US government wallet addresses compromised for $20M

The US Government wallet known as Bitfinex Hack was compromised, moving $20M to a new wallet that immediately started to swap and launder the assets. The transactions originate from the Bitfinex Hack Wallet, held in custody since 2022.

Crypto wallets belonging to the US Government were compromised for $20M. Initially, the Bitfinex Hack wallet received funds from Aave. Then, up to 20M were moved to a new address, which had links to DEX traders and was funded suspiciously by a MetaMask swapper. It turns out the activity was indeed an exploit, swapping and mixing the funds into suspicious addresses linked to money laundering. Arkham Intelligence tracked the token movements and concluded the case was indeed an exploit.

The US Government wallet was first active with consecutive withdrawals from Aave lending pools, returning ETH and stablecoins to the Bitfinex Hack wallet. Until now, the US Government has not announced involvement with Aave lending vaults, causing surprised reactions on social media.

The addresses for ETH, USDT, USDC, and AUSDC moved to a single known wallet, which now holds around $6.5M. The wallet has been dusted and has received several risky token transactions. The entire value of the swapped assets reached $20M.ย 

The US Government has not moved any of its BTC, which was previously earmarked for selling. The most recent transactions are a small fraction of the wallet, but are raising questions on the exact intentions that led to the transactions.

Recipient wallet starts to move funds to Binance

About an hour after transferring $20M in ETH and stablecoins to a new address, the funds started to move again. In several minutes, most of the walletโ€™s holdings were sent to Binance.ย 

A wallet that received funds from the US Government Bitfinex Hack addresses then sent funds to Binance.
A wallet that received funds from the US Government Bitfinex Hack addresses then sent funds to Binance. | Source: Arkham

The recipient wallet also used the 1Inch DEX aggregator to swap AUSDC V2 for around 15 ETH.ย 

The fast movement of funds further raises suspicions of a potential exploit, as the US government has been conservative in selling the assets. Usually, the funds from US government vaults go through Coinbase Custody, and a straight transfer to Binance or to DEX is extremely unusual. The movement of funds usually also comes with a warning, especially for BTC. This time, the US government behaved like a fast trader, while on-chain researchers were still trying to determine if the events were part of an exploit.

A part of the funds were also sent to yet another high-balance wallet in four separate transactions, not flagged as belonging to an exchange. That last wallet was created two years ago and is a high-activity hub with constant stablecoin and ETH flows.ย 

On-chain analysis uncovered suspicious wallets

The latest transactions affect a relatively small share of the wallet. However, the activities raised suspicions of a possible exploit, due to the history of the new wallet.ย 

The wallet to which the US government sent the funds was first funded by the address of a MetaMask swap user. The address does not look like a specially created cold storage or custodial wallet. The funder has previous activity swapping ETH, USDC, and PRO tokens.ย 

The strange counterparties to the US Government wallets raised suspicions of a possible exploit, especially given that the transactions happened within minutes of each other, with no previous preparation or test transactions.ย 

The Bitfinex Hack wallets withdrew USDT and USDC from Aave lending pools for a total of $6.59M. It was precisely those funds that got moved to a new address. For the last time, the Bitfinex hack wallet moved ETH eight months ago, and it is now stored in a new wallet with limited activity.ย 

The Bitfinex exchange was hacked in 2016 for 119,765 BTC, with the exact identity of the hacker unknown. The funds originated from the exchangeโ€™s hot wallets. In 2022, US law enforcement discovered some of the Bitfinex funds were held by Ilya Lichtenstein and his wife Heather R. Morgan, who controlled more than 94K BTC and other assets.

Source: https://www.cryptopolitan.com/us-government-wallet-addresses-compromised-for-20m/