![[Bounty Hunting] - Attempting to find the 525K "Scumbag Hacker"](https://b.thumbs.redditmedia.com/iSCaBrEau3_6Vq0XUa4ue4kimYeQ4biRFL81uYp045Y.jpg "[Bounty Hunting] - Attempting to find the 525K \"Scumbag Hacker\"") | Hello! A hacker stole my 84K MOONs back in March. That wasn't very nice of them =( Now it's payback time against those hackers/scammers/rug pullers and other malicious entities who give crypto such a bad reputation. I went through the exercise of attempting to doxx the hackers who stole 525K from a victim recently https://platform.arkhamintelligence.com/exchange/bounties/4b3c63de-f4fe-4ed5-88ed-ba49fdf8ebe3 The research is all my own! Please feel free to check and cross reference all of my work. Let's begin! Part 1 - Hacker 525k 10x3833F1ADdFe7952ca9c577939549D6c6062cb6Fa - Hacker 525K 1 This address is one of two as outlined by the victim in the bounty. I labeled 0x3833F1ADdFe7952ca9c577939549D6c6062cb6Fa - Hacker 525K 1 to keep track for my own records. Deposit AddressesHere’s a list of the shared Deposit Addresses
Shared WalletsHere’s a list of the shared Wallets
Another VictimI did a quick Google search to see if I can find anything on 0xAfF6dB2974315B21b578eFAdb60a08603eb8EDeA - [Pablito147 on Opensea] . Below is a victim I found who lost 200K. Victim YouTube - https://www.youtube.com/watch?v=splBczgXEEY Hacker Wallets listed in description
Tracking ENS Interactions0x3B380f3Be0db93161E6Cb7a53DE4958BF457A33C [Opensea User] is in current possession of the below ENS addresses
How did he/she/they acquire these ENS addresses? Here’s an example -0x3B380f3Be0db93161E6Cb7a53DE4958BF457A33C- received ballaboveall.eth from Bigpudgy.eth - https://etherscan.io/tx/0xa3f4e48ff498b83e6032069af509f4e6595d87b29e4a1890a9e854c3dbc7124c --0x3b10f088D7a83E92E91D4A84FE2c656AF92a801D - Bigpudgy.eth aka Calm_tothemoon Both loveneverfails.eth and 03161992.eth were also transferred in a similar way from 0x3b10f088D7a83E92E91D4A84FE2c656AF92a801D - Bigpudgy.eth SummaryLooking at https://opensea.io/Calm_tothemoon/activity aka bigpudgy.eth, he could be a victim or have direct ties to the hacker. I looked through the boot2thrill twitter account and didn’t see any signs of a hack. Specifically, I was looking at dates around March 6th 2023 and Feb 2nd 2023 as those dates were when most of the NFT transfers to 0x3B380f3Be0db93161E6Cb7a53DE4958BF457A33C happened. However, looking inside 0x3b10f088D7a83E92E91D4A84FE2c656AF92a801D - Bigpudgy.eth, I’m seeing mostly Coinbase deposit addresses. Coinbase isn't typically an exchange a hacker would use. If this person is a hacker, he’s certainly keeping his personal and hacking activity separate. Part 2 - Hacker 525k 20x8d50d2EEEED7ea1De60C51Ba3f767e48dFbD2320 - Hacker 525K 2 Here’s the other wallet identified by the victim in the bounty. I labeled 0x8d50d2EEEED7ea1De60C51Ba3f767e48dFbD2320 - Hacker 525K 2 Wallets of InterestBelow I’ll make the connection between 0x8d50d2EEEED7ea1De60C51Ba3f767e48dFbD2320 [Hacker 525K 2] and 0x834A683d81CeFafA9A97c2549d9D3fB0bF0b2B43 - Opensea user. I wanted to verify that “0b2B43” was indeed a hacker wallet. Tracking ENS Interactions Below we’ll focus on one ENS address, the-oasis.eth. The route this ENS took was very interesting. Starting with the minting of the ENS from Opensea: -0x5c255c0571be150Fc482Ec3d345f6218188723bD [The-Oasis_Gamemaster”] --0x8d50d2EEEED7ea1De60C51Ba3f767e48dFbD2320 [Hacker 525K 2] ---0x834A683d81CeFafA9A97c2549d9D3fB0bF0b2B43 - Opensea user - owner In all three instances, the ENS was transferred between wallets. In no instance was a sale ever made. The ConnectionLooking inside 0x834A683d81CeFafA9A97c2549d9D3fB0bF0b2B43 - Opensea user, I noticed a few interesting things.
