BitBrowser became the target of a hacker attack

The Chinese service BitBrowser became the target of a hacker attack. An unknown managed to capture 236 ethers or around 390,000 US dollars. Security experts are gaining initial insights into the incident. The person responsible apparently comes from Israel.

BitBrowser Hack: How attackers were able to steal $390,000

At the end of August, unknown persons attacked the Chinese service BitBrowser, which is used by its users to find interesting airdrops. Affected security experts from SlowMist alerted. In the meantime, they have come to the first conclusions.

Accordingly, the hackers managed to steal about 236.27 Ethereum . This currently corresponds to the equivalent of 390,000 US dollars or 345,000 Swiss francs. Those responsible used around 30 different blockchain addresses to make the funds disappear as unobtrusively as possible.

They then used various options to cover up the resulting tracks. The hackers’ strategy included the use of various bridges to transfer the digital assets to other blockchains.

zkSync, Arbitrum, Linea and Optimism were used, all of which are scaling solutions for Ethereum. The Socket and Railgun applications were used as bridges. The hackers moved further attachments to Avalanche. There, 83 AVAX have since been frozen.

More parts of the loot were moved to Nova and Polygon. According to SlowMist, the IP address of a responsible person has already been found. However, this is most likely the server of a VPN service . It was therefore not possible to obtain any identifying information.

SlowMist suspects that the perpetrator is an Israeli or a Hebrew speaker.

Transactions to swappers could not be stopped

Another strategy used by hackers to secure their loot is to use swappers. Specifically, he used the well-known swappers FixedFloat and ChangeNOW. Funds are said to have even flowed to Binance.

🚨Update:

1/ The BitBrowser hacker (0x5DcF…2c2c) transferred 7.1 $ETH and some funds on other chains to FixedFloat, Binance, ChangeNOW, etc. In addition, the hacker used Socket and Railgun.

2/ According to our analysis, we found the following information:
IP 147.*.*.198… https://t.co/QmONXLThTe pic.twitter.com/Uh4thHNdBf
— MistTrack🕵️ (@MistTrack_io) August 29, 2023

Some media reports also speak of the use of a crypto mixer called eXch.cx. In fact, this is not a mixer, but another swapper.

However, the hacker did not refrain from using a crypto mixer either. The Ethereum mixer Tornado Cash, which recently made headlines again, is also part of the unknown’s repertoire.

The US filed charges against two developers of the service in connection with similar cases. North Korean hackers from the Lazarus Group are said to have laundered hundreds of millions of dollars worth of cryptocurrencies thanks to the mixer.

Despite a ban and further legal interventions by the US, the service is still online. Users can access Tornado Cash via the InterPlanetary Filesystem (IPFS).