At the same time, PeckShield found that the transit address of another 1M1Tfsvb in the monitoring was transferred by multiple dispersions and small transfers. 5,575 BTCs are still uncertain whether to flow into the exchange. Other currency assets such as ETH, EOS, and XRP have not yet had abnormal trends.
The following is a further analysis of the flow of BTC assets. There is an egg at the end of the article. Don't miss it!
- The fund tray project BHB organizer was arrested. The Feng sister, who once stood on the platform, said that the dividend for the day was 11%.
- Making money, it’s really related to IQ – Turing Award-level funding Algorand
- The person in charge of the fund project BHB was arrested and brought to justice
- In-depth analysis of FairWin: the money disk of the knife-edge blood loss makes the average loss of 10129 players 47%
- Graphic Tracking PlusToken Asset Transfer Tracking (1): There are 1,203 inflows in the BTC section.
- Interesting in the blockchain chain nominal fraud, micro-business assistance, when will collapse?
Confirmed by PeckShield, the three BTC asset aggregation addresses known by PlusToken:
Figure 1: BTC asset aggregation information
5,527 BTCs were repeatedly dispersed
At 19:27 on the evening of August 12, PeckShield monitored the transfer of a transfer address (starting at 1M1Tfsvb) of the 14BWH6Gm initial aggregation address. To give you a more intuitive understanding of this part of the flow of funds, the PeckShield Digital Asset Escrow System (AML) produced the following asset transfer path map:
Figure 2: 1M1Tfsvb opening address asset transfer diagram
Its asset transfer is divided into two phases:
1) After a large number of transfers, the large-value assets are finally dispersed from the beginning of 39fXUWCy. The number of new addresses BTC is around 1,000.
Figure 3: 1M1Tfsvb starting address funds are scattered out
2) The BTC on the new address is dispersed again and eventually transfers to multiple addresses at 50-200 BTC from August 23 to 24:00. Due to the nature of the BTC address, it is currently unclear that this portion of the funds has flowed into the exchange.
Figure 4: Funds transfer to multiple addresses ranging from 50-200 BTC
22,922 BTC transfers
At the same time, PeckShield security personnel found that the assets in the address of the other wallet aggregation address 33FKcwFh of PlusToken changed on August 13, and moved to the four addresses through the 14gKbB4A starting address at 11:54 on August 14th. The addresses are temporarily stored at 4,922, 5,000, 6,000, 7,000 BTC, and this portion of the funds has not been transferred yet.
Figure 5: 33FKcwFh start address asset changes
During the PeckShield security staff's follow-up analysis of the PlusToken asset transfer, an interesting transaction was discovered, which occurred at 00:08 on August 15th.
Figure 6: An interesting transaction
As shown in the above figure, the originator of the transaction is the address starting with 18888888, and the recipient is the main fund aggregation address of PlusToken. The amount transferred to BTC is very small, and the transaction note shows “Sorry, we have run”.
PeckShield analysis believes that this transaction marks the PlusToken fund aggregation address on the chain for two main purposes:
- By sending a very small number of BTCs to these addresses, these addresses are "dusted" (Reference 1), and since each transaction in the BTC contains multiple UTXOs, the transaction using that part of the asset can be tracked.
- When the above UTXO transactions are used together, the four PlusToken funds aggregation addresses are proven to be relevant and cannot be tampered with.
Based on the comprehensive mining and analysis of the major public chain ecological data, PeckShield Digital Asset Escort System (AML) has accumulated a large number of high-risk blacklist libraries, which can accurately extract the whereabouts of hackers from a large chain database and combine global transactions. The partners, community management units and other partners, the hacker money laundering, full-chain, full-time, anti-camouflage and other step by step tracking and real-time blocking.
 BINANCE-ACADEMY. What is a dust attack. https://www.binance.vision/en/security/what-is-a-dusting-attack