The entire process of the theft of 66,000 U has been confirmed and the funds are flowing to binance, and the police are being called. .

My fan, Little A, often plays local dog. Then someone from Tg contacted him and asked him to send a hexadecimal text to an address, telling him that he was doing inscriptions. But the result was not the same. The hacker asked him to send a hexadecimal text to a contract address. The hexadecimal text was sent, authorizing the contract, and the hash value is as follows:

0x2d46c0101f3b8baedae9aa88c04eb8cec0dcaa6ec9cfb516bf0ba51050387dc6

0xf6c40a7d8948ec92dcadc0e316b20e3e8933cc96dbf5c8d950afed631593d21b

Using his own address as the spender, he sent USDT to his address using the USDT of Little A's address. The number is: 66026.95 pieces, and the hash value is as follows:

0xd16afdf794e2896a9a010ad73a5caa42151d154d4ec47f97520e6857c05aefb0

USDT receiving address: 0x98F0d1F940e4b79EeA455499065aEe3aa290a0b7

After 66,000 U was stolen, it reached the hacker's a0b7 address. The hacker transferred 33833 to uniswapv3 for redemption three times. In addition, he transferred $1 and $32392 to the address ending in 493e: 0x403a26d493c14ac050573741a885a27d34d3493e. The four hashes are as follows:

0xca9f834d0619c9cbf705820bc1ecf09704da4d62a1e7ed6d8562324b5fb3ac0c, swap amount: $19,031

0x0d0bf52582343ac75c6d5e628e575420ba16c361c56d89f63f625b5facc7a74c, swap amount: $6343

0x3306ba142dfa0c289b7878147a721db0b72eae129ce127d2ffdf4e64f3374b1c, swap amount: 8458 knives

0x193454689e01154ce0af7473ddc6284f9acc95240682fefe556155d13e1f974c, transfer: 1 dollar

0xc8157228a59cc788a1bda5d0a6e0c3bc8c87d32b2e0b4692a14b5fb9cdde87eb, transfer: $32392

First analyze the a0b7 address and make 4 transfers, transferring 1 ETH, 5 ETH, 10 ETH, 2.65 ETH, a total of 18.65 ETH transferred: 0xe63Dd2356DCef603867e71Cff253aE5B864e1889

The hash is as follows:

0x5fc99177a24590bea0840b26005012106b7eaf5a86cd6ee9b14764949294e8e7

0x87e43ae81d5870849801b648b1faf59a4a5cff5d02e79aca2f951be90726b403

0x9b8f45ef853282a342ef1d23d0617c91400b4fbaf8c1ffd6428a71b545ddd13a

0xe46948d0f213f790b1f4849b0c3a0e5cfaeb912c1e9446691e6f532b95f8b3ab

In the end, the 1889 address made a direct transfer, and the destination was the HitBTC exchange. About 18.15 ETH were transferred to the addresses:

0xa2cf5542d0bae4da5a3ea66cc014fb021bd10765，4.447 pieces

0x26b440fe041617ac148a811eb8d6e29e0b7dacd0, 5 pieces

0x4831048049b7511bd8313daf1cfb4d20fe0c10bb，3.7 pieces

0x86bad7067d4b9159a5494f66bdb6890ef0e48f75, 5 pieces

The remaining 0.5 coins flowed into the new address: 0x422b8bbb55791138c2ddcd65a36b6d2f18c78d32

The new address 8d32 directly transferred 0.5 coins to Huobi, and the address is: 0xfe0c707eea0e379447a7866fb4fdc16f6c8081d0

The above is the outflow analysis of the a0b7 address.

And the 493e address transfers 1.1 ETH to: 0xA77811460FFd28A45EF3e202928a7C7136bdb106

Transfer 10.5 ETH to: 0x735ccd0316DeE7019A3036546969997F10a58217

Transfer 2.1 ETH to: 0x9Ea271ec937cd63252e4867210bd093Ba7bab096

Transfer 2.1 ETH to: 0x40b15fcccE269233635dd1652fbcD42C401b941c

Transfer 1.05 ETH to: 0x89EB74f10FdA3501244920f06E70Ae8Bd4599Ae3

Transfer 0.6 ETH to: 0x735ccd0316DeE7019A3036546969997F10a58217

Another two small amounts of ETH associated addresses: 0xCaC831B985F5eC4962c1fEE0afbB495Db25E8E76, 0x6E62AF32A017FEaaC623603F6283E0013D673F3d

The hashes are:

0xb5dcc3117568c7b73b7b6c5ef01f469bc8ca5cbf96d56d8f9c03ab1b208cd8b7，1.1枚ETH

0x57a517407055412f1cd0a772fbd4367e4239c4b6f9ccd2f2362bee1962258606, 10.5 pieces ETH

