Onchain sleuth ZachXBT has flagged a suspicious transfer involving 3,520 Bitcoin, valued at $330.7 million, that may indicate a major theft. The transaction, reported on Apr. 28, involved moving the funds from what appears to be a victim’s wallet to the address bc1qcry…vz55g.
After the transfer, hackers quickly moved the stolen funds through more than six instant exchanges and converted them into the privacy-oriented cryptocurrency Monero. A major wave of conversions pushed XMR’s price to jump by 50%, hitting an intraday high of $339, according to CoinMarketCap.
Although it has dipped a bit since then, XMR is still up 25% over the past 24 hours and is currently trading around $289. When asked if North Korea’s Lazarus Group was behind the attack, ZachXBT brushed off the idea, saying it was “very likely not them” and suggesting that independent hackers were probably to blame instead.
Mainstream cryptos still dominate hacker activity
Chainalysis noted that most criminal activity involving cryptocurrency still happens through well-known, mainstream coins. The firm added:
While there are concerns of more criminals moving to privacy coins for anonymity, the vast majority of criminal activity still uses mainstream cryptocurrencies, such as Bitcoin, Ethereum and stablecoins.
Additionally, the company said that these assets remain appealing due to their ability to provide the same advantages to both illicit actors and legitimate users, like smooth cross-border transactions, instant settlement, and significant liquidity.
Chainalysis pointed out that privacy coins, like Monero, have become less useful for criminals because they have lower liquidity and many major exchanges have stopped offering them. The company even said that law enforcement uses blockchain’s transparency to track and recover illegal funds, regardless of the cryptocurrency involved.
In 2024, Chainalysis leaked a video hinting that Monero transactions could be traced, despite the blockchain’s privacy-centric nature. The video claimed that Chainalysis has been tracking Monero transactions since 2021 by secretly running its own “malicious” nodes.
