Tx: f6d69904951150e89504678cde988216b165b04807d79a5474b72496c5131255
Lets go in reverse direction this time just because I am bored and want to analyze differently
Below is a random tx which has Binance cold storage address in output, lets start expanding its inputs and follow them to the origin which links to Coinsecure hack
https://oxt.me/graph/transaction/tiid/1768949488
I selected 4.38 BTC input to expand from above will look at other inputs later
Came across this interesting output in one of the transactions: https://oxt.me/entity/tiid/439521847
One Binance address found in output of a tx along the way, will highlight this and check later
So we finally reached the address which was shared by Coinsecure after the hack. Yes, its a long chain and hacker was moving funds from one bech32 address to another not sure why.
Now lets look at the Binance wallet tx we found in between
Above is the address to which a small amount (0.3 BTC) was deposited on April 17,2018
Looking at the last part of transactions reaching other Binance cold storage where we started this analysis from, BTC sent from bech32 address to 1JjXsVtYWA8deJvDJzQHdAE4v78pdtxyCC
And finally reaches Binance cold storage address: 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s
Following the other input with 4.49 BTC in tx mentioned in screenshot A
Please note that this transaction is from November 2017 i.e. before the hack incident.
Its super interesting that this transaction took us to Bitfinex!
If you are confused by now about the flow of transactions, we followed the first input this time to reach Bitfinex and had followed the last one earlier to reach Coinsecure from screenshot A
The 1.99 BTC takes us to Binance in which a batch transaction is done to send funds to different addresses, some of them are of other exchanges but transaction is from March 2018 i.e. before the hack incident.
Conclusion: There can be some relation between the hacker and those transactions from Bitfinex and Binance.
