Over 25,000 ETH from Bancor hack Moved to Exchange
Contents
BREAKING NEWS: Over 25,000 ETH from Bancor hack Moved to Exchange
By: Elizabeth Yeung, Cyber Security Researcher, Sentinel Protocol
On 13 March 2019, ether tokens that had been stolen by attackers in the Bancor hack in July 2018 were finally transferred from wallet to wallet after seven months of inactivity. The Uppsala Security Operations Team has picked up on this anomaly and uncovered the identity of the destination addresses.
Money Flow Analysis
The starting address in question is 0xbceaa0040764009fdcff407e82ad1f06465fd2c4, which has been annotated as “Bancor Hack” on Etherscan and is now blacklisted in Sentinel Protocol’s Threat Reputation Database (TRDB). What follows next is a series of movements that are easily visualized using our Crypto Analysis Transaction Visualization (CATV) tool, shown in Figure 1.
Note that for readability, a truncated version of the involved addresses will be used throughout the article, and a mapping to the non-truncated version will be provided at the end.
From 0xbceaa0, the …
By: Elizabeth Yeung, Cyber Security Researcher, Sentinel Protocol
On 13 March 2019, ether tokens that had been stolen by attackers in the Bancor hack in July 2018 were finally transferred from wallet to wallet after seven months of inactivity. The Uppsala Security Operations Team has picked up on this anomaly and uncovered the identity of the destination addresses.
Money Flow Analysis
The starting address in question is 0xbceaa0040764009fdcff407e82ad1f06465fd2c4, which has been annotated as “Bancor Hack” on Etherscan and is now blacklisted in Sentinel Protocol’s Threat Reputation Database (TRDB). What follows next is a series of movements that are easily visualized using our Crypto Analysis Transaction Visualization (CATV) tool, shown in Figure 1.
Note that for readability, a truncated version of the involved addresses will be used throughout the article, and a mapping to the non-truncated version will be provided at the end.
From 0xbceaa0, the …
IoC
38b43d08b1a54099d5583b3994cafade2d55f428
78ede622b687a74d1b6557e4e2a8a11e878edbec
b9ae7bb85b0b2a0a7b9143ed045467df1dece836
bceaa0040764009fdcff407e82ad1f06465fd2c4
d294ac18b524ff59ab7fffcbd459f11128220550
df95de30cdff4381b69f9e4fa8dddce31a0128df
ed3fae3fdf61bfe32bb34c06f210a308590de747
f056f435ba0cc4fcd2f1b17e3766549ffc404b94
f27b6923ed24eed02de7686962339db00a52d2aa
78ede622b687a74d1b6557e4e2a8a11e878edbec
b9ae7bb85b0b2a0a7b9143ed045467df1dece836
bceaa0040764009fdcff407e82ad1f06465fd2c4
d294ac18b524ff59ab7fffcbd459f11128220550
df95de30cdff4381b69f9e4fa8dddce31a0128df
ed3fae3fdf61bfe32bb34c06f210a308590de747
f056f435ba0cc4fcd2f1b17e3766549ffc404b94
f27b6923ed24eed02de7686962339db00a52d2aa