The DAO Hacker’s Booty Is On The Move

Update 23:05 Oct 26 2016 UTC with trace through ShapeShift to Bitcoin address 1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew. And corrected ETC equivalent USD amounts.
Update Oct 28 2016 15:39:45 UTC re ShapeShift transparency.

---

Table of contents

• Summary
• The Hacker’s Booty Address
• Movements From The Hacker’s Booty Address
• Is The Hacker Converting The Hot Booty Via ShapeShift?
• Let’s Trace A Transaction
• How Can We Confirm Address 0x9bcb…4e9d Is ShapeShift’s Account?
• The Hacker Is Converting The Booty Via ShapeShift
• What Can The Exchanges Do?
• Conversion Of Booty Into Bitcoins

 

---

Summary

Hawkeye @usukan on https://thedao.slack.com noticed that the hacker’s booty is on the move. Let’s see what is happening.

So far, The DAO hacker has converted 94719.9848 Classic ethers (ETC) ~ USD 97,845 into one or more other cryptocurrencies through an exchange. Exchanges would have to trace any sources of funds from the hacker’s booty account to prevent the flow of these stolen funds into their exchanges – if they choose to do so.

And keep a close eye on any of your developer colleagues – see who next buys a shiny new yacht.

Update 23:05 Oct 26 2016 UTC ETCs traced through ShapeShift to Bitcoin address 1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew totalling 144.92992187 BTC ~ USD 97,835 with some unconfirmed transactions for almost a day (Bitcoin Blocksize Tweetle Beetle Bottle Puddle Paddle Battle Muddle).

Update Oct 28 2016 09:02:25 UTC – See Coindesk – The Plot Thickens As DAO Attacker Trades Stolen Funds for Bitcoin.

Update Oct 28 2016 15:39:45 UTC – I do like ShapeShift’s transparency:

Hello everyone, ShapeShift’s policy is two-fold:

1) ShapeShift requests as little information as possible in order to enable blockchain asset exchange. Personal private information is not needed to exchange blockchain assets, so we don’t ask for it.

2) All the information we do have, as a platform, we make transparent. We do not obscure any information. Transaction details like input coin, amount, output coin, etc. are all transparent on ShapeShift. Indeed, we even publish it on our homepage and make it available via the API.

Since ShapeShift does not obscure information, it would be a horrible idea to use it as a mixer or similar. We state this in our Terms of Service. Further, we will always cooperate with reasonable requests for this information (from law enforcement or private investigation, we make no distinction).

With this policy, ShapeShift is simultaneously the least invasive exchange, as well as the most transparent. We neither expose users, nor hide them.

Related reddit/r/ethereum post – The DAO Hacker’s Booty Is On The Move.
See also Ethereum Network Attacker’s IP Address Is Traceable and the related reddit post.

 

---

The Hacker’s Booty Address

The DAO hacker withdrew their booty from The DAO on the ETC chain on Sep 5 2016.

You can see that the main part of booty still sitting in 0x5e8f0e63e7614c47079a41ad4c37be7def06df5a:

Movements From The Hacker’s Booty Address

You can see that a total of 106,100 Classic ethers (ETC) has moved to 0x085acc2d9794fc82e88b9b7b561ac3fea56406a9 in lots of 1,100, 5,000, 10,000, 15,000 and 25,000 ETC. From this account, you can see many amounts around 2,333 ETC moving into different accounts:

Is The Hacker Converting The Hot Booty Via ShapeShift?

From https://shapeshift.io, you can see that the maximum ETC amount that ShapeShift will convert in one transaction is currently 2,448.84336818 ETC. This is the first clue that the hacker is using ShapeShift to convert their booty into another cryptocurrency.

Let’s Trace A Transaction

Let’s trace one of the transactions – tx 0x81b8…6d0b. The amount of 2,333.9612 ether is transferred from 0x085acc2d9794fc82e88b9b7b561ac3fea56406a9 to 0x0a99050db96a7be5c7e92a4b908ec0e9790d4805.

You can then see 2,333.9586 ETC move from 0x0a99050db96a7be5c7e92a4b908ec0e9790d4805 to 0x9bcb0733c56b1d8f0c7c4310949e00485cae4e9d:

And in 0x9bcb0733c56b1d8f0c7c4310949e00485cae4e9d, you can see many transactions – this address is likely to be an exchanges address where ETCs are received, then transferred into another wallet:

How Can We Confirm Address 0x9bcb…4e9d Is ShapeShift’s Account?

ShapeShift publishes the last 50 transactions at <https://shapeshift.io/recenttx/1000. If we can correlate this with a transaction to the 0x9bcb0733c56b1d8f0c7c4310949e00485cae4e9d account, we can confirm that the hacker has been converting parts of the booty in small chunks via ShapeShift.

