Date:: September 11, 2020
Tags:: 🔑
ON September 11, 2020 the Unbright team noticed unauthorized transfers of $400K from multiple wallets controlled by the team as the result of a private key compromise. The attacker immediately swapped the assets for ETH on decentralized exchanges.
Good morning!
As Jack said, there should be an explanation about the unexpected token movements this morning. The explanation is simple and yet unpleasant, the recovery key for one of the company hd wallets has been exposed. The unallowed access led to calling the transfer functions of token lock contracts (anybody can do that) to the defined target addresses, which were part of that company hd wallet.
1,93 mio locked UBT have been moved that way, additionally one of the “personal” wallets, that had been distributed to team members earlier that year.
Our current state of the token model states that locked tokens are not planned to enter open market again, which – obviously – just happens. We feel terrible about that accident, and are currently ensuring that no other assets are harmed.
We already contacted all clients that are connected with these projects and workshops, and as their locked in UBT already had been converted to transactions they are allowed to use within our solutions, they have no disadvantage. The contracts also had already been expired, so their buy back opportunity was also over.
So the only remaining negative effect is that these tokens are obviously sold on the market. Ironically, we are currently preparing great news on a professional custody integration that will be the next step for the utility of UBT as the “Universal Blockchain Token”. Part of this news will be the replacement of token lock contracts by a fully automated integration into custody, incl. the coverage of underlying transaction costs in other crypto currencies, like ETH or native blockchain tokens. The event today showed once again how important custody is in enterprise environments.
We are deeply sorry this happened and we will give our best to make up for it with great news about development, clients and partnerships, like we did in the last weeks and months.
Thanks for you understanding and see you soon with better news 😉
—Source: Unibright Team
-
0x6c6357f30fcc3517c2e7876bc609e6d7d5b0df43 - Theft
-
0xbc8d089824461048a06d300dff88bb7357d88b3b - Laundry - Connects Coinberry, Coinmetro, Fetch.ai, Unibright, LEAD, Nexus Mutual, EasyFi
-
0xa6ebdf303198bc8a073d815761c663f6eeaedac4 - Victim
-
0xb847ba2074ea5677946f7ea8beda6befc2fafe49 - Victim
-
0xbcec8d717bdc20acc1518f0ed7a24c11102ac470 - Victim
-
0xedc6c8ad1c41aef1f474278374af2bbb916d4cf1 - Victim
-
0x56b2378bf4bdbe28c8f29b577c030047d3cd8bee - Victim
-
0xa2f82e7335df98460556c94750253f7e82d8ba64 - Victim
-
0x3a996504f4ce87c8a06587bb9f4f96129efb6bc2 - Victim
-
0x9d3019c65bfa2b840e717ab1a2d0ab5a68406baf - Victim
-
0xd7d5176db590167bf3b97c52ed8b1a7ba15f1690 - Victim
-
0x66a312f8d8a4d2304821c3593504b8591eec9f25 - Victim
-
0x9fcf9d4219f708d69117ba401df98df5759d15b8 - Victim
-
0x42a8adc23f7437fdf4c50da19a9a7f4c5e36fc13 - Victim
-
0xdfc74aedb08dff8f2ab8460166dd498ed2ff82f8 - Victim
-
0x43b85d209a9df5299fa385c5936c13d420450f7c - Victim
-
0x6a94e8246eb41be081b322b864bfc1e8fb2a0a3f - Victim
Funds from thefts such as CoinMetro, CoinBerry, Unibright, and individuals were transferred through intermediary wallets before consolidating in 0x0864b5ef4d8086cd0062306f39adea5da5bd2603 in early January 2021.
3000 ETH was deposited to Tornado Cash by 0x0864b5ef4d8086cd0062306f39adea5da5bd2603 on January 11, 2021 02:54–09:14 UTC.
After 1814.49 ETH was transferred from 0x0864b5ef4d8086cd0062306f39adea5da5bd2603 to 0x1031ffaf5d00c6bc1ee0978eb7ec196b1d164129 and 17 X 100 ETH was deposited to Tornado Cash on January 11,2021.
An additional 112.1 ETH was deposited to Tornado cash by 0x1031ffaf5d00c6bc1ee0978eb7ec196b1d164129 from January 14–16, 2021.
45 X 100 ETH was withdrawn from Tornado Cash to 0x05492cbc8fb228103744ecca0df62473b2858810 beginning January 11, 2021 14:35 UTC thru January 14, 2021 23:52 UTC.
All Tornado Cash withdrawals for the month of January 2021 were reviewed and no additional withdrawals were found which shared similar characteristics. Additional comfort is gained with the demix as the Tornado withdrawal destination address connects back with the original theft address.
Through a series of transactions, the funds sitting in 0x05492cbc8fb228103744ecca0df62473b2858810 were transferred through intermediary addresses and consolidated with funds from other Lazarus Group thefts before USDT was deposited to the P2P marketplace Paxful via deposit addresses 0x246569f8b420c8d850c475c53d0d59973b3f08fc and 0x593dc5e1ad81667bbfc90739dd2c09c926920e3b beginning in July 2022.
In April 2023 they began using Noones deposit address 0x2e1155cf5374cba058a04fd03ebd0ba19afe580d. They continue slowly transferring USDT in batches until November 2023.
Additionally, in 2021 multiple transfers were made from the 0x9973 address to Wu Huihui, a China-based OTC trader. In April 2023, an indictment against Wu was unsealed alleging that he facilitated payments for DPRK and he was added to the OFAC SDN list.