Those behind Bancor’s security breach last year have recently started moving their stolen ether after months of inactivity, seemingly to popular cryptocurrency exchange Huobi. The move may have seen them liquidate the stolen funds.

According to Elizabeth Yeung, a cybersecurity researcher with the Sentinel Protocol, the Uppsala Security Operations Team picked up on the move and analyzed blockchain data to reach its conclusion.

It started off with the “Bancor Hack” address annotated on Etherscan, which initially received the roughly $12.5 million worth of ETH stolen from the decentralized exchange. Following its trail, the team found that nearly all of the ether was moved to an address that then split the funds through various transactions.

Its analysis found that although various transactions were made, nearly all of the ether ended up in an address. This address was identified as a relay wallet, which means it’s a wallet that “immediately transfers tokens out to one address whenever it receives them, sans a tiny portion spent on gas.”

This type of pattern, Elizabeth Yeung’s post reads, is usually displayed by user wallets on crypto exchanges. The next hop on the blockchain saw the ETH go to a wallet dubbed 0xf056f4, identified as belonging to a “well-known exchange.” A look at the wallet showed it has seen over 37,000 transactions, and a balance of well over 10,000 ETH.

Analytics of the address the funds ended up onSource: Sentinel Procol Team's blog post

This showed the wallet belonged to a service, although it had inconsistent activity: it was “generally quiet for most of 2018, and only regained activity in 2019.” The team also noted it received more transactions than it sends.

While it was found on the blockchain the wallet sends large amounts in 2,551 ETH denominations to another address, the Sentinel Protocol Team figured out the 0xf056f4 wallet belongs to Huobi over the ERC-20 token transfers made to it.

Taking this into account, the team concluded the funds were sent to Huobi, liquidity to be liquidated. The cryptocurrency exchange has reportedly been alerted.

Given these findings, the Uppsala Security Operations Team has reasons to believe that the stolen funds from the Bancor hack has ended up in the crypto exchange, Huobi. We have since alerted Huobi about these tainted funds.

Bancor’s Security Breach

Bancor, a firm that touts a decentralized exchange service, was hacked in July of last year for roughly $23.5 million worth of ETH and ERC-20 tokens, namely 229 of Pundi X’s NPXS tokens, at the time worth about $1 million, and 3.2 million of its own BNT tokens, at the time worth roughly $10 million.

In response to the security breach, Bancor took down its platform at the time and communicated with various exchanges to “make it more difficult for the thief to liquidate” the tokens it stole. Its BNT tokens were at the time frozen.

Notably, the cryptocurrency platform was criticized at the time for the freeze, as it claims to have a decentralized exchange, yet used a strategy used by centralized systems.