Here is the data from https://shapeshift.io/recenttx/1000. I’ve highlighted a transaction that exchanges 100 ETC to ethers (ETH):

The timestamp for this transaction is 1477480174.02 which is GMT: Wed, 26 Oct 2016 11:09:34 GMT according to http://www.epochconverter.com/.

And here is the 100 ETC transaction received by ShapeShift’s account 0xaca117af6d06a3469e78951bf2d30c85dfa300ac.

You can then see the 99.9974 ETC transfer into the same https://gastracker.io/addr/0x9bcb0733c56b1d8f0c7c4310949e00485cae4e9d account that the hacker’s funds were transferred into.

The Hacker Is Converting The Booty Via ShapeShift

So this confirms that the hack has sent the transaction above to ShapeShift to be converted. Unfortunately we do not have the list of transactions showing what the hacker’s ETCs were converted into.

The total amount of the booty converted so far is 94,719.9848 ETC (~ USD 97,845).

What Can The Exchanges Do?

The exchanges would have to enhance their computer systems to trace the source of funds for each account before allowing the exchange from the account. This would take at least a few days to implement but they could consider shutting down ETC transfers in the meantime. If the tracing back to the booty account is implemented, the hacker could then poison legitimate accounts by sending small amounts from the booty to these accounts, and these legitimate accounts would be blocked by the exchanges as well. Messy.

---

Conversion Of Booty Into Bitcoins

User @tayvano of https://www.myetherwallet.com/ provided me with the ShapeShift transaction API in the form of https://shapeshift.io/txstat/0x0a99050db96a7be5c7e92a4b908ec0e9790d4805, so here is the trace of all the ShapeShifted booty, and it is into bitcoins:

