Exchange blacklist prevents Twitter hacker from stealing more BTC

The hackers who compromised high profile Twitter accounts to promote a BTC scam could have stolen more—if Coinbase (NASDAQ: COIN) did not blacklist their addresses.

Coinbase, along with Gemini, Kraken, and Binance exchanges, blacklisted the alleged hacker’s address, preventing their users from sending BTC—as much as 30.4 BTC, worth $284,960.78 at press time—to the hacker’s wallet address. However, 14 Coinbase users were able to send BTC worth roughly $3,000 to the hacker’s address before Coinbase was able to blacklist the said address.

“We noticed within about a minute of the Gemini and Binance tweets,” said Philip Martin, chief information security officer of Coinbase. “The principle that we want to pay attention to is harm reduction without reducing the underlying utility of the asset,” said Martin, “to avoid people having money stolen when it’s in our power to prevent it.”

The hacker’s money is on the move

Regardless of the exchanges that made an effort to prevent the Twitter attacker from successfully defrauding their users, the hacker was able to collect a total of roughly 400 payments, totaling (13.1364 BTC) from individuals located all around the world. 

The hacker’s stolen BTC is already in motion—2.89 BTC has already been sent from the hacker’s wallet to a Wasabi wallet. According to a report from the blockchain analytics firm Whitestream, one of the hacker’s addresses has “interacted with addresses that related to several digital currency payment processors–CoinPayments, Coinbase, and BitPay.” 

A Binance spokesperson was also quoted saying the attacker has even sent some of their stolen BTC to the Binance exchange “a small amount of BTC (equivalent to about $10) was sent to a Binance core wallet address,” said the spokesperson “It seems they made the move to confuse blockchain researchers.”

Where will the hacker liquidate their BTC?

The hacker is going to have trouble liquidating their stolen funds. At this point, every digital currency exchange has the hacker’s addresses blacklisted, several blockchain analytics firms are closely tracking the cash flows created by the attacker, and the FBI has launched an investigation into the matter.