On-chain sleuth 🕵️
@Onchainsnoop
Followers
293
Following
642
Media
52
Statuses
177
Fighting/Tracking/Reporting on-chain scams in my free time.
Joined September 2022
1/ Meet Yicong Wang (王逸聪), a Chinese OTC trader who has helped Lazarus Group convert tens of millions of stolen crypto to cash from various hacks via bank transfers since 2022.
404
870
6K
Phishing is a year-round sport... ...but crypto has been providing especially bountiful waters lately. When it comes to the experts, it seems nobody is safe. What lurks in the murky depths? https://t.co/zXmUXeJ54p
8
17
77
It appears North Korea is also responsible for the $54M @coinexcom hack from yesterday after they accidentally connected their address to the $41M Stake hack on OP & Polygon. 0x75497999432b8701330fb68058bd21918c02ac59
280
307
2K
@coinexcom As more information emerges and losses extend to two additional chains, BTC and XRP, the total stolen amount has surged significantly! BTC: 1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH - 231 BTC ($6M) XRP: rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf - 12,625,364 XRP ($6.1M) https://t.co/CCjs0ZQY3w
#CoinExResponseUpdate - We have identified and isolated the suspicious wallet addresses linked to the hack: $ETH: *0xce013682eddefaca8c94fe56a43a04212ebe4673 *0x8bf8cd7F001D0584F98F53a3d82eD0bA498cC3dE *0xCC1AE485b617c59a7c577C02cd07078a2bcCE454
0
0
0
Stolen funds on Ethereum are on the move. 3,365.31 ETH worth $5.35 million is transferred to a new address (0x2118e4432d668aCFa347ddBA0efCcc6BB04DB297) #hack #ETH
@coinexcom
1
0
0
Update: All the funds on Polygon and Tron have now been transferred to new addresses. Polygon: 0xD4342E0277b3B9d11902FA1760F072868ECDBE2e TRX: TP75t6owoqXxskLq6FB2R37PymNTmohq9L
1
0
0
Stolen tokens on on all 3 chains are being converted to thier native tokens. Additionally, a portion of the funds on Polygon has been transferred to a new address https://t.co/esOUElGaQj
@coinexcom
oklink.com
Explore Polygon address 0xd434...cdbe2e information at OKLink. You'll see the specific information including: address label, balance, number of tokens and token value.
Looks like keys compromised. Outflows from lots of their hot wallets across many chains. Zach dropped more theft addies here 👉 https://t.co/Y7G9ZK1CMe CoinEx has been around a while and has shit across all the chains. I expect more outflows to be found in coming hours.
1
0
0
🚨 Stolen funds from @Stake on BNB chain are on the move! via @axelarcore @squidrouter, shifting from BNB to AVAX. Sending/Receiving address address on BNB/AVAX: 0x695A2a6713D911fA48D9b0e2eb936F95575Ad894
5
0
1
Looks like the @coinspaid hack might be more than what's report: Ethereum (ETH) Network Loss: Addresses: -0x68aff47f17ec39015d921bbb70a190197e349de2 Amount Lost: 6,698.96 ETH, equivalent to $12.5 Million Tron (TRX) Network Loss: Address: -TUGFXFeoQ72w9EpYPibUNhXwzzKKmkNQp6
CoinsPaid is back to processing after being hit by a hacker attack. Сlient’s funds were not affected and are fully available. More details in our blog: https://t.co/XukI4ZTTLw
0
6
16
🚩MistTrack Update🚩 Recently, the crypto community has been stirred by a sequence of incidents involving @coinspaid, @AtomicWallet, and Alphapo. A veneer of mystery shrouds these incidents, yet there's a possibility that Lazarus might be behind them all!
2
6
28
Web wallets are impossible to secure. I know because I built one too. I don't know why yall insist on repeating history. Even if you manage to secure your own product and infrastructure, the hackers will just hack the infrastructure of the internet. https://t.co/Dpr0pMTP2R
theverge.com
At midnight ET last night, MyEtherWallet users fell victim to a combination of DNS and BGP attacks, hacking into ethereum wallets by breaking the basic infrastructure of the internet.
I can’t believe that in 2023 someone built a browser wallet - @MutinyWallet is a terrible idea and NOBODY should use it! We spent YEARS (2014 - 2017) trying to find ways to secure @MyMonero’s web wallet release against an ever-increasing series of attacks including: -
11
45
178
A total of 1,200 BTC has been gathered in these 4 addresses through Sinbad Mixer, and the funds remain unutilized. 👀Watch out for a sudden influx of funds flowing towards #Avalanche
#Atomicwallet #LazarusGroup #SinbadMixer #NORTHKOREA #hack
2
0
4
🚨Suspicious BTC addresses alert! These addresses are most likely linked to The Lazarus group: 3MGGaHbbEoiYxMwVP122vqEkTzArJp42gy 32gb99jbM3WZh4jjBar8JrU6uMHsR53zYN 38uYxAYg89wynwQkZFPMsvSjhUYPgeU2cD 3K51fnck4PKSoYWQ8ttwoe3nfZcc4BcPj4
2
0
1
The reported figure of $35 million stolen from Atomic Wallet is significantly underestimated IMO 👀
0
0
0
Based on their previous hacks (#HARMONY and #Ronin), this group follows a consistent pattern for their Bitcoin transactions: Stolen funds -> #SinbadMixer -> Avalanche Bridge -> Tron/Ethereum/Back to Bitcoin.
1
0
0
These addresses have recently received a significant portion of the funds from the Atomic wallet hack through Sinbad Mixer and are likely associated with the North Korean Lazarus group.
2
0
0
🚨 Keep an eye on these addresses: 3GRPGErVNW7zLh1jP1rSBCm6NYtP7TDx8Z 3DiESmnv611axcvcj6d4i8WA8i52q9KFkJ 3GFPYbffaN14Dy2tdMq7vfk1UoZFtdoyFi 3CfxTy1QW6LL3NBCiiHvpUNFzHTiJaWzXw 3PSwvYKyeXdEkBNZdwQNtvznPtQk45rYEL #AtomicWalletHack
#lazarus #NorthKorea
1
0
0
Great work 🙌🏻🙌🏻
🚨Top5 crypto drainers you should know: 1. Vemon drainer ~$27M 2. Monkey drainer ~$16.5M 3. Pussy drainer ~$14.2M 4. Inferno Drainer ~$7.1M 5. Pink drainer ~$1.7M 👇You can follow up with stats on the dune in the thread.
0
0
4
Update: The stolen funds were transferred to a different phishing address, 0x442e7d5fdd8f4ab579228dd7589eac133ea8dee6, which had obtained over 212 ETH through phishing scams. Currently, the funds have been distributed to four addresses. #CyberCrime #PhishingScams. @MetaSleuth
2
0
4