Block	Confirmations	Timestamp	Tx Hash	Type	Value	To / From	ShapeShift Info using https://shapeshift.io/txstat/{address}
2505889	4870	26 Oct 2016, 03:15	0xfc079d1d	OUT	588.0075 ether	0x01aedbcbe712ad602a53f2880c5aeb0b436ae762	{"status":"complete","address":"0x01aedbcbe712ad602a53f2880c5aeb0b436ae762","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":588.00747808,"incomingType":"ETC","outgoingCoin":"0.90025697","outgoingType":"BTC","transaction":"b2a1853ff1963dd29100a3901064b1eaaf6c20000bf4c85e7f6491f780ad3ff3"}
2505852	4907	26 Oct 2016, 03:09	0x81b81c7b	OUT	2333.9612 ether	0x0a99050db96a7be5c7e92a4b908ec0e9790d4805	{"status":"complete","address":"0x0a99050db96a7be5c7e92a4b908ec0e9790d4805","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2333.96115095,"incomingType":"ETC","outgoingCoin":"3.57542184","outgoingType":"BTC","transaction":"8d600583dd0b32317851490e8b6100918738ff742046e71e3f4ab3901508f382"}
2505827	4932	26 Oct 2016, 03:03	0x10bb07d9	OUT	2334.2376 ether	0xee66a90edeb0072d4d4a8293cab26c2980212cee	{"status":"complete","address":"0xee66a90edeb0072d4d4a8293cab26c2980212cee","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2334.23759595,"incomingType":"ETC","outgoingCoin":"3.57631221","outgoingType":"BTC","transaction":"90e667f1a96b5b312dffa778fab84782a42a6e7388b26712665fe294a4f71feb"}
2505822	4937	26 Oct 2016, 03:01	0x8ba3f365	OUT	2334.2376 ether	0x93ba910c22d41ba4952bd679d750a72e6557f7ef	{"status":"complete","address":"0x93ba910c22d41ba4952bd679d750a72e6557f7ef","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2334.23759595,"incomingType":"ETC","outgoingCoin":"3.57631221","outgoingType":"BTC","transaction":"ebed4bf29a7ae3634ef2bb46fe9b8cc52a34fc127daa2205acba97ebe5615b99"}
2505794	4965	26 Oct 2016, 02:53	0x5f0d9dec	OUT	2333.4909 ether	0x8f0f19f262e5d3fe081c82bc6b45a2e55cb18771	{"status":"complete","address":"0x8f0f19f262e5d3fe081c82bc6b45a2e55cb18771","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2333.49091582,"incomingType":"ETC","outgoingCoin":"3.57353468","outgoingType":"BTC","transaction":"303ea174da0d214eeb633fd04d13a4681f6c2ad3abc46c9cfc2e4441a5a95fa9"}
2505762	4997	26 Oct 2016, 02:47	0x80473be4	OUT	2332.9400 ether	0x39cb7d6477f909b924dbc10dcb8f328cf9f942e2	{"status":"complete","address":"0x39cb7d6477f909b924dbc10dcb8f328cf9f942e2","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2332.93997894,"incomingType":"ETC","outgoingCoin":"3.57315748","outgoingType":"BTC","transaction":"ec7c76a8c83579e8bcee8dfec5b61b08989484f49d9f94891dcb7ffd0dec6a23"}
2505724	5035	26 Oct 2016, 02:37	0xd11a2011	OUT	2334.2391 ether	0x6c4bebceadf6cda8a710a32f56fac5d19d12b4ce	{"status":"complete","address":"0x6c4bebceadf6cda8a710a32f56fac5d19d12b4ce","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2334.23907779,"incomingType":"ETC","outgoingCoin":"3.58632837","outgoingType":"BTC","transaction":"f387544029cf6f648a2cc7a02337a749414747c0238218045beb6bd4aa8b65c5"}
2505441	5318	26 Oct 2016, 01:34	0x951d6e94	OUT	2322.4488 ether	0xb4cb0107a30113e0ccf66a46c3fe5528e0239602	{"status":"complete","address":"0xb4cb0107a30113e0ccf66a46c3fe5528e0239602","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2322.44883659,"incomingType":"ETC","outgoingCoin":"3.56890905","outgoingType":"BTC","transaction":"45edea2f89bb8a54dd530dea02f0be5113238105a6c746a3384b009c903781a6"}
2505412	5347	26 Oct 2016, 01:27	0x8b1b65e3	OUT	2315.1474 ether	0x2279629a241667b5917055766214ff38a9d5b8db	{"status":"complete","address":"0x2279629a241667b5917055766214ff38a9d5b8db","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2315.14743387,"incomingType":"ETC","outgoingCoin":"3.56877759","outgoingType":"BTC","transaction":"37e362785912bddad14b65ea1d9b1efd56cde63d70b0599c8751c7848e173cb3"}
2505374	5385	26 Oct 2016, 01:18	0x30828016	OUT	2316.7804 ether	0x65e40e6e7c1832ebbed79c564b2591056c9c6c3a	{"status":"complete","address":"0x65e40e6e7c1832ebbed79c564b2591056c9c6c3a","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2316.7803968,"incomingType":"ETC","outgoingCoin":"3.57106332","outgoingType":"BTC","transaction":"bf983b89bb1bf9b913ac5cc8df0c7170beb8ecd8882a856da9a9554edba17d8d"}
2505331	5428	26 Oct 2016, 01:09	0xba09bb37	OUT	2317.1701 ether	0xc975f9e286bcbc5aaa99c2d7590b396547d331d4	{"status":"complete","address":"0xc975f9e286bcbc5aaa99c2d7590b396547d331d4","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2317.17005885,"incomingType":"ETC","outgoingCoin":"3.58090950","outgoingType":"BTC","transaction":"69d21234102b6f4b39f136a7fcea1ccea34580af4780bddd35023913d572c3da"}
2505305	5454	26 Oct 2016, 01:02	0x29bb2428	OUT	2315.7042 ether	0x2cf15e61ddf3bce8483277a1a7af562767c825cf	{"status":"complete","address":"0x2cf15e61ddf3bce8483277a1a7af562767c825cf","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2315.7042079,"incomingType":"ETC","outgoingCoin":"3.58327542","outgoingType":"BTC","transaction":"3f0488cdd612803959c7f1fc2913b9d44b9d5c14509314a2a4a7dd276bff4aa1"}
2505268	5491	26 Oct 2016, 12:53	0x5eaec214	OUT	2325.4357 ether	0x9a39ae500d80ef7886e046cae4688d12effcd1d5	{"status":"complete","address":"0x9a39ae500d80ef7886e046cae4688d12effcd1d5","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2325.43573127,"incomingType":"ETC","outgoingCoin":"3.59240519","outgoingType":"BTC","transaction":"78cd92ad0ebfd0175f49c2d87ca3ac110e24d2d2023620f3573ab1ec8da8b5f4"}
