Just In: US Government Wallets Receive $19.3M Back Following Alleged Hack

A famous blockchain sleuth ZachXBT discovered this suspicious activity. He wrote the wallet was interacting with several DeFi protocols and instant exchanges using what he described as a “nefarious” series of transfers.

US Government Recovers Millions in Stolen Crypto from Hacker

According to ZachXBT, a hacker who allegedly stole around $20 million in crypto assets from an US government wallet, has returned about $19 million. Today’s transaction included the transfer of 2,408 ETH and 13.19 million aUSDC back to the government wallet.

Exchanges Switchain and HitBTC have yet to return the funds previously transferred to them. Arkham Intelligence reported that early Friday, someone returned $19.3 million in Ethereum and USDC to the government wallet.

However, ZachXBT informed his Telegram community that ‘the funds sent to exchanges have not been recovered.’

𝗨𝗣𝗗𝗔𝗧𝗘: $𝟭𝟵𝗠 𝗨𝗦 𝗚𝗼𝘃𝗲𝗿𝗻𝗺𝗲𝗻𝘁 𝗳𝘂𝗻𝗱𝘀 𝗿𝗲𝘁𝘂𝗿𝗻𝗲𝗱

The US Government’s address has just received $19.3M back following yesterday’s reported hack, less than 24 hours after the initial address breach.

88% of the compromised USD value has now been… https://t.co/F8q6iikBrT pic.twitter.com/Vo7I7ZH9K1

— Arkham (@ArkhamIntel) October 25, 2024

According to Arkham’s analytics, the government wallet is still about $1.2 million short of the initial $20 million loss. These funds are traced back to assets seized by the US DoJ related to the infamous 2016 Bitfinex hack.

According to analytics by Arkham, the government-controlled wallet is still short by some $1.2 million. These funds trace their origin to assets connected with the notorious 2016 Bitfinex hack seized by the US DoJ.

Arkham Intelligence Raises Concerns

During earlier activity in US government crypto wallets, someone pulled seized assets out of Aave. Arkham Intelligence immediately flagged the activity, noting that someone suspiciously transferred about $20 million in USDC, USDT, aUSDC, and ETH.

In particular, the address, “0xc9E,” allegedly received the seized funds linked to the Bitfinex hackers through nine different government-linked addresses. The court documents related to the 2016 Bitfinex case mentioned one particular address, “0xE2F.”

They demonstrated possessions of about 1.99 million USDT in the Yearn’s Liquidity Pool address “0xaC8”, 3.69 million USDT in the “0xE2F” address, and 1.7 million USDT in another Yearn address “0x681”.

After the transfer, Arkham noticed that the funds were transferred to wallet “0x348,” where they appeared to be sold for ETH. Arkham suspected that the attacker had begun laundering the assets through addresses linked to a money-laundering service.

Analyst Finds Holes in Bitfinex Forfeiture Docs

According to a recent analysis, on-chain analyst Ergo BTC highlighted some inconsistencies and potential security vulnerabilities surrounding seized cryptocurrency management in the Bitfinex forfeiture documents. He highlighted the inconsistency between this and the custody agencies mentioned in the documentation. The US Marshals Service (USMS) did not officially report the transfer of the compromised Ethereum (ETH) address.

Ergo first noted that someone had already spent 74 BTC from a change output, which the USMS allegedly seized. He provided a TXID for verification. The analyst further indicated that someone also spent another 3,100 BTC from a cluster of seizure-related transactions, providing another TXID to back this assertion.

He noted a significant disparity between the reported seized assets and what actually moved on-chain. He also suggested that it is highly unlikely that hackers compromised all of the Bitfinex-seized assets. Ergo furthermore added these could have occurred after realizing a need to improve “device hygiene,” referring to security and handling practices.