Skip to content

Latest commit

 

History

History
96 lines (66 loc) · 2.78 KB

kyrrex.md

File metadata and controls

96 lines (66 loc) · 2.78 KB

Kyrrex

Date:: July 1st, 2024

Time:: 10:23 (TRON), 10:24 UTC (ETH), 10:30 UTC (BTC)

Amount Stolen: $13,500,000

Tags:: 👛 TraderTraitor

Details

Malicious application "foxilo[.]io"

Multiple devs/devops contacted simultaneously via Telgeram in late May. Pestered for ages. Very similar script as Coinstats.

Ethereum: $2.4 USDT + $50k USDC + $1.2m ETH (348 ETH)

Bitcoin: $2m (32.5 BTC)

Tron: $7.9m USDT on TRON

Total: $13.5m

On-chain

Direct Theft:

  • 0xad303383d207318554d582afa2ca15f51def6521

  • bc1qgrudgvuuxktyqe5uk68clwm53te8z7jgh8xaaz

  • TLAD2m71VqtEEz7uH7gwTSRqknK83JgdV6

Laundry started November 6th, 2024

Nov 6 eXch Deposit Addresses (905 ETH / $2.3m)

  • 0x46af2cd01e0d7253bfaad19cca418cdf2de67c0f
  • 0xc0bcb4af6e6d70206b3fd90e5e0bf9b1552ac32e
  • 0xd54cb58dc0d8ccd7ab90f3f8e1b58fdea7fa4f7f
  • 0x0375a4b8434e53a971d6028dabb219ed96007b7c
  • 0x525765ecb03b408f1ca499ac314f74b7c33aedca
  • 0x2e8a95f3723d190aaae98fa85ebe0bbc5901e73d
  • 0x3f752ea79d8bd6d04a797f7cf0f44b6e51a6766c
  • 0x377e1926a739dc6f0066845ff7e3967b318fe207
  • 0x414e12e433d758a06265ec8c06723abfa3b2b1ed
  • 0x85770b77406c47f1c19ee9735d76c635fe13e75a
  • 0xb144182232705d3565ce138382a0d95f9264fd87
  • 0x04dc2bab5d6d9fe196c00bd356c8c4560a558ac3
  • 0x2e05611cb352ae4e07eda858699a68d0fa78d0d5
  • 0x85bdded04a48e0bdfaa4a3c3773e481827380d17
  • 0x7d284536b5f3253a941257c87a8deb0ba0c5b978
  • 0xc28b0c9b1d98d5e7a691789915c08b49327c6440
  • 0x3fdcbdaa5242116ba86a99607d9d744c19ccbf81
  • 0xe79081857a1cf3fb9d8da695e21e961620ba6d21
  • 0x51306793fba343ad130bf35c5cfa561ad96866ad
  • 0xb9121998b55517f4846adf215b6a19433a7936b4
  • 0x0800935c9ae7e87b7825df40ea797755e877b56d
  • 0x03c4914a537c563072382baa0329cf30eeaeda25
  • 0x31163d8aa13655731e951185065c9b64d4357a96
  • 0x68cb788f365ba57622e11f7579c08af6ea25342f
  • 0x1df5415ce22c16b75e0f85efd7e3539e2c1604b7
  • 0xbb874927867a02d7197fcb770df4157caf2e8963
  • 0x2a26e2236821869ade0817bfe9875783f0717350
  • 0xa42925509235636be2c8e58d1831a819abaa04f2
  • 0x3d4bf06af3c012f3f74aa7338bf15064ed181154
  • 0x1984f09a5c39bc7f955b86cb6ac28fb9bdf35e38
  • 0x68fa35497f61850d76015e480c446ac9ec89f365
  • 0x9ea824500d18fc88a4bab30718db2fb01b1a3aba
  • 0x5699b9fa26b02e04dae72a207b5310c6f838f430
  • 0x49075c630c43db06f1731790b0c57fce5718e020
  • 0x1e401ceb72c14db889941605e91ef1aa78e508f9
  • 0x7532c6ba173be8891e0f6f0ca13329935e4e6a1e
  • 0x0274911f4f5396f8a5e6f0801e2c887b778fa785
  • 0x7058158a6a8cfbd5c82a768b608e1e7d46ce2039
  • 0x79ec7bd5620b95ae6a89344155945235d538d0ee
  • 0x610d40b1cc463e2c04ea337bfae3e1d6e653ab81
  • 0x1e3846c5c711928b3e6196942165138d2059dde7
  • 0xb1cd1755fb6381fba7e98534d0c11b2336955f9b

Remaining 95 ETH goes to 0x0241ef7b67f985e51c63256ac8a0b57fdb6dcb48

Connections

  • 0x0241ef7b67f985e51c63256ac8a0b57fdb6dcb48 - Kyrrex, Indodax, Poloniex/HTC/HECO

  • bc1pv6lq0rxjemduj0ju2jn97wa9ew3ap2rjdhvv7v36ysfalgt6z6pq7lpxvj - Kyrrex, Indodax, WazirX