1/ Assuming you're referring to the CFTC report on Coinbase's market activity, you can trace this via unusual activity occurring in one of the deposit addresses.
https://twitter.com/BennettTomlin/status/1374205808284729350
2/ That's how I discovered that QuadrigaCX was trading on its own exchange (and more specifically, that it was Gerry Cotten or someone else in an administration role). The analysis was painstaking, but I'll walk down a super brief example in the next tweets.
3/ Attached to this tweet is a screenshot of the 0x0247BC4E03142079CfA2E3Daf500722Ed0F9A6b2 address.
The pattern we see of funds being sent in and then immediately being swept to the exchange means that this is more than likely a deposit address (i.e., should be a custie addy)
The pattern we see of funds being sent in and then immediately being swept to the exchange means that this is more than likely a deposit address (i.e., should be a custie addy)
4/ In that same address, I isolated one frequent sender of funds = 0x67fc93fd01a15d9fb02a80d0ae6207fb45625be4
We see them sending funds to the address, which means they're either the account owner or the owner has the authority to direct funds from that address.
We see them sending funds to the address, which means they're either the account owner or the owner has the authority to direct funds from that address.
5/ Taking a quick look at the 0x67 address, we can see that it received funds directly from QuadrigaCX as well (same hot wallet). So we now know:
a) 0x67 is an independent address
b) owner of 0x0247 directly owns 0x67
a) 0x67 is an independent address
b) owner of 0x0247 directly owns 0x67
6/ To start gathering more information, one would comb through a wallet address, top to bottom and start making such annotations. If this sounds painstaking, it is, and since I didn't have proprietary software, I used excel spreadsheets & color coded inputs / outputs by identity
7/ Eventually, after you gather enough information - you're able to single out oddities via process of elimination until you make discoveries like the one in this tweet (same deposit address from above)
Those three outgoing transactions aren't supposed to ever happen.
Those three outgoing transactions aren't supposed to ever happen.
7/ Going back to the initial address' view (from the most recent TXs), we can see that every outgoing TX was a sweep to the hot wallets. So that means its a deposit address. Deposit addresses are under exchange control.
8/ So now with these set of facts, we know this exchange wallet is *not* a customer deposit address (but that doesn't invalidate the observation that QCX has control of said wallet).
Now let's look at where these funds came *from* again.
Interesting.
Now let's look at where these funds came *from* again.
Interesting.
9/ Let's take a look at one of those anomalous outgoing TXs from the deposit address:
etherscan.io/tx/0x7ea6d54b5…
Here we can see all funds from that address end up right at Bitfinex.
etherscan.io/tx/0x7ea6d54b5…
Here we can see all funds from that address end up right at Bitfinex.
10/ A lot of blockchain analysis is deductive logic. Keyword: logic ; not assumptions or theories
We're talking about x = y and y = b, therefore x = b type of logic in most cases. They fact that TXs require satisfying a cryptographic proof make the findings empirical.
We're talking about x = y and y = b, therefore x = b type of logic in most cases. They fact that TXs require satisfying a cryptographic proof make the findings empirical.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