2505246	5513	26 Oct 2016, 12:46	0x896a8eec	OUT	2322.5888 ether	0x971de69ea24b9dc87846c63a04c627cd445c6977	{"status":"complete","address":"0x971de69ea24b9dc87846c63a04c627cd445c6977","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2322.58883874,"incomingType":"ETC","outgoingCoin":"3.59160687","outgoingType":"BTC","transaction":"bb5665249be7256bfcace3857bd1d765be92a22c9cb12f68559f7e7ba5b036e7"}
2505195	5564	26 Oct 2016, 12:34	0x287498ea	OUT	2322.9409 ether	0x584ab7f09851abe813e2143be4e5e6cf5e5ac1f3	{"status":"complete","address":"0x584ab7f09851abe813e2143be4e5e6cf5e5ac1f3","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2322.9408901,"incomingType":"ETC","outgoingCoin":"3.59215132","outgoingType":"BTC","transaction":"f6a076741587c45009019ad28bf95616079b7ebc2cc733c1e0f615dfec03fb0c"}
2505154	5605	26 Oct 2016, 12:25	0x7e784270	OUT	2323.8391 ether	0xcecde477622b240bd1c317115d923e8de5a18f04	{"status":"complete","address":"0xcecde477622b240bd1c317115d923e8de5a18f04","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2323.83910439,"incomingType":"ETC","outgoingCoin":"3.59354041","outgoingType":"BTC","transaction":"8246fcc1ec4bad0826edd3b1419030c402b2dd458c490a5eb18828a829da238a"}
2505104	5655	26 Oct 2016, 12:14	0x4f90f45f	OUT	2323.2930 ether	0x59116bbdf2e1173b067d02c731debaa6b2d4e599	{"status":"complete","address":"0x59116bbdf2e1173b067d02c731debaa6b2d4e599","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2323.29304823,"incomingType":"ETC","outgoingCoin":"3.59269593","outgoingType":"BTC","transaction":null}
2505033	5726	25 Oct 2016, 11:56	0x25277bd8	OUT	2323.4692 ether	0x440afde443c7bcfdb7414aa9028e20cda74fc5d2	{"status":"complete","address":"0x440afde443c7bcfdb7414aa9028e20cda74fc5d2","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2323.46916733,"incomingType":"ETC","outgoingCoin":"3.59296830","outgoingType":"BTC","transaction":"6f8430bc125cd350ce4f4a6703c3e2a511e0b568ba26aa4ed0eeebb28291bf10"}
2501620	9139	25 Oct 2016, 10:41	0x188c6f4e	OUT	1192.5569 ether	0x2a2907c67cfd06e0e4f16f2cd4b395233190d7d1	{"status":"complete","address":"0x2a2907c67cfd06e0e4f16f2cd4b395233190d7d1","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":1192.55691534,"incomingType":"ETC","outgoingCoin":"1.83209948","outgoingType":"BTC","transaction":"3418d9c010644edae234db064c6e7eac7d415e4e1e13442b15e69884c0e507cb"}
2501597	9162	25 Oct 2016, 10:34	0xc3be3176	OUT	2345.4909 ether	0x6b0a1497f88be0a117b68db042353df05656e7ea	{"status":"complete","address":"0x6b0a1497f88be0a117b68db042353df05656e7ea","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2345.49090298,"incomingType":"ETC","outgoingCoin":"3.60361714","outgoingType":"BTC","transaction":"4ef3180902bdef1ff322e9457cb91146ce6d9b886e8b58408d7d0227f73c7f2b"}
2501576	9183	25 Oct 2016, 10:27	0x441b1e16	OUT	2345.6336 ether	0x6c0c4a3d97e27605930855ecf49ef9e3e60ca51d	{"status":"complete","address":"0x6c0c4a3d97e27605930855ecf49ef9e3e60ca51d","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2345.63357497,"incomingType":"ETC","outgoingCoin":"3.60383636","outgoingType":"BTC","transaction":"c6a76a60b2ab7cd132056094260b9df68db3f46040614fb196c4d6ff6d8baa67"}
2501550	9209	25 Oct 2016, 10:19	0xf88429d0	OUT	2343.9227 ether	0xec3af6b16384f14f1e2a1fddd24faded401ececc	{"status":"complete","address":"0xec3af6b16384f14f1e2a1fddd24faded401ececc","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2343.92265592,"incomingType":"ETC","outgoingCoin":"3.60120748","outgoingType":"BTC","transaction":"dd0d50eeecb2464f920ac39822bdb43f3920ff48e8c0804fe32d301898ec3956"}
2501484	9275	25 Oct 2016, 10:06	0x30e765bd	OUT	2353.2491 ether	0xbde8e5c3d8e57fe6c226db6d3745b97bfb152748	{"status":"complete","address":"0xbde8e5c3d8e57fe6c226db6d3745b97bfb152748","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2353.2490937,"incomingType":"ETC","outgoingCoin":"3.61210209","outgoingType":"BTC","transaction":"1d6f8492266fbb5cdd132f3ad7dadee10d59ee5e550b10c96d3bcaed3d555097"}
2501460	9299	25 Oct 2016, 09:59	0x7e910ec9	OUT	2347.0121 ether	0x8d8bcf29605b2b3867d686badb3ad0e93ac94b04	{"status":"complete","address":"0x8d8bcf29605b2b3867d686badb3ad0e93ac94b04","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2347.01206147,"incomingType":"ETC","outgoingCoin":"3.61196279","outgoingType":"BTC","transaction":"a85d7dbbed6f3b3cbe6df0752333218141ad9b3b5b71739758138e2e7ea51f61"}
2501432	9327	25 Oct 2016, 09:52	0x2ed418cb	OUT	2342.5497 ether	0x377b1feea3bb19b7ca4c04f8aae4fc09d8f86b39	{"status":"complete","address":"0x377b1feea3bb19b7ca4c04f8aae4fc09d8f86b39","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2342.54968421,"incomingType":"ETC","outgoingCoin":"3.59956638","outgoingType":"BTC","transaction":"cdd9eab7441d628b1b48577bc81b0e79c87b8b74136caa4eb160e863227e21b4"}
2501399	9360	25 Oct 2016, 09:45	0x722becc9	OUT	2342.7377 ether	0xb973019e537c7d4838cf9a7f3624a22a3b72065e	{"status":"complete","address":"0xb973019e537c7d4838cf9a7f3624a22a3b72065e","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2342.73771534,"incomingType":"ETC","outgoingCoin":"3.59962106","outgoingType":"BTC","transaction":"45e1343d4fe3e67f130a390eb55d110c0edb98062681bf0b63eabdf51fa4d611"}
