e5752cc57fd32c91c089083f7ac99c912 (which has a lot of mutual transactions with the common hacker address 0x31499E03303dd75851a1738E88972CD998337403), has a direct link with the address 0x72d49544D17e3C98B0f94D97eE851981279f3aa9:
  173. https://etherscan.io/tx/0x11cf0326b7b0ee31db33231d2b5eac63763d323f065a72bbfe77baf147e90fe7
  174. https://etherscan.io/tx/0x11cf0326b7b0ee31db33231d2b5eac63763d323f065a72bbfe77baf147e90fe7
  175. This address 0x72d49544D17e3C98B0f94D97eE851981279f3aa9 also belongs to the SpaceSwap project, which can be confirmed on the Rarible website page:
  176. https://rarible.com/spaceswap
  177. https://coinranking.com/ms/nft/a0a0d045cc-rarible-fallen-puppet
  178.  
  179. By examining the block conductors, we can determine where the Nexus Mutual hacker sent funds:
  180. 1. Transaction to convert renBTC to BTC https://etherscan.io/tx/0xd0b498293d36e2f264b377d3cfec5d1701a92808f0f7580881f6459a6e9c0062 got an exit in a transaction https://www.blockchain.com/ru/btc/tx/75e7645350615dcb1526010af5c9ca264f962136dec83e11120056ff66d579f0. So this is the BTC address bc1qmyxuldmsec6xm7gm7dnmmth4lz776tr5mtluvp followed by outgoing transactions.
  181. 2. . Transaction to convert renBTC to BTC https://etherscan.io/tx/0xfdd36a0c510bb7acf66ab3f42f8682eae563f52767f8a897d03f087426f683c0 got an exit in a transaction https://www.blockchain.com/ru/btc/tx/b59fd9206d1e81e520c5000e60907a7c2ba730d18f34b488ea60f29c718886bc . So this is the BTC address bc1q6qsnqt98g3aggqy6adlpxkgngughwc66f93dve followed by outgoing transactions.
  182. 3. Transaction to convert renBTC to BTC https://etherscan.io/tx/0xe6c87c15e0f71640cb61be417a651a532b7321a12b2022203f6a16f2f3f64e4f got an exit in a transaction https://www.blockchain.com/ru/btc/tx/a3191751822b488aed9be4712992271dfd51ff71f1a4f1c40df23c6e559b7894 . Hence, this is the BTC address bc1qun448hv5cudqlwrmghju58jnprkguy48emtj8a with subsequent outgoing transactions.
  183.  
  184. By examining the block conductors, we can determine where the EasyFi hacker sent funds:
  185. 1. Transaction to convert renBTC to BTC https://etherscan.io/tx/0x2e575a4f490423bd49d79cce9a5f5b6067fb3aabcdd695ee9caa8fd91193d1c0 got an exit in a transaction https://www.blockchain.com/ru/btc/tx/f0dafd9b6377bc2ed4899ab8a982ca23ce30b2c3f217e13f86a2e49a450397bc . So this is the BTC address bc1qfl085d0fxy8s6grja5qf8cgqvx8w94ufaygg9y with subsequent outgoing transactions.
  186. 2. Transaction to convert renBTC to BTC https://etherscan.io/tx/0xf3932eb7ae1a0ad8c74b9e05e5b2a81333576e69d798805f06e816724596c077 got an exit in a transaction https://www.blockchain.com/ru/btc/tx/e0d56ea73302b422b1f377e297f9581f133924fb1db5ceb7847ff22c80a8b956 . Hence, this is the BTC address 17WFZENdcgkCvVjENQWJnqwXyiCkgTdGbi with subsequent outgoing transactions.
  187. 3. Transaction to convert renBTC to BTC https://etherscan.io/tx/0xf4316088f83c541027feaea0fdf798a844eda364ef7c965c9625d58da43ba30c got an exit in a transaction https://www.blockchain.com/ru/btc/tx/c2949b10e22c3a235c08f2b78c6c839ea8955a5e89c69232627b31f77636f967 . Hence, this is the BTC address 1395hgVUB2P7yv145sRbt6Ykbi3qargnoD with subsequent outgoing transactions.
