BTER Stolen Funds Are Moving – Exchanges Please Advise

3

We had a rough month, with multiple hackings from BTER to CAVITEX and other exchanges as well. So  1.680.000$ million of Bitcoin has been stolen from BTER.com, it passed 9 days and the hacker is on the move again!

We first tough it was a node (our mistake), now we know it’s a very well hidden hacker but also we suspect an inside job. Why ? Because on BTER front page it stated clearly that the funds were stolen from their “COLD WALLET”.

What is the notion of a Cold Wallet? A cold storage system should meet a handful of criteria:

  • It must never be connected to the internet or any public network
  • It should store its own keys
  • Those keys should never ever be communicated to an online system
  • The only inputs to the system should be unsigned transactions or messages
  • The only outputs from the system should be signed transactions or messages

Or the BTER.com has not stated correctly by saying “Cold Wallet”, which it will be a bit awkward since they appeared to be an experienced player on Bitcoin market.

Anyway let’s get to the subject and see where the funds are splitted. From the original 7 Accounts now they are 4 untouched with 220.000$ each and 3 of them are moving. We will highlight with RED those that are moving.

https://blockchain.info/address/1AFbZuU5PufViRhNCChw8br6beo6K78r2H
https://blockchain.info/address/1KPNHv8mfMPNivHptAiwwytUVZmzovVF8f
https://blockchain.info/address/1MgM7WMAVteJ3k4PqfyB9AKdaBnHvdxvdG
https://blockchain.info/address/14kgEXiKWCN46BEHVNwYjyuohFN83Uc5Jt

https://blockchain.info/address/1J4TJQKgh1phPMcsV8cbRkAhV2Q6V8wW25 Started to move on 2015-02-20
https://blockchain.info/address/1Q2MxBc9Zbe6A35mTcD5jyU8PMr4K6oqGC Started to move on 2015-02-18
https://blockchain.info/address/1Muse5NL7nDPPHVreF2Gkq5wv5XLbC2Qtz Started to move on 2015-02-17

So let’s follow their path and see on which new accounts they are leading us to. And when we tried to do this, we got ourself dizzy, it’s a major mixing between accounts and some of them are lopping,  some of the funds looks like they ended up in some sort of exchange. We will post some of the accounts that they are still having funds on them and what we found so far. But I am sorry for the people that had their money in BTER, they’ve lost them big time, in an ugly way.

https://blockchain.info/address/1Laaf1bXU6sCUv8qkesZHzLYzByLQxu86p
https://blockchain.info/address/1HNvade6iToWyHnT2mwvAYzhUYDF8vdMU8
https://blockchain.info/address/1DwZ638uEycNBKTS7ZGVFBWUcC9NNksMTa
https://blockchain.info/address/1o3j73DrVAGBchu3EYoWM9tJxd1mbphjZ
https://blockchain.info/address/1BQX8c6SZEA4cpnfsnThD6eM7FXrtpeuyt
https://blockchain.info/address/1AiU5hqZ1ffSXFSrwyVDMB9qFQu5V3yt4z
https://blockchain.info/address/18Ydm59S33ndMUzVfTUR4uJHiymKYCmEK8
https://blockchain.info/address/1LyYKGFsMv6PgB1tUfv9kS98MpJVs1cYuo
https://blockchain.info/address/1P4Pmu3RCJaxazrx5Vm5wUCAV9A2Yuzg3i
https://blockchain.info/address/1HHnxBSBmW5wmxPihxD4KyQcxNDVoqoCUd
https://blockchain.info/address/17wCG5UPRAc8869UycLjf5jTNMimFVFuRa

So this is part of them, some of them have small amounts from 500$ – 5000$, which I believe will be used to withdraw them in an exchange or for personal spending.

The movement is very fast and it’s getting extremely hard to track all of them. I notice that some funds are going in old accounts that have 12 mil$ in Bitcoin or 2 mil$ in Bitcoin, which it makes me think that they are gone into exchanges already.

If you track them and find new addresses except the ones listed here, post them in the comment section and we will update the list for everyone to view.

Also, if can somebody explain us why BTER said “Funds stolen from cold wallet”, when a cold wallet/storage should be offline, that would be awesome. We can only go with the idea that they have not expressed as they wanted to do or some employee or somebody from inside did this robbery.

Stay tuned for more updates about the movement or any new accounts we find, also if you like our agility on this theft don’t forget to use our ChangeTip button.

Thanks – 24/7 Crypto News Team.

 

About Author

Full Name : Razvan Gabriel Paun , Owner of 24/7 Crypto News . Cryptoenthusiast , Bitcoin Fanatic . If you want to contact regarding any information you can email : office (at) cryptobuzzing.com . An active member of the Cryptocurrency Community, and enjoys collecting, trading, and writing about various coins & Bitcoin latest news .

  • Sameer

    It was mentioned in another article online that it wasn’t a truly cold wallet, it had some sort of feature to withdraw from the cold to hot and maybe this was where the vulnerability was.

  • Danno Ferrin

    IIRC the explanation was that their hot wallet had been drained and they had not realized it was illegitimate withdrawals. So they topped off their cold wallet from the hot wallet. More of a social engineering attack than an attached wallet flaw.

    • rawwr

      1. you dont simply refill the hot wallet with 7000 BTC
      2. The fund were moved directly from the “cold” wallet. not through the hot wallet

Read previous post:
CoinMagi-header-crypto-news
Coin Magi – Dream Transformed In Reality for CPU Miners

Coin Magi is a peer-to-peer global currency that facilitates instant payments to anybody in the world. Magi is decentralized and...

Close