Part 1 Review:
— Hacker is connected to a wallet where they receive deposits from Cex accounts
— Connected to a named address, which there is also a twitter account made reposting crypto. Maybe an email/phone number is attached to that account
— Wallet 0c9 tested scamcoins on Avalanche Fuji
Looking further into the Fuji test Wallet 0c9 , you can see they are testing something. Maybe trying to make the hack work on one of these tokens? I don’t really know. Check the different tabs like internal transactions. There’s a lot of action going on in this wallet, shortly before the hack.
The contracts are using something like mint(address _to,address in the internal transaction tab from over 450 days ago.
When I trace the contracts above to their creator’s addresses, there are so many transactions creating different scam coins. For example, wallet 473 created one of the contracts pictured above (the “from” transactions have the icon that indicates it is a contract). They doing something very similar in all of these wallets that created contracts.
Pictured above, leads me to believe that the hacker has been doing this for a long time and has deep scam roots on the Avalanche network and possibly many other chains. This is speculation and I am not able to prove this right now.
Sifting through the addresses that created some of these contracts I found some recent movement, post hack, on a contract that the hacker created , funded by wallet 0c9 (remember this is the wallet directly connected to the hacker’s wallet)
This means either the hacker is still testing their contracts they created or it’s a contract that multiple people use.
Here is the path. Follow with the pictures and underlined links, and you will find that it goes directly back to the Avalanche Fuji wallet 0c9 connected directly to the wallet that exploited the Stars Arena contract. Click on this contract first then follow the underlined links in the pics.
There are so many more branches to take and wallets to explore. I wanted to help everyone out there get started or give them some places to start looking! It’s very possible this person is still using the blockchain and I’m confident we can work together to connect the dots!
I’m not able to create a part 3 tonight or even tomorrow (work and prior plans), but I hope to get some help from the community to continue it for me!
Please know that I cannot guarantee any information provided in these medium posts, this article is for educational and research purposes only. Please cite The Detective’s Guild if you use the information or media we’ve provided here to help our cause.