  188. 4. Transaction to convert renBTC to BTC https://etherscan.io/tx/0x6cb20a995a7e722622d8648f7853b550fa04dae4f8fe5d9625f19025159a1d3c got an exit in a transaction https://www.blockchain.com/ru/btc/tx/47d23bd06022cdafa62f038cf2b9e0b912d0ec0b1da884252ce67dbb8f8a3bd4 . Hence, this is the BTC address 1DzGYwnUKu9ukGBKm8kTvoezjfCQ2qLwYr with subsequent outgoing transactions.
  189.  
  190. By examining the block conductors, we can determine where the FinNexus hacker sent funds:
  191. At the time of this writing, the FinNexus hacker has only made a deposit for Tornado Cash:
  192. https://etherscan.io/tx/0xdfff5f1f94045f87569eca8100393861d847fb558115031aec4173b1dd9b5df4
  193. We can see the exit from Tornado Cash in the transaction:
  194. https://etherscan.io/tx/0xa0346bf9cdb454e3e59fcd969ef351297f4850629d806f75992841a700b8b63a
  195. This means ETH-address 0x996f5CcbF2856137744603b382dE559b78a096fC is the recipient to whom the FinNexus hacker sent 10 ETH using Tornado Cash.
  196.  
  197. Next, 0x996f5CcbF2856137744603b382dE559b78a096fC sent 3 ETH for address 0x487927e4c49ac6e03d0168dade4a400017197c65 in the transaction:
  198. https://etherscan.io/tx/0x4cfd671ba3c6b376c9b56573f9727d3ae74155621e099b097bfc35ef5ecd4097
  199. Address 0x487927e4c49ac6e03d0168dade4a400017197c65 created 2 smart contracts:
  200. - He created a smart contract 0x2dd4bffd9d4fc1fd48cca3b1e83d96ece4b51460
  201. (https://etherscan.io/tx/0xd476c5eef7664c38cb77d5dfe54295c64ac7a19f6bc020920fcdd825b1f0bc68)
  202. - He created a smart contract 0x3c690e31359f83d7b82cbf105d9b71e813f016bb
  203. (https://etherscan.io/tx/0x0e117c3fbedbd8bd3cb549daa2fdeefa90bea46bc51632e1fb05caf296b6ca37)
  204. Both of these smart contracts are created to interact with smart contract 0x606246e9ef6c70dcb6cee42136cd06d127e2b7c7:
  205. https://bloxy.info/graphs/0x3c690e31359f83d7b82cbf105d9b71e813f016bb
  206. https://bloxy.info/graphs/0x2dd4bffd9d4fc1fd48cca3b1e83d96ece4b51460
  207. Smart contract 0x606246e9ef6c70dcb6cee42136cd06d127e2b7c7 belongs to the Bondly project (DeFi) https://www.bondly.finance/.
  208. I doubt the hacker is going to start some kind of fair play by making a simple tranche with Tornado Cash where he can be traced. Maybe now the hacker has chosen a new victim for a new hack and this victim may be the Bondly Finance project ???
  209.  
  210. In all three attacks on projects, the hacker also used complex transactions using Tornado Cash. A detailed study of these complex transactions will take a lot of time and labor, which is comparable to the total amount of time and labor that we spent on this investigation. Unfortunately, we cannot spend that amount of our resources (time and labor) for free to determine the outputs of their Tornado Cash, as we still have not received the slightest financial support from our readers and viewers.
  211. Many people showed interest in this article and our video, but none of them provided us with material support. We are very upset about this. Not finding financial support from our readers, perhaps on this we will stop this our investigation, and also, we will no longer participate in any other public investigations. Now it only depends on you: will we continue this independent investigation, as well as the further existence of our project, according to our further independent investigations, to study hacks and frauds in the crypto space, which will have a positive impact on the security of crypto projects and investments.
  212.  
  213.  
  214. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
  215. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
  216.  
  217. To thank the contributors to this independent investigation, you can send any amount of funds to any of these addresses of ours:
  218. BTC address: 15TFrZCEWn2FbaXhCX2R7tWCotSjGMmZvp
  219. ETH address: 0x6c629437eF38Aa610fb14FfF8BebA7Dc5B21B29E
  220. TRX address: TRbEpq38kNfJp7smiRPNaXAYKPGycvjnts
  221.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement