Weekly data report on BTC chain: The currency exchange strategy of the head exchange triggers the illusion of active promotion on the chain

Beijing Chain Security focuses on blockchain security and data services. The following is a weekly report on the data released last week based on the Beijing Chain Security Chain data monitoring system.

In the past week (12.02-12.08), according to the data on the main chain, the total transaction volume has increased significantly compared with the previous week (11.25-12.01), but this is mainly due to the adjustment of the bitcoin exchange's currency withdrawal strategy. There were no major changes in the number of active addresses and exchanges that initiated transactions. The overall activity of the network did not change much, and the number of large transfers even declined significantly.

 

Transaction amount:

11.25-12.01: 6728925.87 BTC

12.02-12.08: 8862526.05 BTC

Increase from the previous week: 31.71%

The detailed data chart is as follows:

Especially on Thursday and Friday, there was a surge in data. The main reason is that after Bittrex exchange gathered a large amount of BTC into a huge UTXO of tens of thousands of BTC, it continued to operate through the UTXO and transferred the remaining huge BTC to the new The address has caused a surge in BTC transaction value on the chain.

 

Real transaction amount:

11.25-12.01: 4387341.17 BTC

12.02-12.08: 5941439.26 BTC

Increase from the previous week: 35.42%

The detailed data chart is as follows:

Number of transactions:

11.25-12.01: 2092348

12.02-12.08: 2176343

Increase from the previous week: 4.01%

The detailed data chart is as follows:

Number of active addresses:

(The address that initiated the transaction is considered the active address)

11.25-12.01: 3215853

12.02-12.08: 3219635

Increase from the previous week: 0.12%

The detailed data chart is as follows:

Large transfers:

(Single transaction initiated amount greater than 100BTC is considered a large transfer)

11.25-12.01: 10043
12.02-12.08: 8091

Decrease from the previous week: 19.44%

The detailed data chart is as follows:

Binance exchange BTC flow data

Inflow:

11.25-12.01: 52935.94
12.02-12.08: 42804.62
Decrease from the previous week: 23.96%

The detailed data chart is as follows:

Outflow
11.25-12.01: 66528.07

12.02-12.08: 50779.8

Decrease from the previous week: 23.67%

The detailed data chart is as follows:

Net inflow

11.25-12.01: -10236.39
12.02-12.08: -7975.18
Increase from the previous week: 22.09%

The detailed data chart is as follows:

Overall, Binance Exchange continued to show a net outflow of BTC last week, but the outflow is tending to ease.

 

Security and data highlights:

On December 4, 2019, the monitoring system of Beijing Chain Security found that the stolen ETH on the Upbit exchange was being finely divided. Some ETH in 20 units was continuing to be transferred to the exchange, while other ETH was in the middle of the process. Further divisions of 5 to 10 units are in progress.

According to SXWK, a data analyst on Beijing Lian'an Chain, from the current situation, the addresses transferred by the first two layers of Upbit's stolen ETH have been basically cleared, and the third layer addresses are being processed one by one. The maximum level has reached ten levels. It is expected that this will be a long process. At the same time, from the point of view of its ultimate goal of money laundering, there is a "diversity" trend, including entering some suspected mixed coins or transit addresses with diverse and scattered ETH sources, so it is not ruled out that the attacker is actually using the dark web and other means to finally receive Trader and redirect to their designated address.

Regarding the 4,3652.9 BTC transactions that occurred on the Bittrex exchange on the afternoon of December 4, 2019, SXWK , a data analyst on Beijing Lianan Chain, said that this is actually the internal wallet consolidation of Bittrex, accompanied by a series of Exchange business process. Just before this transaction, Bittrex has transferred dozens of BTC with 1000 BTC as input to conduct normal exchange withdrawal business, and a large number of Bitcoins with the remaining hundreds of BTC and the above 4,3652.9 At 18:42 Beijing time, BTC reassembled 57577 BTC back to its recent main cold wallet address beginning with 3FDWNd.

Recently, a Norwegian security company disclosed the Android task stack hijacking vulnerability , and named it after the word StrandHogg in Viking's pirate raid tactics. This vulnerability has been exploited, causing the bank card balances of many bank users in the Czech Republic. Loss stolen.

Regarding the vulnerability, ZeroMan, a security expert at Beijing Chain Security, said that StrandHogg is an application vulnerability that exists in the Android multi-tasking system. This vulnerability uses an attribute setting in the App manifest file to attack, making malicious activities on the target task stack. Inside or top. When the user clicks on the victim application icon, the malicious program will masquerade as the interface of a normal application to confuse the user into an interface hijacking attack. In the field of digital assets, once the disguised interface is a scenario such as user login, mnemonic word input, etc., it may cause economic losses to the user.

ZeroMan also said that the key to this type of attack is that malicious programs enter the user's mobile phone, so users are advised to pay special attention not to download apps of unknown origin. For apps such as digital assets, in order to avoid deceptive applications in the app store, the service provider ’s official website guides the link to the store to download, which is also relatively more secure than searching for the app directly in the store. For developers, it is recommended that digital asset-related applications, such as wallets, exchanges and other apps, in the next version, pay attention to setting the android: taskAffinity = "" attribute in the app manifest file to be empty to avoid being attacked.

The Beijing Lian'an on-chain monitoring system found that from 00:00 to 1 am on December 5, Beijing time , there were tens of thousands of BTC-initiated transactions on the chain, so that some analysts believe that this reflects the activity of on-chain transactions. Today Beginning at 2 pm, the same pattern of transfers occurred again, causing the on-chain transaction volume to surge. In fact, these transactions originate from the latest Bitcoin withdrawal strategy of the exchange Bittrex, and the activity on the chain has not substantially improved.

According to SXWK, a data analyst on Beijing Lianan Chain, Bittrex uses tens of thousands of BTCs as transaction inputs, and usually divides tens to hundreds of units of BTC. Then these BTCs will choose to further transfer to the corresponding address to complete the centralized withdrawal of the exchange. Currency operations. The remaining huge amount of BTC will enter a new address, repeated in a short period of time, which has resulted in the surge in transaction value on the chain that we have seen. Businesses that rely on data decision-making on the chain, please be careful to rule out "interference" in this case.