The hackers that breached Twitter’s security and promote a fake bitcoin giveaway using the accounts of high-profile figures and organizations have moved the funds to an address that has previously interacted with Coinbase and BitPay.

According to Israel-based blockchain intelligence startup Whitestream, as first reported by Cointelegraph, the funds are now consolidating on the hackers’ “1Ai5” legacy bitcoin address, which has in the past interacted with both Coinbase and BitPay, two cryptocurrency firms that provide merchant solutions.

The address was the first one hackers started using, but then, later on, switched to a Bench32 address that was used in the fake bitcoin giveaway that used the Twitter accounts of high-profile figures like Bill Gates, Joe Biden, and Barack Obama, and the accounts of firms like Uber, Apple, CoinDesk, Coinbase, and Binance.

The 14.75 BTC the giveaway netted the hackers, at press time worth $134,100, have been moved to the 1Ai5 bitcoin address that has in the past made three transactions associated with Coinbase and BitPay. The first and largest was made in May 2020, when 1.2 BTC were moved to a BitPay address. The other two were for smaller amounts to a Coinbase-related address.

The transactions sent to Coinbase are harder to trace because the address changed with every input. The hackers’ identity could now be exposed thanks to interactions with these firms, although an investigation could be hard if the transactions were sent to merchants that accept crypto with these firms.

Security experts have warned that the fake bitcoin giveaway on Twitter could be covering “other malicious activity.” The microblogging platform has revealed it was looking into any other potential damages. If the hackers stole Twitter users’ data they could, for example, sell it on the dark web.  As reported, hackers are currently trying to sell the data of 142 million MGM Resorts guests for either BTC or XMR.

Featured image via Unsplash.