In brief

  • Ciphertrace is tracking the stolen Bitcoin from the Twitter hack last week.
  • Hackers have shifted the funds through coin mixers, exchanges, and gambling sites to obscure its movement.
  • With the community's eyes on the funds, it's going to be difficult to cash out.

Last week hackers hijacked Twitter, taking control of the accounts of several high-profile individuals. But rather than start World War 3, they elected to run a simple Bitcoin scam—swindling a total of 12.5 Bitcoin ($120,000). 

Now, the Bitcoin is on the move, and here’s how the hackers are trying to escape with their spoils.

According to blockchain analytics firm Ciphertrace, the hackers are using a combination of Bitcoin mixing services, gambling sites, exchanges—and even defunct addresses—in an attempt to both hide the money and turn it into other currency.


The first port of call was a Bitcoin mixing service. These let people swap their Bitcoin for someone else’s Bitcoin—while obscuring the identities of both parties. They’re often used to “clean” stolen Bitcoin.

On July 16, one day after the hack, attackers sent 2.89 Bitcoin (roughly 22.5% of the total haul) to Wasabi—a privacy-centric Bitcoin wallet with a built-in mixer. It’s a very effective way of stopping any observers from following the money trail.

A day later, a further 0.1022 BTC moved into another Bitcoin obfuscator, Chipmixer. Ciphertrace was unable to follow the Bitcoin any further.

Ciphertrace flowchart of bitcoin transactions
Ciphertrace tracked the scammed funds to two coin mixers. Image: Ciphertrace

Over the next few days, Ciphertrace tracked piecemeal amounts of the rest of the scammed funds to peer-to-peer exchanges and gambling sites. Just over 1 Bitcoin—roughly 8.5% of the Twitter plunder—was sent to an unnamed Singapore-based crypto exchange.

bitcoin transaction flowchat
Ciphertrace's overview of the Twitter hacker’s flow of stolen Bitcoin. Image: Ciphertrace

An unspecified portion of Bitcoin then traveled to an inactive Binance cold wallet.


"CipherTrace believes that this transaction was not made to cash out funds, but rather to troll," reads the reports. The idea being that the hackers know the funds are being watched and they just want to confuse or infuriate anyone watching.

Who hacked Twitter?

Per a report from the New York Times, contrary to conspiracies of elaborate schemings from a rival nation, the hack was purportedly initiated by a group of youths. The alleged adolescent attackers told the Times how they managed to gain access via information left on Twitter's internal Slack channel.

Since then the person, known as Kirk, who had the access to Twitter has since disappeared. 

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.