BAYC Phishing Scammers Unmasked by Crypto Detective @Zachxbt

Last Updated on 5 hours by cryptoevent

BAYC phishing scammers were uncovered by on-chain sniffer dog @Zachxbt, who discovered the identities of the thieves who committed the scams, revealing some of Tornado Cash’s limitations in the process.

in one Medium post He gave some examples of people having their monkeys stolen after signing malicious contracts. This is far from a new phenomenon, but it seems like many Ape holders willingly signed transactions in hopes that a computer program would animate their NFT.

Unfortunately what happened instead was that their NFTs were retired to another address and quickly sold on OpenSea.

Cryptomixers are not as anonymous as one might have thought

The first crypto-mixers were used to anonymize bitcoin on the deep web, often in hopes of obfuscating bitcoin spent or earned theresilk roadmarketplace. Due to Bitcoin’s lack of Turing completeness, this was not an easy process to automate, and many of the websites on the deep web were unreliable at the time.

When CoinJoin was implemented in Litecoin, people were optimistic about the potential and the functionality was added to Bitcoin shortly after. It was somewhat controversial at the time as many people believe that a public ledger that doesn’t optimize privacy has tremendous benefits, but by and large it was supported.

Nowadays, CoinJoin is not very controversial at all considering how it is useless to hide your bitcoin. Indeed when Razzle Khan (the Bitfinex hack money launderer turned amateur rapper) was busted earlier this year, Chainalysis revealed that one of the ways they were able to track down some bitcoins was through CoinJoin’s weaknesses. Chainalysis can now probabilistically determine wallet owners using CoinJoin.

Not only that, it’s also very obvious when someone is using CoinJoin (an issue Tornado Cash also has). Unlike Bisq, which can be used to switch between BTC and XMR without leaving as much of a trace, both CoinJoin and Tornado Cash show that a wallet’s BTC/ETH has used these services before.

The Bitcoin blockchain uses an accounting system from UTXOs, while the Ethereum blockchain uses an “account model”. This meant coin mixers like Tornado Cash were fundamentally different from the early iterations that worked for Bitcoin and should be much harder to crack than CoinJoin. Tornado Cash uses zero-knowledge proofs to cryptographically obfuscate every plausible lead. At least that’s what you might think…

@Zachxbt’s online sleuthing revealed that “[the hackers] were not careful to cover their tracks when it came to siphoning off Tornado’s funds.”

In the case of the first victim Dilly Dilly, the attacker made 73 ETH and sent it to Tornado Cash in seven sets of 10 and three sets of one. On the exact same day, December 13, 2021, seven sets of 10 and three sets of one ETH were withdrawn from Tornado Cash to the mathys.eth wallet.

Turns out, this pattern continued for the next two victims, for another 150 ETH in profits on mathys.eth. Mathys.eth then sent the funds ($1.09 million in total) through centralized exchanges Kraken, Bitpanda, and SideShift.

Who is mathys.eth?

This next part of the synopsis is a pretty impressive example of an investigation. Apparently, the source code contained a reference to the developer’s @mtscam Telegram handle, whose profile picture ultimately led to a Twitter account run by someone named Mathysand his response to allegations that he committed these crimes. It seems that he most likelyisguilty, and yet he is the one taking legal action because it has damaged his reputation and how people treated him since the news broke.

It seems Mathys has been working with his girlfriend Camille and they have been doing something like this for a while. Mathys has boastfully posted on his Twitter multiple times over 100 ETH withdrawals he made from Tornado Cash and appears to hold a large amount of XMR – only time will tell what will happen to him.

Relevant news:

  • NFT artist DeeKay Twitter hacked, phishing attack steals $150,000
  • Uniswap users lose $8.17 million to phishing thieves
  • BAYC could be a “media company” like Disney – Alex Salnikov

Tamadoge (TAMA) – The next big meme coin

Our rating

  • Beta Sale Ends September 2022 –
  • Deflationary, low supply – 2 billion
  • Go to Earn, Metaverse Integration on the roadmap
  • NFT Doge Pets – Potential for mass adoption
  • Play to Earn Utility – Rewards Tokens

learn more

The post BAYC Phishing Scammers Unmasked by Crypto Detective @Zachxbt appeared first on the Business 2 community.

Be the first to comment

Leave a Reply

%d bloggers like this: