Share this page!

Arkham | Crypto Intelligence Profile picture
Twitter logo
Sep 20 6 tweets 3 min read
The Wintermute Hacker’s Next Move♟️

Following today’s $160 million Wintermute exploit, the hacker deposited nearly all of the obtained stablecoins into Curve's 3pool

It is likely the hacker did this to avoid having their $USDT and $USDC blacklisted by Tether & Circle. Image
Now that the stolen tokens are deposited into the pool, they can no longer be blacklisted.

However it remains unclear what the hacker's next move will be.
Though they may choose to redeem $DAI with their 3CRV, which cannot be blacklisted, such a move would be straightforward to trace on chain.

The Polynetwork hacker was the last to use the @CurveFinance 3pool in this way, in the 2nd biggest #DeFi hack in history. Image
During this exploit, @Tether_to blacklisted ~$33m of the stolen $USDT.

Soon after, the Polynetwork hacker successfully moved the rest of their stolen stablecoins into the pool.

However, they seemed to hit a snag in deciding what to do next. Image
Within days, the hacker returned the funds in exchange for a bounty.

While this could have been the goal all along, it is also possible they were unable to find a way to launder their funds from 3pool.
It remains to be seen what the Wintermute hacker will do.

Arkham will continue to monitor the situation & provide updates accordingly. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Arkham | Crypto Intelligence

Arkham | Crypto Intelligence Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ArkhamIntel

Arkham | Crypto Intelligence Profile picture
Sep 20
Today's $160 million Wintermute hack is the 7th largest in DeFi history.

The hacker’s top current holdings:

$114M in 3CRV
$13M in $WBTC
$9.4M in $ETH

More info below

(1/4)
Wintermute’s on-chain holdings appear to be down to $55 million, 3x less than the hacker.

Top 3:

$12.6M in $LDO
$6.1M in $YFI
$5.9M in $BTRST

(2/4)
The hacker immediately moved nearly all of the stolen funds to another address, first funded 23 min before the hack with 10 ETH from Tornado Cash

After exchanging $12M in BUSD/TUSD for DAI, this 2nd hacker address deposited $114M in USDC/USDT/DAI to Curve, acquiring 3CRV.

(3/4)
Read 4 tweets
Arkham | Crypto Intelligence Profile picture
Jul 8
Coverage of the Celsius crisis has thus far been superficial and anecdotal.

Using on-chain and off-chain data and analytics, Arkham has revealed a more comprehensive picture of Celsius' activity. 1/14
Celsius appears to have entrusted corporate funds worth $530 million at the time of transfer to an apparent asset manager who engaged in high-risk leveraged crypto trading strategies. 2/14
These trading strategies resulted in apparent losses of $350 million when the asset manager returned capital compared to the value of the crypto assets Celsius originally sent. 3/14
Read 14 tweets
Arkham | Crypto Intelligence Profile picture
Jun 28, 2021
After a $300 billion valuation at launch, ICP tanked 95%. Everyone wants to know why. Arkham did a comprehensive analysis. This video presents our findings.
Based on our analysis, it appears that the Dfinity treasury and addresses linked to it have deposited billions of dollars of ICP on exchanges since launch, possibly driving the price collapse.
At the same time, supporters who paid for tokens 4 years ago say they have found it extremely difficult, if not effectively impossible, to access their tokens.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

Email the whole thread instead of just a link!

Separate emails with commas

:(