Attackers who managed to gain access to the accounts of many celebrities on Twitter transferred the received funds to a separate address. Previously, it was used to send funds to Coinbase and BitPay and CoinPayments services.
Related: Craig Wright BTC address is associated with hacking of MtGox
#TwitterHack @coinbase @BitPay
— whitestream - Blockchain Intelligence (@whitestream5) July 16, 2020
Please check the following Bitco_in addr_ess that received B_itcoin from the attacker scam ad_dress: 1_Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuy_F pic.twitter.com/J0kcyw0p8B
Recall, unknown attackers hacked Twitter accounts of Binance CEO Changpeng Zhao, Bill Gates, Jeff Bezos, Elon Musk, and many others. On the pages of hacked celebrity accounts, were posted messages about the fake distribution of 5000 BTC from an unknown site Cryptoforhealth.
According to Whitestream blockchain analysts, three transactions sent by the following address lead to Coinbase and BitPay wallets. 14.75 BTC (almost $135,000) managed to arrive at this address. Subsequently, hackers used a bech32 address.
The first transaction involves the transfer of 1.2 BTC ($11,000) in May this year. In the second and third, insignificant amounts appeared a few days before the current events. Experts believe that at that time the hacker was in the process of switching to a bech32 address. The nature of the last two transactions prompted them to such a thought.
The company believes that the recipients of the funds will reveal the identity of their sender. However, the investigation may not be so simple if the attacker's transactions were connected with payments to merchants through these services.
Whitestream suggested that the attacker used the old address intentionally to confuse the traces in order to conduct an attack.