IceCreamSwap 해킹사태

안녕하세요 파구정보입니다.

새벽에 아이스크림 스왑이 해킹 당했다고 합니다.
해킹일지 자작극일지는 뒤로 하고, 범인으로 의심되는 지갑을 추적해 보았습니다.

만약 피해를 당하신 분이 있다면, 이글의 아래부분에 있는 미심쩍은 TXID 를 일단 바이낸스에 신고하시기 바랍니다.

If this is Hacker's TXID

https://bscscan.com/tx/0xa6cfe035a1fb94cde90e61893f416e827f2a5e02fd53152313183b5463613ea0

Hacker's initial wallet

https://bscscan.com/txs?a=0xc4b7eb92d8597efe5874ad49abbc96d40517db81

Transffered Wallet1 - 1110BNB

https://bscscan.com/address/0xb222078086c447267c78ab513630ee36452fbed2

Swapped to 28.65 ETH & 3000 LINK

Balance $75015 (2545LINK, 2.449ETH)

455 LINK Out to https://bscscan.com/address/0x6017dbb5947a050de75fdd4ddbbb7da5bcc254ad <- not moved ($12630)

13.1 ETH Out to https://bscscan.com/address/0xbe593a81f4be6b17ccc7bcd2f4f97ce3f1c69335 <- not moved ($23481)

13.1 ETH Out to https://bscscan.com/address/0x4d6060e462b955cd2e51c7b2ddfc9a4dc06795cf <- not moved ($23481)

Transffered Wallet2 - 1234BNB

https://bscscan.com/address/0xf207bf9539f3e83da079766eee8ee045ba0f993c

Swapped to 21ETH & 2 BTC

Balance $37976 (134 BNB, 0.5BTC, 7.9ETH)

13.1 ETH Out to https://bscscan.com/address/0x998a4bd198425489b663908e5f59a9ea7064a658 <- not moved ($23525)

0.45 BTC Out to https://bscscan.com/address/0x031179a425f326df36fec4bd1f6ecb5170ab04d0 <- moved to Binance Hot Wallet. Balance 0

- TXID: https://bscscan.com/tx/0xc42c9ffe62802090e795bd28e947da842444e710a576735d603a75bfc00dc5e6

> 3000 DAI initially transffered in from https://bscscan.com/address/0x75af19d97124e42fc629b41b923d2a13f104a264

> above wallet (0x75) was used for farming on Pizza Finance, Cheeseswap. Using Venus too. $196470 remained (197 BNB and $172K worth Venus staked BNB)

> We should report above TXID (0xc42) to Binance and find out relation between the Hacker and this wallet(0x75)!

0.45BTC Out to https://bscscan.com/address/0x9e1a9763e203a81e8c9af84059198f1c26f1742b <- not moved ($21803)

0.45BTC Out to https://bscscan.com/address/0xa85792ad7df3e8cba95a2bd8fd06815fe01e1513 <- not moved ($21803)

0.15BTC Out to https://bscscan.com/address/0xaa08dfd385c478f03714ced1d007483c6c2cc747 <- not moved ($7168)

Transffered Wallet3 - 1234BNB

https://bscscan.com/address/0x48e88952c72fb63f999ce965b2291d1b5339708c

Swapped to 20 ETH & 2 BTC

Balance $86968 (123BNB, 20ETH, 0.66BTC)

0.44BTC Out to https://bscscan.com/address/0x85ff02b736791d02c8cccab89250db87a8846298 <- moved to Binance Hot Wallet. Balance 0

- TXID: https://bscscan.com/tx/0x9efbc67b227ba343bd8fe5933d99a1a406153b790bb903d2e4819f5403f99169

> 2400 BUSD initilly transffered in from https://bscscan.com/address/0xe2374e59265a2de5ca2494d0c57a7a7deaed8804

> above wallet (0xe2) was used for farming on Autofarm and PancakeSwap. $0 remained but some should be in liquidity pool.

> We should report above TXID (0x9e) to Binance and find out relation between the Hacker and this wallet(0xe2)!

0.45BTC Out to https://bscscan.com/address/0xf36f69b0f4dcbbe51034a3e43772ba7c64d3ee4a <- not moved ($21803)

0.45BTC Out to https://bscscan.com/address/0x027d51b7f6d597f339333968cf5fb808293cf197 <- moved to Binance Hot Wallet. Balance 0

- TXID: https://bscscan.com/tx/0x28946070ace24c5963012fc14536b09326a982b3530291b8ed7410bf72db6154

> 2 ETH initilly transffered in from https://bscscan.com/address/0xb8265f3afc0c024dd86004a201707c3f2e1c5f16

> above wallet (0xb8) was used for farming on Dego and NarwhalSwap. $0 remained but some should be in liquidity pool.

