Contents
Twitter user ZachXBT investigated a phishing attack on the followers of famous NFT artist Beeple (his real name is Mike Winkelmann). As a reminder, on May 22, the graphic designer’s account was compromised. Hackers posted a phishing link that allowed the scammers to obtain various expensive non-fungible tokens and cryptocurrencies worth 225 ETH (~$450 at the time of the theft).
About the hackers, in fact, as always, almost nothing is known except for their addresses. Here they are:
And here is what the post they put together to attract the audience’s attention looked like. As you can see from the picture below, Beeple was giving away 200 totally unique pieces, but only as it turned out later, the graphic artist was not giving away any free stuff.
According to ZachXBT, the way Beeple lost access is similar to Cam Redman (SIM swapper), who has been accused of hacking several Twitter accounts recently. You can see more about this in the video below, but in the meantime, let’s move on.
The brand new newsletter with insights, market analysis and daily opportunities.
Let’s grow together!
However, all that matters is not how Beeple lost access to his account but that he recovered it only a few hours after the attack, which in the digital world is long enough. During that time, the scammers poured the stolen funds into Tornado Cash
Here’s how it was:
According to ZachXBT, address 0x2fc belongs to a scammer named Two1/Youssef. More details about how the author came to this conclusion is given here.
In early July, Two1 sent the ETH to a wealthy individual.eth before depositing it all into Tornado Cash. Consistent with previous behaviors, Two1 only left the ETH in Tornado Cash for ~2 hours before withdrawing it all Tornado to:
It was moved then moved to 0xe84 where 152/225 ETH from the Beeple hack currently sits: 0xE84D4E6451119f49F24f13cAf13FBda331C2245f. This address has since been flagged for phishing by the Etherscan team after ZachXBT’s first Two1 thread was posted.
Looking closely, you’ll notice 6×1 ETH was withdrawn from Tornado in total from that address.
Also, it turns out that attackers hacked the Webaverse Discord and sent it to the same 0x702 wallet as the Beeple hack funds.
So, after the above points, we knew how Cam and Two1 were both involved in the hack, but according to ZachXBT, there’s one more person. After the author’s preview Tweet, he deactivated his account. You can find his deleted account by the @bandage nickname.
Moreover, after ZachXBT’s preview, Tweet Lockvert (Lock), a phishing scammer who’s friends with Two1 & Shayan, messaged him on Twitter to ask for details about the thread.
Cam sold Twitter panel access to Two1 and Shayan, enabling them to hack Beeple. After the attack, Two1 deposited the savings into Tornado Cash but withdrew the funds immediately in similar amounts, making it easy to trace.
So, according to ZachXBT’s investigation, Beeple’s funds sit here:
25 ETH of the funds here:
The rest of the funds were sent through FixedFloat and would likely need to be subpoenaed for additional info.
That’s all. If the criminals have not yet converted the funds into dollars, then at the current exchange rate, their account is at ~$309K. This is much less than four months ago, but still a significant amount. The money will probably never be returned to users, but Beeple created art specifically for ZachXBT to thank him for the investigation.
Hello, fellow crypto enthusiasts! 👋 As we embark on another week in the ever-evolving crypto…
EigenLayer, a protocol for Ethereum restaking, recently announced an airdrop plan that garnered both praise…
Keonne Rodriguez, a figure linked to the cryptocurrency mixing service Samourai Wallet, has entered a…
The debut of spot crypto exchange-traded funds (ETFs) on the Hong Kong stock market is…
Tether, renowned for its dominant stablecoin USDT, has embarked on a significant investment journey after…
Bitcoin analyst Willy Woo forecasts that the cryptocurrency industry could achieve its first billion users…