2501373	9386	25 Oct 2016, 09:39	0x9ce9642a	OUT	2351.2230 ether	0xe1bdf12477879997dafc8b30287bf1a761e0fb3f	{"status":"complete","address":"0xe1bdf12477879997dafc8b30287bf1a761e0fb3f","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2351.22304862,"incomingType":"ETC","outgoingCoin":"3.61148426","outgoingType":"BTC","transaction":"bf280559ae278bd72dbf4f75f3d052c3b44760316edf8b02640be448c464addc"}
2501338	9421	25 Oct 2016, 09:31	0x11fb65cd	OUT	2343.9846 ether	0x87a9d19aa65d7504fb0e8672930fe1e684188de7	{"status":"complete","address":"0x87a9d19aa65d7504fb0e8672930fe1e684188de7","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2343.98455194,"incomingType":"ETC","outgoingCoin":"3.61170988","outgoingType":"BTC","transaction":"6baa2d5d171285a9a89a3a5af8a92fa02be3cb4bf58be10d9a81cf8058447db8"}
2501335	9424	25 Oct 2016, 09:30	0x17e383ff	OUT	2333.7660 ether	0xfcc57f16bd115dffb0af21338601658632f2429f	{"status":"complete","address":"0xfcc57f16bd115dffb0af21338601658632f2429f","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2333.76601986,"incomingType":"ETC","outgoingCoin":"3.59724699","outgoingType":"BTC","transaction":"5bddebe87c7641a97c7aaf138ac161f8859be18569f327e1d0380ccd09fafc46"}
2500991	9768	25 Oct 2016, 08:01	0x8c28b8bf	OUT	96.4105 ether	0xec19507dde89c5672fe463aba4277222b3ddd364	{"status":"complete","address":"0xec19507dde89c5672fe463aba4277222b3ddd364","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":96.41053713,"incomingType":"ETC","outgoingCoin":"0.14831877","outgoingType":"BTC","transaction":"692992ae088f7f47f2a96e52b2822f4d29a30409c8cf9f6b9108482a90dafaac"}
2500845	9914	25 Oct 2016, 07:27	0xe68502e9	OUT	1937.0092 ether	0xf50553575f25a212908789736ad42e6075e5c670	{"status":"complete","address":"0xf50553575f25a212908789736ad42e6075e5c670","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":1937.00922842,"incomingType":"ETC","outgoingCoin":"2.99530414","outgoingType":"BTC","transaction":"db33b4d412f2e25b166bd88be86b89db3bfea51a1ce4baa567ab883dc79e6468"}
2500805	9954	25 Oct 2016, 07:18	0x87887011	OUT	2321.7795 ether	0x3814cdec4044484b4375d4d50ab17f0f5ee200bc	{"status":"complete","address":"0x3814cdec4044484b4375d4d50ab17f0f5ee200bc","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2321.77952545,"incomingType":"ETC","outgoingCoin":"3.59035525","outgoingType":"BTC","transaction":"9a0857141b250ca9f7e2af5202a905ec792c74f5a895b5acc80dfe330f49d8fc"}
2500781	9978	25 Oct 2016, 07:11	0xcf3e504b	OUT	2320.9356 ether	0x6910ba715897494a0ccf626d4197a9f8a2e67d5d	{"status":"complete","address":"0x6910ba715897494a0ccf626d4197a9f8a2e67d5d","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2320.93562579,"incomingType":"ETC","outgoingCoin":"3.58905015","outgoingType":"BTC","transaction":"24543fb65c22ba87495369c0ab8664ed3e5dc69e8d93aa7a3f89399a137efce1"}
2500759	10000	25 Oct 2016, 07:04	0x5e7b1da9	OUT	2320.9005 ether	0x3909e7016584b9836a6e22d2a5c7cde14d49c009	{"status":"complete","address":"0x3909e7016584b9836a6e22d2a5c7cde14d49c009","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2320.90047662,"incomingType":"ETC","outgoingCoin":"3.58899580","outgoingType":"BTC","transaction":"12c85e9adfae9069e448deb6aa084740261affb59906e25196974a3ce5450fd4"}
2500735	10024	25 Oct 2016, 06:57	0x821a59c0	OUT	90.9092 ether	0x43e7efae92b6a0338224ca91e0e8d430a3ea6dc0	{"status":"complete","address":"0x43e7efae92b6a0338224ca91e0e8d430a3ea6dc0","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":90.90924124,"incomingType":"ETC","outgoingCoin":"0.14029205","outgoingType":"BTC","transaction":"da876afc7d4cad3cc823da579562465425665b47432c0d6346bade8ebd5b7c2a"}
2500706	10053	25 Oct 2016, 06:51	0xcb972355	OUT	1818.1848 ether	0x437ced43f3bed00d532f6c90faee6ee83feccdd6	{"status":"complete","address":"0x437ced43f3bed00d532f6c90faee6ee83feccdd6","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":1818.18482471,"incomingType":"ETC","outgoingCoin":"2.81154101","outgoingType":"BTC","transaction":"d3de4dd15457ede88df7f236b172961772600ff003f30a9f2175ae65a6b79798"}
2500667	10092	25 Oct 2016, 06:42	0x34dd4395	OUT	2320.9005 ether	0xe8a11cc436f7bdee2a47e8a159295dbf24e4b3b7	{"status":"complete","address":"0xe8a11cc436f7bdee2a47e8a159295dbf24e4b3b7","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2320.90047662,"incomingType":"ETC","outgoingCoin":"3.58899580","outgoingType":"BTC","transaction":"ad66614b0070dc38dabbede6f708155cc8d5f8bbc75f18f992dc7e103505b093"}
2500632	10127	25 Oct 2016, 06:35	0x2ac980af	OUT	2320.9005 ether	0xfb3d18e7cc9ef435a867ee4481bb90226e95974f	{"status":"complete","address":"0xfb3d18e7cc9ef435a867ee4481bb90226e95974f","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2320.90047662,"incomingType":"ETC","outgoingCoin":"3.58899580","outgoingType":"BTC","transaction":"84fffe63c905bcd7e0e341464ab88e5750c61c7b100018b2e705335fcce6af01"}
2500601	10158	25 Oct 2016, 06:28	0xc962bc7f	OUT	2317.3948 ether	0x8ddf9125a5a46b80156c1c7848c9b795361a2534	{"status":"complete","address":"0x8ddf9125a5a46b80156c1c7848c9b795361a2534","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2317.39478122,"incomingType":"ETC","outgoingCoin":"3.58818582","outgoingType":"BTC","transaction":"bd2f3f36d99eaf7931fe7f71c119c6c578742a1b0f7e016d58a23b7bbb3a110e"}
2500573	10186	25 Oct 2016, 06:20	0xeb574da3	OUT	2300.1952 ether	0xecd3e32620dc4a52f59e5a2386f08f02ba50d7c1	{"status":"complete","address":"0xecd3e32620dc4a52f59e5a2386f08f02ba50d7c1","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":2300.19524513,"incomingType":"ETC","outgoingCoin":"3.53401900","outgoingType":"BTC","transaction":"df97d80a64a2b308c9459baf316a08a6774437a97654abc50600c6d4b14dec0e"}
