∴FreeSamourai∴ Profile picture
#FreeSamourai OXT Research PGP: 0x140c9e15c81e4813d typically gaslit yet "confidently arrogant" verified human lumpy data(viz) whore entropist
Oct 9 13 tweets 5 min read
In early August, the remnants of ETH seized from the multibillion dollar PlusToken scheme awoke on-chain for the first time since 2021.

Over the last 24h about 7k ETH of the remaining 542k ETH ($1.3b) was sent to exchanges indicating intent to begin selling the remaining tokens. Image
Image
Image
Image
For context, PlusToken was a multibillion dollar MLM crypto ponzi scheme that began in early 2018. The scheme operated through June of 2019 until the masterminds were arrested by Chinese authorities. Image
Nov 23, 2022 18 tweets 7 min read
The Grayscale G(BTC) Coins Part 2

In this analysis we use additional on-chain forensics to CONFIRM the approximate 633k BTC balance held by G(BTC) at Coinbase Custody.

Which begs the question, why does Grayscale refuse to disclose their on-chain holdings? Image The time spent in the transaction graph during Part 1 of our analysis was used to profile the Grayscale Coinbase Custody wallet activity and manually ID associated addresses.

Part 1 largely exhausted exploration of the post July 2019 XAPO >> Coinbase Custody transaction graph. Image
Nov 20, 2022 12 tweets 7 min read
Grayscale GBTC Trust, the largest legal holder of BTC, refuses to provide any Proof of Reserve.

To begin a community lead effort at transparency for the GBTC holdings, we have taken steps to ID likely GBTC addresses and balances based on public info and blockchain forensics. In case you missed it, GBTC claims they cannot provide a Proof of Reserve due to “security concerns”.

Maybe this is a non-disclosure policy enforced by Coinbase Custody.

Maybe it’s deliberate obfuscation by Grayscale.

Nov 15, 2022 12 tweets 7 min read
Sparked by the tx graph in this tweet, we have ID’d the Alameda BTC wallet cluster and likely Alameda FTX deposit address.

The likely FTX Intl deposit address processed 3300 BTC via FTX US on 6-Nov during the bank run, despite FTX management claims of “segregated entities”. As a first step at IDing the possible Alameda BTC wallet cluster, we had to reverse engineer the CA tx graph.

These graphs can be more difficult to interpret than the highly accurate TXO model graphs.

Address A: oxt.me/address/bc1qme…
Address B: oxt.me/address/bc1qx5… Image
Oct 5, 2022 10 tweets 5 min read
LFG has claimed their ONLY wallet is currently funded with 313 BTC.

But the blockchain tells a different story. While it may be true that this is the only formally “declared” wallet controlled by the LFG, they seem to have failed to account for the trail of bread crumbs left by the change outputs used to fund their new declared wallet.

oxt.me/address/bc1q9d…
Sep 3, 2022 9 tweets 5 min read
By referring to the work of a well informed OXT user, bitcoin .com much closer to the mark than Coindesk.

Despite a Kraken deposit, these coins are not sourced from Kraken.

They are however sourced from Mt. Gox and possibly controlled by Jeb McCaleb.
t.me/gfischannel/481 ImageImageImage The two 5k BTC txs are sourced from the following addresses:
15n6boxiQj45oHcmDjtNMjh35sFWZX4PBt
14RKFqH45xYPMpW4KQ28RB6XtrZ8XpEM5i

By using OXT, we can back track the source of these coins.

Doing so leads to a large cluster with a user annotation.

OXT.ME/BOOKMARK/63134… ImageImageImage
Jun 13, 2022 4 tweets 3 min read
Binance has about 320 txs sweeping from deposit wallet to internal wallet stuck in the mempool with a fee of 13.5 sat/byte.

Estimating on the order of 2000-2500 BTC "stuck".

Should have cleared already, but "slow" blocks are "slow".
mempool.observer/monitor/?filte… Anyone remember the mass Binance sweep and mempool flood during the Luna implosion?

Poorly or perfectly timed?
getyarn.io/yarn-clip/e45c…
Jun 6, 2022 16 tweets 8 min read
Thread on Celisus Network BTC wallet clusters and balances.

