A US government crypto wallet likely got hacked.
The wallet reportedly holds assets seized from the 2016 BitFinex hack.
Over $20 million in Ethereum and stablecoins were moved into a new address.
These transfers suspiciously went into lesser-known exchanges in what appears to be a laundering attempt.
The suspected address “0x348…” has links to CoinSpot—suggesting that the hacker is from Australia.
In one of the most surprising events in crypto this week, a US government wallet address was hacked—or so it seems.
This wallet, which reportedly held crypto assets seized from the 2016 BitFinex hack, was drained on Thursday, and over $20 million in Ethereum and stablecoins was moved to a new address.
Blockchain analysts have flagged the transfers as suspicious so far, with some suggesting that they are likely the result of outright theft.
The US government originally acquired the contents of this wallet as part of a seizure operation against Ilya Lichtenstein and Heather Morgan—a New York couple charged with laundering funds from the BitFinex hack in 2016.
The pair was arrested in 2022 and later pleaded guilty to all charges, which led to the government's taking control of these assets.
Fast forward to this week, and details of the wallet activity reveal that the assets in question were initially withdrawn from the Aave protocol.
According to insights from blockchain analytics company Arkham Intelligence, $1.25 million in USDT, $5.5 million in USDC, and additional Ethereum funds worth $446,000 were sent to a specific wallet labeled "0x348…"
This wallet, which was only recently created within the last five days of the theft, became a central point of focus.
The transferred assets also included $13,7 million in aUSDC (an interest bearing version of USDC generated via Aave).
Interestingly, this government wallet had accumulated millions in this aUSDC coin over the past two years.
This showed that these were long-held funds that hadn’t been tampered with until now.
According to blockchain investigator ZachXBT, the flow of funds looked "nefarious."
Put simply, the strange transfers out of this wallet were likely unapproved.
The sheer speed of the withdrawals, the size of funds being transferred, and the movement of these coins into lesser-known rapid-exchange platforms have prompted suspicion that a hacker might be behind it all.
In particular, these funds were sent into instant exchanges—with one even sourcing liquidity from Binance.
ZachXBT’s analysis shows that at least $320,000 worth of Ethereum ended up in exchange wallets, while an extra $80,000 was sent across other wallet addresses.
Some of these funds went through a "nested exchange"—an intermediary service that uses liquidity from a larger exchange like Binance.
This allows these smaller entities to tap into the bigger service's liquidity without directly depositing funds.
With this being said, while the Ethereum was transferred into an exchange that sources liquidity from Binance, the funds may not have gone into the CEX itself.
This adds an even bigger layer of complexity when it comes to tracing the funds.
Further blockchain analysis also shows that the "0x348…" address involved in the suspicious transfers has links to CoinSpot—an Australian crypto exchange that only operates within the continent.
In essence—the hacker is likely Australian.
The funds in question come from the BitFinex hack—one of the most notorious incidents in crypto history.
In 2016, Ilya Lichtenstein and his wife, Heather Morgan, stole 120,000 Bitcoins from the exchange (which is worth a staggering $8.2 billion in today's value).
US authorities seized these assets in 2022, marking one of the largest digital asset seizures by the Department of Justice.
Following the arrest, Lichtenstein and his wife entered plea agreements in which the former admitted to hacking and laundering the stolen assets.
Morgan, on the other hand, was a "lower-level participant" and was charged with conspiracy to defraud the US government.
In exchange for her cooperation, she could receive a lighter sentence while the DOJ recommends a reduced five-year prison term for Lichtenstein because of his lack of criminal history.
The sudden activity with the government-seized assets has now drawn the attention of both law enforcement and blockchain analysts.
With the wallet now nearly empty, questions linger about the identity and motives of those responsible for the transfers.
Law enforcement and blockchain analysts are now tracking the activity of this suspicious “0x348…” address and its correlation to CoinSpot.
If the transfers weren’t due to theft, why did they go through lesser-known exchange aggregators and nested exchanges?
Blockchain analysts like ZachXBT remain convinced that the movement of that much Ethereum and stablecoins was very likely the result of theft.
Overall, this incident serves as a major reminder of the security challenges around crypto.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information but will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.