> We should report above TXID (0xb8) to Binance and find out relation between the Hacker and this wallet(0x28)!

Transffered Wallet4 - 1234BNB

https://bscscan.com/address/0x0eb8141cbf3e856577e94a309d50a97cda7f69f4

Swapped to 2 BTC

Balance $31063 (451 BNB, 0.65 BTC)

0.45BTC Out to https://bscscan.com/address/0xe7c61f123590dc8355e9d88745ec854cf84acbbd

- TXID: https://bscscan.com/tx/0xc827afa7e54f8dd1e96c7908c84b2f17ad95c3c88063b5dc7743cda4ca528c97

> 0.026 ETH initilly transffered in from https://bscscan.com/address/0x331512cc4e28dada4deff794ceb14032ad0d1934

> above wallet (0x33) was used for farming on BakerySwap and JulSwap. $185 remained but some should be in liquidity pool.

> 12.264 EOS initilly transffered in from https://bscscan.com/address/0xd5cf5e25f23f466016f2b860d68177418c5a8648

> above wallet (0xd5) was used for farming on NYA Cash, AcryptoS, and even IceCreamSwap. $24 remained but some should be in liquidity pool.

> We should report above TXID (0xc8) to Binance and find out relation between the Hacker and these wallets (0x33 & 0xd5)!

0.45BTC Out to https://bscscan.com/address/0x225656e33b989020859ac5023267c19933abae7c <- not moved ($21803)

0.45BTC Out to https://bscscan.com/address/0x88ef450e1d7aa148f007263ac150b904da46ec86 <- not moved ($21083)

Transffered Wallet5 - 1234BNB

https://bscscan.com/address/0xdda56e3c803111b839913b7eb2f86c5ba2536627

Transffered Wallet6 - 1234BNB

https://bscscan.com/address/0xad8ec9c937508a8ae45b3f53ab4b098d9046efa4

Transffered Wallet 7 -1234BNB

https://bscscan.com/address/0xcb21d7211241f84dc221b90f56f4f93a2bc5d68c

바이낸스에 신고할 TXID

- TXID: https://bscscan.com/tx/0xc42c9ffe62802090e795bd28e947da842444e710a576735d603a75bfc00dc5e6 (0.45BTC)

- TXID: https://bscscan.com/tx/0x9efbc67b227ba343bd8fe5933d99a1a406153b790bb903d2e4819f5403f99169 (0.44BTC)

- TXID: https://bscscan.com/tx/0x28946070ace24c5963012fc14536b09326a982b3530291b8ed7410bf72db6154 (0.45BTC)

- TXID: https://bscscan.com/tx/0xc827afa7e54f8dd1e96c7908c84b2f17ad95c3c88063b5dc7743cda4ca528c97 (0.45BTC)

자금이 남아있는 지갑

https://bscscan.com/address/0xb222078086c447267c78ab513630ee36452fbed2 ($75015 (2545LINK, 2.449ETH))

https://bscscan.com/address/0x6017dbb5947a050de75fdd4ddbbb7da5bcc254ad <- not moved ($12630, 455Link)

https://bscscan.com/address/0xbe593a81f4be6b17ccc7bcd2f4f97ce3f1c69335 <- not moved ($23481, 13.1 ETH)

https://bscscan.com/address/0x4d6060e462b955cd2e51c7b2ddfc9a4dc06795cf <- not moved ($23481, 13.1 ETH)

https://bscscan.com/address/0x998a4bd198425489b663908e5f59a9ea7064a658 <- not moved ($23525, 13.1 ETH)

0.45BTC Out to https://bscscan.com/address/0x9e1a9763e203a81e8c9af84059198f1c26f1742b <- not moved ($21803)

0.45BTC Out to https://bscscan.com/address/0xa85792ad7df3e8cba95a2bd8fd06815fe01e1513 <- not moved ($21803)

0.15BTC Out to https://bscscan.com/address/0xaa08dfd385c478f03714ced1d007483c6c2cc747 <- not moved ($7168)

https://bscscan.com/address/0x48e88952c72fb63f999ce965b2291d1b5339708c Balance $86968 (123BNB, 20ETH, 0.66BTC)

0.45BTC Out to https://bscscan.com/address/0xf36f69b0f4dcbbe51034a3e43772ba7c64d3ee4a <- not moved ($21803)

https://bscscan.com/address/0x0eb8141cbf3e856577e94a309d50a97cda7f69f4 Balance $31063 (451 BNB, 0.65 BTC)

0.45BTC Out to https://bscscan.com/address/0x225656e33b989020859ac5023267c19933abae7c <- not moved ($21803)

0.45BTC Out to https://bscscan.com/address/0x88ef450e1d7aa148f007263ac150b904da46ec86 <- not moved ($21083)