Share this page!

Samourai Wallet Profile picture
Twitter logo
15 Dec, 14 tweets, 7 min read
Our latest research report by @ErgoBTC and @LaurentMT is now live on OXT Research.

We follow the trail of the 1,000 BTC stolen in the recent @kucoincom theft.

We track the coins as they are pushed through a complicated scheme of multiple mixers

research.oxt.me/china-and-nort… Image
We detail the immediate movements of the stolen BTC as they are split and chopped into several mixing services.

Using the free @oxt_btc Analysis Platform we are able to identify the mixing services used (some surprises here!) ImageImage
We leverage wallet fingerprinting to paint a picture of both pre and postmix activity Image
We execute a volume and timing analysis for evaluating likely postmix UTXOs and their spend destination ImageImage
We propose and test our hypotheses at every turn ImageImage
We easily pierce through Wasabi as usual, but things aren't as they seem! Image
We discover a new mixer software, and we name names. ImageImageImage
We take a close look at the custodial tumbler Blender and discover some interesting patterns ImageImage
And are able to account for a little over 80% of the stolen funds after mixing. ImageImage
We are able to likely identify and name the service responsible for the previously unknown "intermediary wallet" Image
And where the postmix coins were cashed out ImageImage
Finally, we go over the entire scheme (and it is really is one of the most complex schemes we have researched before) Image
The entire 43 page report is available to download at research.oxt.me/china-and-nort…

This is our second premium report and is priced at $20.00 (in BTC)

In 15 days the report will unlock and be freely available to the public.

Please consider purchasing to help support what we do
The mission of OXT is to provide the average user the same tools and same research that is available to their adversaries such as Chain Surveillance companies. Unlike those snoops, we provide open source analysis and make our work publicly available for peer review. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Samourai Wallet

Samourai Wallet Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SamouraiWallet

Samourai Wallet Profile picture
1 Jun
This is absolutely outrageous.

This is called a Sybil attack, and the operator of this mixing software is admitting - and even laughing about it - that Sybilling their users is official company policy.

From the article: archive.is/jnlpW
We first detected Sybil behaviour in Wasabi during the summer of 2019, which was flatly denied by the Wasabi team. Further to that, our staff were doxxed by Mr. Fiscor in retaliation for our disclosure.

At the time we had no reason to believe that Wasabi was Sybiling, though we labelled the entity "the friendly whale" as they always appeared when liquidity was low and needed a pick me up. We continued to research this as it was clear they wouldn't.

medium.com/samourai-walle…
Read 8 tweets
Samourai Wallet Profile picture
29 Apr
Our new report by @ErgoBTC is now live on OXT Research

Follow the trail of BTC stolen by the notorious 🇰🇵 North Korean cybercrime collective, The Lazarus Group.

We track the coins as they are laundered through exchanges and inadequate mixing clients.

research.oxt.me/china-and-nort…
We dive into the Complaint issued by the US Government, and explore the addresses listed on the OFAC Sanctions List and Defendants Property List

Using the free OXT Analysis Platform we are able to connect the pseudonyms in the Complaint to various exchanges and entities
We detail the three distinct phases the group employed to launder the stolen funds
Read 6 tweets
Samourai Wallet Profile picture
28 Feb
How to Whirlpool on mobile, a tweet thread tutorial
First, you need some coins in your wallet. The smallest amount you can mix is a little above 0.01005 BTC. If your wallet is empty, then add some funds using the "Receive" action
2/ Open Whirlpool by pressing the blue "+" in the bottom right corner of the screen. This will launch the Whirlpool service to get mixing started.
Read 12 tweets
Samourai Wallet Profile picture
22 Jul 19
PSA

There exists an entity operating as a de-anonymizing “hot wallet” present within transactions by Wasabi since June 1, 2019. This entity has been clustered very easily due to flagrant address reuse, and downright bizarre behavior. This impacts ALL users since June.

👇👇
This entity participates in Wasabi transactions and enjoys an address reuse rate of over 60%. Of course, there should be 0% address reuse within any mixing platform, so something is not right. Let's look into it.

OXT Entity Cluster: oxt.me/entity/tiid/23…
The two primary addresses of interest are Address A (bc1qutrq7rfhv56gdqn4m0nm8agygepxahd7cz3j8u) and Address B (bc1q2673rjvne7z9ncqnd7a2pxk6grkwzumgesgauj). Both addresses are active and have balances today and appear to participate in almost all Wasabi transactions since June 1,
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @SamouraiWallet has new unrolls!

Check out other threads from @SamouraiWallet!

Read all threads by @SamouraiWallet