The US Government wallet known as Bitfinex Hack was compromised, moving $20M to a new wallet that immediately started to swap and launder the assets. The transactions originate from the Bitfinex Hack Wallet, held in custody since 2022.
Crypto wallets belonging to the US Government were compromised for $20M. Initially, the Bitfinex Hack wallet received funds from Aave. Then, up to 20M were moved to a new address, which had links to DEX traders and was funded suspiciously by a MetaMask swapper. It turns out the activity was indeed an exploit, swapping and mixing the funds into suspicious addresses linked to money laundering. Arkham Intelligence tracked the token movements and concluded the case was indeed an exploit.
𝗨𝗣𝗗𝗔𝗧𝗘: 𝗨𝗦 𝗚𝗼𝘃𝗲𝗿𝗻𝗺𝗲𝗻𝘁 𝗹𝗶𝗻𝗸𝗲𝗱 𝗮𝗱𝗱𝗿𝗲𝘀𝘀 𝗮𝗽𝗽𝗲𝗮𝗿𝘀 𝘁𝗼 𝗵𝗮𝘃𝗲 𝗯𝗲𝗲𝗻 𝗰𝗼𝗺𝗽𝗿𝗼𝗺𝗶𝘀𝗲𝗱 𝗳𝗼𝗿 $𝟮𝟬𝗠.
$20M in USDC, USDT, aUSDC and ETH has been suspiciously moved from a USG-linked address 0xc9E6E51C7dA9FF1198fdC5b3369EfeDA9b19C34c to… pic.twitter.com/UXn1atE1Wx
— Arkham (@ArkhamIntel) October 24, 2024
The US Government wallet was first active with consecutive withdrawals from Aave lending pools, returning ETH and stablecoins to the Bitfinex Hack wallet. Until now, the US Government has not announced involvement with Aave lending vaults, causing surprised reactions on social media.
The addresses for ETH, USDT, USDC, and AUSDC moved to a single known wallet, which now holds around $6.5M. The wallet has been dusted and has received several risky token transactions. The entire value of the swapped assets reached $20M.
The US Government has not moved any of its BTC, which was previously earmarked for selling. The most recent transactions are a small fraction of the wallet, but are raising questions on the exact intentions that led to the transactions.
Recipient wallet starts to move funds to Binance
About an hour after transferring $20M in ETH and stablecoins to a new address, the funds started to move again. In several minutes, most of the wallet’s holdings were sent to Binance.
The recipient wallet also used the 1Inch DEX aggregator to swap AUSDC V2 for around 15 ETH.
The fast movement of funds further raises suspicions of a potential exploit, as the US government has been conservative in selling the assets. Usually, the funds from US government vaults go through Coinbase Custody, and a straight transfer to Binance or to DEX is extremely unusual. The movement of funds usually also comes with a warning, especially for BTC. This time, the US government behaved like a fast trader, while on-chain researchers were still trying to determine if the events were part of an exploit.
A part of the funds were also sent to yet another high-balance wallet in four separate transactions, not flagged as belonging to an exchange. That last wallet was created two years ago and is a high-activity hub with constant stablecoin and ETH flows.
On-chain analysis uncovered suspicious wallets
The latest transactions affect a relatively small share of the wallet. However, the activities raised suspicions of a possible exploit, due to the history of the new wallet.
The wallet to which the US government sent the funds was first funded by the address of a MetaMask swap user. The address does not look like a specially created cold storage or custodial wallet. The funder has previous activity swapping ETH, USDC, and PRO tokens.
The strange counterparties to the US Government wallets raised suspicions of a possible exploit, especially given that the transactions happened within minutes of each other, with no previous preparation or test transactions.
The Bitfinex Hack wallets withdrew USDT and USDC from Aave lending pools for a total of $6.59M. It was precisely those funds that got moved to a new address. For the last time, the Bitfinex hack wallet moved ETH eight months ago, and it is now stored in a new wallet with limited activity.
The Bitfinex exchange was hacked in 2016 for 119,765 BTC, with the exact identity of the hacker unknown. The funds originated from the exchange’s hot wallets. In 2022, US law enforcement discovered some of the Bitfinex funds were held by Ilya Lichtenstein and his wife Heather R. Morgan, who controlled more than 94K BTC and other assets.
