I’m doing these in parts so I can get the info out quicker and maybe others can use this information to do their own detective work! Let’s catch this hacker and make sure they face the toughest legal consequences possible.
How you can help? Participate in Crypto safety. Educate others. Do anything you can to spread the word. Help us by promoting our cause and creating conversations about scams! If we really want the cryptocurrency industry to succeed, we need to finally take the safety aspect seriously!
The same wallet that was used to drain Stars Arena was also used to scam on Binance Chain, directly connected to testing scamcoins on Avalanche Fuji and connected to Fiat on-ramps and named accounts!
The Hacker’s wallet on Snowtrace
The Hacker’s wallet on Binance
Wallet ending in 223, sent a transaction to the hacker’s wallet on Binance chain here. This suggests the same person that hacked SA, also controls this address on Binance Chain, based on the scam activity this 223 wallet is tied to. Or that the wallets are linked together in some way because it is a direct transfer.
When you trace this transaction back to the Sender’s Wallet 223, you start to notice a pattern and see multiple fiat onramps some with required KYC like Binance. Binance requires KYC, right? Genuine question, I don’t know anymore.
Going back, I notice that the wallet that funded 223 was also funded by Binance. It is clear that this person has been using this wallet for personal use, it doesn’t prove that it is the hacker’s wallet though.
Contacting binance and figuring out how to get a name of the depositors to this wallet might not be a bad idea. If someone is identified through other means, and the names match up, you could potentially uncover more scams and have a name to put to them.
They also received funds from a Mexc account. In all, there are 325 transactions in the 223 account.
Now, here’s where things start to get even more interesting.
Wallet 223 has been making Test scamcoins on Fuji by interacting with contracts? I can’t tell exactly what is going on here. But tracing it back further and looking in the internal transactions, you can see that random contracts are sending test Avax to this address. And going even further back is where I’m going to begin exploring in Part 2.
There are also named addresses funding wallet 223 , for example this name lt102p . bnb https://bscscan.com/tx/0x50b75abc979c36edd2992e2bd9eeae79e3f4f573f09b62004b8d589374df9c47 , which just so happens to have a twitter account. And guess what, wouldn’t you know that it’s posting about crypto. https://twitter.com/luck_twin
I’ll start part 2 as soon as I post this. Please know that I cannot guarantee any information provided in these medium posts, this article is for educational and research purposes only. Please cite us if you use the information or media we’ve provided here to help our cause.