Privacy protocol RAILGUN said the 4,064 Bitcoin stolen in a high-profile security breach on Aug. 19 did not gain any privacy benefits on its platform.
The platform clarified that the stolen funds were unable to generate a Private Proof of Identity (POI), resulting in their unshielding and return to the original address.
The breach, one of the largest in recent memory, was first reported by on-chain sleuth ZachXBT on Aug. 19, who revealed that a suspicious transfer involving $238 million worth of BTC was made roughly 12 hours ago.
The breach
The breach targeted a Bitcoin whale, with 4,064 BTC siphoned from the victim’s wallet. Initial reports suggest the wallet may belong to a Genesis Trading creditor.
Notably, the wallet had received 642.4 BTC, worth approximately $37.73 million, from the Genesis Trading Bankruptcy Distributions wallet just two weeks before the breach, while another 2,173 BTC, valued at $127.6 million, had been transferred from Genesis Trading two years earlier.
While the exact method of the hack remains unclear, experts believe the attackers may have used a combination of phishing, social engineering, and exploiting vulnerabilities in wallet security.
The incident has prompted widespread concern within the crypto community, highlighting the ongoing risks associated with holding large sums of digital assets and the vulnerabilities in existing security infrastructure.
Blockchain forensics teams are working to trace the transaction paths in an effort to identify the perpetrators and recover the stolen assets, though the use of multiple platforms and privacy-enhancing tools has made this task particularly challenging.
Transaction trail
The breach involved a sophisticated and rapid movement of the stolen Bitcoin across multiple platforms, including THORChain, KuCoin, ChangeNow, RAILGUN, and the Avalanche Bridge.
An in-depth analysis of the transaction trail revealed the meticulous strategy used by the hackers to distribute and conceal the stolen assets.
After the initial theft, the 4,064 BTC was quickly divided into smaller amounts and transferred across various platforms. This complex series of transactions was designed to make it difficult to trace the funds back to their original source.
However, when the hackers attempted to use RAILGUN to shield the funds, the effort failed. The stolen Bitcoin did not meet the criteria for privacy within RAILGUN, leading to its unshielding and return, which left the stolen assets exposed rather than protected by the intended privacy protocols.
The transaction map further illustrates the movement of a portion of the stolen Bitcoin through the Avalanche Bridge, which likely facilitated cross-chain transfers. This step added another layer of complexity to the hackers’ efforts to obscure the trail.
In addition to using these platforms, the hackers employed mixing services to further complicate the traceability of the funds, effectively combining multiple transactions to mask the origins and destinations of the Bitcoin.
As investigations continue, this breach serves as a critical reminder of cybercriminals’ evolving tactics and the constant need for innovation in security practices.
The post Bitcoin stolen in $238 million breach fails to get privacy shield, returned to original address appeared first on CryptoSlate.