TLDR >> The major Celsius address/clusters do not have significant balances. ~108k BTC were sent from CN through a single OTC/MM cluster (as advertised?). On-chain data cannot be used to deduce the true CN BTC balance. Image Celsius has three main wallets. A deposit cluster, internal processing wallet, and dedicated withdrawal addresses.

Four of these withdrawal wallets were created on May 11, likely in response to increased demands for user withdrawals post Luna implosion.
pastebin.com/F3vp0TgT ImageImageImageImage
Feb 13, 2022 19 tweets 8 min read
The BFX hack seizure.

A mountain of evidence in an apparent straightforward analysis.

>> Coins tracked across custodial entities sent to exchanges with the couples IDs.

Some thoughts from following the followers. Image First attributions central to the case.

VCE1 and VCE4 as Poloniex and Bittrex, respectively.

Attribution courtesy of the abbreviated BTC addresses in The Complaint flow diagrams. Image
Jan 18, 2022 7 tweets 3 min read
Adding another 444 BTC to the previously reported 4.6k ETH from yesterday's @cryptocom hack.

Still no acknowledgement of loss, despite large outflows from the custodial wallet into ETH's Tornado Cash and a well known BTC tumbler (as detailed below). We noted this abnormally large withdrawal from @cryptocom's payout wallet bc1q7cyrfmck2ffu2ud3rn5l5a8yv6f0chkp0zpemf via
oxt.me/transaction/06…

Shortly after, several hundred withdrawals are consolidated into 4 outputs for 67.75 BTC.
Nov 4, 2021 10 tweets 4 min read
The 140k (remaining) Mt Gox Coins

As the saga seems to be winding down with the planned release from the trust, it’s worth revisiting the coin status and some of the history behind the BTC addresses involved.

(1/n) The credit for this work belongs to u/nikuhodai and a Reddit comment from March 2018.

He dumped a “mostly” complete list of likely Mt Gox cold storage addresses.

(2/n)
reddit.com/r/mtgoxinsolve…
Jun 8, 2021 20 tweets 5 min read
FBI Colonial Pipe/DarkSide ransom recovery has the BTC Twitter rumor mill in overdrive.

After getting acquainted with the on-chain activity, we can start to narrow down or remove some of these theories. Based on the available information, the likely affiliate controlled address received it’s commission from the Colonial Pipe Ransom to address on 9 May.

3EYkxQSUv2KcuRTnHQA8tNuG7S2pKcdNxB.

oxt.me/address/3EYkxQ…
Jun 8, 2021 4 tweets 2 min read
Colonial Pipeline and DarkSide Ransomware on-chain flows.

Surf the tx graph for all the addresses mentioned in the affidavit.

oxt.me/bookmark/60bec… Still lots of unanswered questions.

Mostly surrounding the omitted info between lines 33 and 34 ;)

Nov 27, 2020 4 tweets 2 min read
Let me get this straight, Chen Bo, the mastermind of PlusToken (arrested in June 2019), was entrusted with selling PlusToken's BTC, via a third party business, on behalf of the CCP? In return he only gets 8 years in the gulag for architecting a multi-billion $ ponzi?

What kind of communism is this?
Nov 21, 2019 25 tweets 7 min read
I’ve been seeing a lot of Twitter FUD opining on miner capitulation in the last few days.

This got me thinking… could the selling by the PlusToken scammers have had an abnormal effect on this market cycle? Before answering this question I wanted to verify the estimates of the total BTC controlled by PlusToken.

From there try to come up with some estimates of the selling pressure over recent months.
Aug 15, 2019 23 tweets 7 min read
Why do we need coinjoin?

Breaking deterministic links, creating uncertainty, and multiple transaction interpretations. Last week I got ahead of myself with this thread on Entropy as a method for evaluating bitcoin transaction "privacy".

I failed to establish the reason for coinjoining in the first place.

I also didn't cover the core metric for calculating entropy.

Aug 9, 2019 11 tweets 4 min read
What is entropy & how can it be used to evaluate your Bitcoin transaction “privacy”?

Entropy is defined as:
A measure of disorder or randomness in a closed system.

It has many applications in dynamic systems and is most often used in physics but also applies to information. Claude Shannon solidified the field of scientific research known as Information Theory in his 1948 paper entitled: A Mathematical Theory of Communication

His original paper can be found here:
math.harvard.edu/~ctm/home/text…