2500544	10215	25 Oct 2016, 06:12	0xa43511b0	OUT	984.7865 ether	0x61861d8559f98575c0498607d2df63873195fbea	{"status":"complete","address":"0x61861d8559f98575c0498607d2df63873195fbea","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":984.78652884,"incomingType":"ETC","outgoingCoin":"1.51821128","outgoingType":"BTC","transaction":"089d9f3bd247e25f836ae4b833017ccaf03a1eaa95c585294e2e4a5a0fd783ae"}
2500511	10248	25 Oct 2016, 06:06	0xcf57436f	OUT	987.1451 ether	0x51aca848199616498ebdac25561d7cd09a4d174a	{"status":"complete","address":"0x51aca848199616498ebdac25561d7cd09a4d174a","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":987.14511398,"incomingType":"ETC","outgoingCoin":"1.51790944","outgoingType":"BTC","transaction":"a450d18f6a35e8970e760d989e031004cac2cd54c9b687f4ab9f5e08b574808f"}
2500472	10287	25 Oct 2016, 05:58	0xea924bae	OUT	981.3024 ether	0x7ce06c31b9d088438c0083ca37b51cdcd2a89d69	{"status":"complete","address":"0x7ce06c31b9d088438c0083ca37b51cdcd2a89d69","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":981.30235976,"incomingType":"ETC","outgoingCoin":"1.50750051","outgoingType":"BTC","transaction":"e2288cb64576ff8a80e9cd3e61a90ebcfdc22728e1423913810a2d629c513b3e"}
2500443	10316	25 Oct 2016, 05:50	0xb76505ab	OUT	987.4658 ether	0x2737c56596f2b27aaec7681d9dc6c1de5f8e267c	{"status":"complete","address":"0x2737c56596f2b27aaec7681d9dc6c1de5f8e267c","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":987.46578637,"incomingType":"ETC","outgoingCoin":"1.51831376","outgoingType":"BTC","transaction":"a20724c271a6fc4a84b007e943d4652c866b1b46017f75cfb45f07f8a06794c4"}
2500419	10340	25 Oct 2016, 05:43	0x950025a6	OUT	980.5436 ether	0x406357fbace7ab8b19d9b2e554baf7b54521eec3	{"status":"complete","address":"0x406357fbace7ab8b19d9b2e554baf7b54521eec3","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":980.54357182,"incomingType":"ETC","outgoingCoin":"1.50839376","outgoingType":"BTC","transaction":"102cacc3af6f87b0b47652f7575fab9e12b47511bdd6ccbb0c874176dd24079e"}
2500320	10439	25 Oct 2016, 05:22	0x4b157283	OUT	981.9311 ether	0xf2615ac713b79c8f84ee09d4b781524da3638827	{"status":"complete","address":"0xf2615ac713b79c8f84ee09d4b781524da3638827","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":981.93113464,"incomingType":"ETC","outgoingCoin":"1.50866303","outgoingType":"BTC","transaction":"e9ad7965a977b9439c783910b06087a2c5f1ef2a7b53484c32e958b08783079c"}
2500291	10468	25 Oct 2016, 05:14	0x9bdf3232	OUT	979.9674 ether	0xfe5c30dce47d24a1b35d307665404d799f2b248a	{"status":"complete","address":"0xfe5c30dce47d24a1b35d307665404d799f2b248a","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":979.96738853,"incomingType":"ETC","outgoingCoin":"1.50847739","outgoingType":"BTC","transaction":"cb7cd2c9408fe639220aca9904a1f4d453c6e8972710bc52173d6c34db21f687"}
2500264	10495	25 Oct 2016, 05:08	0x0da95aa4	OUT	976.1806 ether	0x60e77d80ea3c77489c99bfe40f7bd602a11639ab	{"status":"complete","address":"0x60e77d80ea3c77489c99bfe40f7bd602a11639ab","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":976.18056731,"incomingType":"ETC","outgoingCoin":"1.50937301","outgoingType":"BTC","transaction":"18a23df1fa269649bd94e0e5504f293e6d6d0f6535522ef3443dc29fe30be150"}
2500235	10524	25 Oct 2016, 05:02	0xccea7816	OUT	972.7181 ether	0x646066b2f3906680ca1c0a132c02baf49e5d99b5	{"status":"complete","address":"0x646066b2f3906680ca1c0a132c02baf49e5d99b5","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":972.71806028,"incomingType":"ETC","outgoingCoin":"1.50887207","outgoingType":"BTC","transaction":"96d31192a598b808c1682c6d9df1f0ac4dca54dcbe5286155a9e50c4458154a3"}
2500187	10572	25 Oct 2016, 04:51	0x6946cf3c	OUT	960.3661 ether	0x7bde7ea1eff53b95262c7597050ae9e0bc6315da	{"status":"complete","address":"0x7bde7ea1eff53b95262c7597050ae9e0bc6315da","withdraw":"1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew","incomingCoin":960.3660762399999,"incomingType":"ETC","outgoingCoin":"1.50886727","outgoingType":"BTC","transaction":"b9f6cee28f4c45fc1f1e3c5e20818275d688f93407a055cbad33994e91c7b512"}
2496297	14462	24 Oct 2016, 01:48	0x564ac203	OUT	3.1890 ether	0x9bfff55eb992bde506015adb5ec20a952e800ef2	{"status":"complete","address":"0x9bfff55eb992bde506015adb5ec20a952e800ef2","withdraw":"1Kb3zL4HbYuVettnFnApnmhYoEPmn6NE1F","incomingCoin":3.1889859,"incomingType":"ETC","outgoingCoin":"0.00476226","outgoingType":"BTC","transaction":"f1590980bcd648a42aae6ea2cfb69889deb5b32dbd6cd6807aae832b5f80c734"}
2496283	14476	24 Oct 2016, 01:45	0x4ec84448	OUT	3.1889 ether	0xd17ba7b8b22f9a5634386b1371a60bc7f10fca3a	{"status":"complete","address":"0xd17ba7b8b22f9a5634386b1371a60bc7f10fca3a","withdraw":"1Kb3zL4HbYuVettnFnApnmhYoEPmn6NE1F","incomingCoin":3.18893829,"incomingType":"ETC","outgoingCoin":"0.00476346","outgoingType":"BTC","transaction":"1b7797de391336e0f501fb863bd18c088ca71c916638edd2da739afddd32b786"}
2495020	15739	24 Oct 2016, 08:41	0x93cbbe65	OUT	1.0000 ether	0xdd07655992c4cc96c64ac6c3188cf56b8e8f3a67	{"status":"error","address":"0xdd07655992c4cc96c64ac6c3188cf56b8e8f3a67","error":"This address is NOT a ShapeShift deposit address. Do not send anything to it."}

