Hackers Are Shuffling Binance's Stolen Bitcoin

The Binance hackers are moving their stolen BTC into smaller and smaller wallets in an effort to hide their tracks.

May 8, 2019 at 5:56 p.m. UTC
Updated Sep 13, 2021 at 9:09 a.m. UTC

A team at blockchain services company Coinfirm has been watching the erratic movements of the bitcoin associated with $40 million stolen in the latest Binance breach.

At 4:11 AM on May 8 the hacker or hackers moved 1214 BTC ($7.16 million) to new addresses and then moved another 1337 "to 2 new addresses held by the hacker."

This is the fourth major exchange hack of the year, following Cryptopia, DragonEx and Bithumb.

Image via Coinfirm

The hack took place at 5:15:24PM on May 7 when hackers dragged over 7,000 bitcoin from a single Binance hot wallet into in a number of smaller wallets in a single transaction. The hackers then moved small amounts into smaller wallets. Given the nature of the BTC blockchain it's easy to see where each Binance bitcoin is going but it is difficult to perform real forensics on the wallets in order to understand who - or what - created them.

Why the brisk back and forth movement? Writer and blockchain analyst Amy Castor thinks the hackers are trying to erase their tracks.

"Money laundering 101: breaking the transactions up into smaller and smaller amounts making them more and more difficult to track," she said.

Image via Coinfirm

Image via Shutterstock


The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.