0x61d712b280238728d66b264ab9fc728b8f32d80b950d6761af57b31b08b88a6c, 2.1 pieces ETH

0x57174f5ba161e41e6e5a1a03c4d3ed3d32aa7c7be1ab1081d9d4e0c23f1acbd9, 2.1 pieces ETH

0x209ce04c55c728fd381c51d54e889054eb0fcb2284438e90c6f070409fb76e31, 1.05 pieces ETH

0x260ca1b850c6bb200967eef54bcbca09b38197fffdb5670a85ad9b3d506acf7b，0.6 ETH

Hash of two other small numbers of addresses:

0xc47e6b7cce6e5a4662967d6a62c777f7dd7644763d187d8807cc31a495d67339，0.01

0x0c66ad2ea381b55b5d3d85962d3b66b0936cd0572e0c22d474715fc9e12e8ac3, 0.005 pieces

Let’s analyze them one by one,

The b106 address transferred 1 ETH to Tornado, and transferred 0.0835 to: 0x48efd403dd713578eac1c7265bad8b37b21c8f7b, which has not yet been transferred out.

Address 8217 transferred 11 ETH to Tornado, and transferred 0.007 to: 0x48efd403dd713578eac1c7265bad8b37b21c8f7b, which has not yet been transferred out.

Address b096 transferred 2 ETH to Tornado, and transferred 0.0678 to: 0x48efd403dd713578eac1c7265bad8b37b21c8f7b, which has not yet been transferred out.

Address 941c transferred 2 ETH to Tornado and 0.073 to: 0x89eb74f10fda3501244920f06e70ae8bd4599ae3. This address is pointed out on the next line because 493e also transferred 1.05 ETH to this address.

Address 9Ae3 transferred 1 ETH to Tornado. It has not yet been transferred out, leaving 0.1272 ETH.

Address 8E76 transferred 0.0093 ETH to 0x3da6a6266eca3cd126599ac7e64d4c9b1ac414d6. Both 0x3da6a6266eca3cd126599ac7e64d4c9b1ac414d6 and this address transferred a large amount of 0.0003. The amount was small, the volume was large, and there was no in-depth inquiry.

After receiving 0.005 ETH, the 3F3d address has not changed yet.

The hash is as follows:

0xbd1999260957e8713323ccff412299eed588d270dda0a21f73682aadfbd7d608, transfer out 1 ETH

0xf2526f6c6aa43b1ca5e54bb2ba07f358247ea4c1c1c0297b2326de0730ae90b9, transfer out 10 ETH

0x1366a79e7d0105aa1e1e21f6dc3351f7a936146ecd1065706748790e3255a5c7, transfer out 1 ETH

0x1b03207358659864fe2050a03c53688ff50a34b2b5d497639924d1ec02129be4, transfer 1 ETH

0xca7d12fc40710281d62df6471e77d4ef128f772d0e235ae3204c7f69ae1c3942, transfer out 1 ETH

0x99833153a44c8c6bf0c2e3986380eb76b4450c981ad9acd02470cf66996330b0, transfer out 1 ETH

0x554429263b3e61373f7694672e1c6919eb8861554b3ea09e2539af6e7475ee01, transfer out 1 ETH

0x9ac248d2ba7a4945acaa334edb7359b9643f1c02d1009bb77c315d51d7555d75, transfer out 1 ETH

The remaining 8f7b address has not been transferred out yet, and the 3F3d address has not been transferred out yet.

The above is the analysis of the address transfer of 493e to each address.

Then analyze the above two large addresses one by one, that is:

0x98F0d1F940e4b79EeA455499065aEe3aa290a0b7

0x403a26d493c14ac050573741a885a27d34d3493e

Let’s look at the correlation of these two addresses with EX:

Let's take a look first: a0b7 address, the first transfer source is: 0x4e5b2e1dc63f6b91cb6cd759936495434c7e972f, which originates from: FixedFloat currency mixing platform. Happened on June 11, 2023.

Looking at the 493e address, the first transfer source is: 0xbf94f0ac752c739f623c463b5210a7fb2cbb420b, originating from: OKX exchange. Happened on August 12, 2023.

In addition, those who have direct contact with EX include:

0x422b8bbb55791138c2ddcd65a36b6d2f18c78d32, transfer 0.5 ETH to huobi

0xa2cf5542d0bae4da5a3ea66cc014fb021bd10765, transfer 4.447 pieces to hitbtc

0x26b440fe041617ac148a811eb8d6e29e0b7dacd0, transfer 5 coins to hitbtc

0x4831048049b7511bd8313daf1cfb4d20fe0c10bb, transfer 3.7 coins to hitbtc

0x86bad7067d4b9159a5494f66bdb6890ef0e48f75, transfer 5 coins to hitbtc

There are no other queries, only a report related to this occurrence.