As you can see, the ShapeShift transactions funded out of the booty has ended up in the 1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew Bitcoin address:

The current balance of this account is 101.33194293 BTC ~ USD 64,404 with the total received being 144.92992187 BTC ~ USD 97,835.

From this 1M2aaNN3GTw6dy13uScodHaQ8Egr6xr6Ew address there are spends to the following addresses:

• 1FbaGw4PEMmX4PkRqWEUuUKEwBv3dqEzRm of 38.1 BTC at 2016-10-25 11:53:41 with balance 39.29731021 BTC. This account has further transfers to:
  • 1AhLFjbL7qeNgNLon2CpUVc2Z4EsRAMDjo of 37.98725983 BTC
  • 1AUYDdncoMiQ54xDeeSenLt3auH31t5o3R of 0.11254017 BTC
  • 1PRM9D4PAzFC5BpBde8qAKWfyZndvHFWt9 of 1.1346574 BTC
  • 13j8NoQUGmHy19jMAAFCmw5nUT36p8ryTv of 0.06245281 BTC
• 12S6oHbZHGxMKYJP5vtVH2nSyvP3S8ftdL of 2.92767382 BTC
• 17FWAYzBCQYkwiP2WXX8CtrLxPfhGUFMLC of 2.45433586 BTC
• 1KRU1gxKuznpvbEDcKBAmzvjZ5g2iXAW8X of 0.1 BTC
• 16iarrSbbLh6xUBHvgmKFmKkvxopCRDMxr of 0.01524165 BTC