Part 3 - Additional InfoBelow is additional information I found. I don't think there’s enough here yet. It’s worth documenting to investigate at a later time. GankNFTInfo
Maybe Same person - I couldn't find any on-chain connections but the twitter handle is very similar
***UPDATE 1 - Thank you all for the kind words! To be clear, this wasn't my hack I was investigating. I was looking into another victim who lost 525K recently. The details of my hack I posted back in March here - https://www.reddit.com/r/CryptoCurrency/comments/11sksgs/i_got_hacked_and_lost_over_300k_today/ ***UPDATE 2 - I removed the social information of the persons of interest per requests of the moderators of this form [link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
![Above, I noticed numerous interactions between 0xAfF6dB2974315B21b578eFAdb60a08603eb8EDeA [Pablito147 on Opensea] and 0x3B380f3Be0db93161E6Cb7a53DE4958BF457A33C [Opensea User]. I moved the shared wallets to the left and shared deposit addresses to the right. I’m pretty confident both are hacker wallets. They are both directly connected to 0x3833F1ADdFe7952ca9c577939549D6c6062cb6Fa [Hacker 525K 1]](https://preview.redd.it/t9i1alko6knb1.png?1556&format=png&auto=webp&s=1e9029116586da9944ce444b6817ae6a60705940){kind=link}
![Looking at the 2nd hacker wallet - 0x8d50d2EEEED7ea1De60C51Ba3f767e48dFbD2320 [Hacker 525K 2] I was investigating where the most outgoing txns were going. I came up with 6 wallets. Of most interest was:0x834A683d81CeFafA9A97c2549d9D3fB0bF0b2B43 - Opensea user. I labeled this one with a red arrow in the image above.](https://preview.redd.it/n539cfp07knb1.png?2354&format=png&auto=webp&s=75e5417a9a238e8f58366b8276bc6949971b3436){kind=link}
![Looking inside 0x834A683d81CeFafA9A97c2549d9D3fB0bF0b2B43 - Opensea user, you can clearly see that it was initially funded on 10/9/21 by 0x8d50d2EEEED7ea1De60C51Ba3f767e48dFbD2320 [Hacker 525K 2]](https://preview.redd.it/74xc8fb67knb1.png?1896&format=png&auto=webp&s=0c00690fa361f9a8a15d00a9c594ddd7f2f9753d){kind=link}
![I noticed 0x834A683d81CeFafA9A97c2549d9D3fB0bF0b2B43 - Opensea user was in current possesion of \"the-oasis.eth\". Where did this wallet receive it from? You guessed it! 0x8d50d2EEEED7ea1De60C51Ba3f767e48dFbD2320 [Hacker 525K 2] And, who sent it to the hacker wallet? 0x834A683d81CeFafA9A97c2549d9D3fB0bF0b2B43 [The-Oasis_Gamemaster]](https://preview.redd.it/l42iwgte7knb1.png?2678&format=png&auto=webp&s=9f2d12b16c567d41211bf915a992627db6c6c9f4){kind=link}
![Interestingly enough, the last ever transactions inside 0x5c255c0571be150Fc482Ec3d345f6218188723bD [The_Oasis_Gamemaster] were to both Hacker 525K Arkham and 0x834A683d81CeFafA9A97c2549d9D3fB0bF0b2B43 - Opensea user .](https://preview.redd.it/88m0it3v7knb1.png?1668&format=png&auto=webp&s=a44f9ff120309d2508e9f6dd3e20f75e488befff){kind=link}
Comments