We had a rough month, with multiple hackings from BTER to CAVITEX and other exchanges as well. So 1.680.000$ million of Bitcoin has been stolen from BTER.com, it passed 9 days and the hacker is on the move again!
We first tough it was a node (our mistake), now we know it’s a very well hidden hacker but also we suspect an inside job. Why ? Because on BTER front page it stated clearly that the funds were stolen from their “COLD WALLET”.
What is the notion of a Cold Wallet? A cold storage system should meet a handful of criteria:
- It must never be connected to the internet or any public network
- It should store its own keys
- Those keys should never ever be communicated to an online system
- The only inputs to the system should be unsigned transactions or messages
- The only outputs from the system should be signed transactions or messages
Or the BTER.com has not stated correctly by saying “Cold Wallet”, which it will be a bit awkward since they appeared to be an experienced player on Bitcoin market.
Anyway let’s get to the subject and see where the funds are splitted. From the original 7 Accounts now they are 4 untouched with 220.000$ each and 3 of them are moving. We will highlight with RED those that are moving.
https://blockchain.info/address/1J4TJQKgh1phPMcsV8cbRkAhV2Q6V8wW25 Started to move on 2015-02-20
https://blockchain.info/address/1Q2MxBc9Zbe6A35mTcD5jyU8PMr4K6oqGC Started to move on 2015-02-18
https://blockchain.info/address/1Muse5NL7nDPPHVreF2Gkq5wv5XLbC2Qtz Started to move on 2015-02-17
So let’s follow their path and see on which new accounts they are leading us to. And when we tried to do this, we got ourself dizzy, it’s a major mixing between accounts and some of them are lopping, some of the funds looks like they ended up in some sort of exchange. We will post some of the accounts that they are still having funds on them and what we found so far. But I am sorry for the people that had their money in BTER, they’ve lost them big time, in an ugly way.
So this is part of them, some of them have small amounts from 500$ – 5000$, which I believe will be used to withdraw them in an exchange or for personal spending.
The movement is very fast and it’s getting extremely hard to track all of them. I notice that some funds are going in old accounts that have 12 mil$ in Bitcoin or 2 mil$ in Bitcoin, which it makes me think that they are gone into exchanges already.
If you track them and find new addresses except the ones listed here, post them in the comment section and we will update the list for everyone to view.
Also, if can somebody explain us why BTER said “Funds stolen from cold wallet”, when a cold wallet/storage should be offline, that would be awesome. We can only go with the idea that they have not expressed as they wanted to do or some employee or somebody from inside did this robbery.
Stay tuned for more updates about the movement or any new accounts we find, also if you like our agility on this theft don’t forget to use our ChangeTip button.
Thanks – 24/7 Crypto News Team.