Looking at the main transfer 1FbaGw4PEMmX4PkRqWEUuUKEwBv3dqEzRm of 38.1 BTC:

• 37.98725983 BTC is transferred to 1AhLFjbL7qeNgNLon2CpUVc2Z4EsRAMDjo
• of which 37.6424667 BTC is transferred to 14zp7Rt6bkpEhwjJjKaKBMxfz712JS6WL7
• of which 37.0636767 BTC is transferred to 1NBNokp7AK794BoaHedGqQ2uxafd27YroM
• of which 36.12081862 BTC is transferred to 1LMmBv9MTkegSHeTqSHhzqLada9cr66GmG
• of which 33.92505873 BTC is transferred to 1KMvxRFatLFVfSRzyski1VJKpjfb6mLbcY
• of which 33.42144507 BTC is transferred to 1H33wrGfsj2uZCCZiyuXaxmWBnzP6evGo6
• of which 31.94224507 BTC is transferred to 1AN4uSPvc8r1FfRH1QCmZ7pqQUsWUUvwGY
• of which 30.36124307 BTC is transferred to 1Ftc7pGMEUZFKxvFGPh39t5gwSFwzHLFGM
• of which 29.11608602 BTC is transferred to 1DdJiTnb6pDU13YhLcboFsQmPLjKtTNgWu
• of which 27.74584348 BTC is transferred to 1CBG6zq75wfvgeVoGk5GHVYF1srxMV17rs
• of which 26.46918907 BTC is transferred to 13EkJHpdqzYmP5aoNDz4X5wr8AYjZiVjM9
• of which 24.97698907 BTC is transferred to 1Jwn8X5unfmTNcampz3LMdQwkkPfshxgmW
• of which 23.50617836 BTC is transferred to 1M4Dh9FJ9tp4NDSabP5gKDphu72ofSEkiv
• of which 22.07811874 BTC is transferred to 18cfBERdnwUxckFswqjKVr9toDkrp61Kdf
• and it goes on and on

Follow the trail over the next few weeks and it will probably end up in a red Tesla with following number plate:

And sitting in the Tesla would be a

C, C++, Java, Assembly Language developer, mid 30s to mid 40s, male, small time miner with the rig small enough to fit in the unit or house, basement or garage, 5 foot 8 inches, long hair 🙂

And some of the Bitcoin booty is in an unconfirmed state after almost a day. The Bitcoin network is clogged due to the artificial blocksize limit. There are 66373 unconfirmed Bitcoin transactions – from https://blockchain.info/unconfirmed-transactions:
.