∴FreeSamourai∴
@ErgoBTC
Followers
22,979
Following
361
Media
1,850
Statuses
7,701
#FreeSamourai OXT Research PGP: 0x140c9e15c81e4813d typically gaslit yet "confidently arrogant" verified human lumpy data(viz) whore entropist
[REDACTED]
Joined March 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
England
• 373695 Tweets
Noah Lyles
• 290952 Tweets
ヒロアカ
• 184309 Tweets
Polônia
• 122498 Tweets
フワちゃん
• 101828 Tweets
ジャンプ
• 83682 Tweets
堀越先生
• 76304 Tweets
Corinthians
• 70601 Tweets
Alemania
• 60810 Tweets
Thompson
• 60479 Tweets
Gabi
• 60314 Tweets
Bolt
• 54505 Tweets
Peillat
• 53035 Tweets
Carol
• 51219 Tweets
Rosamaria
• 49935 Tweets
Evandro
• 42008 Tweets
やす子ちゃん
• 40002 Tweets
BAUTI MASCIA EN YOUTUBE
• 37549 Tweets
Tamworth
• 36496 Tweets
RFK Jr.
• 30500 Tweets
Thaisa
• 28174 Tweets
#めざましテレビ
• 24167 Tweets
やす子さん
• 22818 Tweets
ケイくん
• 20578 Tweets
Greggs
• 18219 Tweets
Juventude
• 17614 Tweets
神さま学校の落ちこぼれ
• 16829 Tweets
Solari
• 15529 Tweets
#dilematvi
• 14155 Tweets
#エンタメプレゼンターK
• 12444 Tweets
もちづきさん
• 12292 Tweets
#فضفض_بكلمه
• 11334 Tweets
Pinned Tweet
Archive thread.
Bitcoin Privacy Part 1,
Bitcoin Privacy Part 2,
Bitcoin Privacy Part 3,
Bitcoin Privacy Part 4,
1
5
29
0
2
10
Grayscale GBTC Trust, the largest legal holder of BTC, refuses to provide any Proof of Reserve.
To begin a community lead effort at transparency for the GBTC holdings, we have taken steps to ID likely GBTC addresses and balances based on public info and blockchain forensics.
355
1K
5K
Alameda ETH addresses are digging around in the sofa for spare change and swapping bits ERC20s for ETH/USDT.
ETH and USDT then funneled through instant exchangers.
Rings some major alarm bells...
76
359
1K
TLDR
- Using public data and chain forensics, we have attributed 432 addresses holding 317,705 BTC to likely GBTC custody activity.
- This total is ~50% of GBTC reported current holdings.
- Additional work is necessary to ID the remaining addresses.
49
104
947
The Grayscale G(BTC) Coins Part 2
In this analysis we use additional on-chain forensics to CONFIRM the approximate 633k BTC balance held by G(BTC) at Coinbase Custody.
Which begs the question, why does Grayscale refuse to disclose their on-chain holdings?
Grayscale GBTC Trust, the largest legal holder of BTC, refuses to provide any Proof of Reserve.
To begin a community lead effort at transparency for the GBTC holdings, we have taken steps to ID likely GBTC addresses and balances based on public info and blockchain forensics.
355
1K
5K
193
211
701
LFG has claimed their ONLY wallet is currently funded with 313 BTC.
But the blockchain tells a different story.
32
136
625
Adding another 444 BTC to the previously reported 4.6k ETH from yesterday's
@cryptocom
hack.
Still no acknowledgement of loss, despite large outflows from the custodial wallet into ETH's Tornado Cash and a well known BTC tumbler (as detailed below).
59
143
592
Colonial Pipeline and DarkSide Ransomware on-chain flows.
Surf the tx graph for all the addresses mentioned in the affidavit.
17
174
455
In case you missed it, GBTC claims they cannot provide a Proof of Reserve due to “security concerns”.
Maybe this is a non-disclosure policy enforced by Coinbase Custody.
Maybe it’s deliberate obfuscation by Grayscale.
6) Coinbase frequently performs on-chain validation. Due to security concerns, we do not make such on-chain wallet information and confirmation information publicly available through a cryptographic Proof-of-Reserve, or other advanced cryptographic accounting procedure.
525
142
582
11
27
433
I’ve been seeing a lot of Twitter FUD opining on miner capitulation in the last few days.
This got me thinking… could the selling by the PlusToken scammers have had an abnormal effect on this market cycle?
31
127
388
Sparked by the tx graph in this tweet, we have ID’d the Alameda BTC wallet cluster and likely Alameda FTX deposit address.
The likely FTX Intl deposit address processed 3300 BTC via FTX US on 6-Nov during the bank run, despite FTX management claims of “segregated entities”.
I am dropping the towel.
They may came from industry of finance.
I come from an industry of cyber-security.
You crossed my field.
Next time when you want to spoof the market from 28K to 69K for your political lobby think twice.
804
4K
11K
70
116
354
Either way, Grayscale claims to hold about 633k BTC
https://grayscale
.com/wp-content/uploads/market-data/btc.csv?v=658975
6
17
338
On July 29, 2019 Grayscale claims to have owned about 240k BTC.
Looking at the XAPO cluster for corresponding activity, we see a massive spike in volume from a handful of transactions that are likely the Grayscale custody rotation mentioned above.
4
9
327
Any blockchain analysis needs a “starting point”.
In this case we were able to obtain our starting point from information in the following Coindesk article.
3
10
310
But it will be time consuming to ID the remaining ~315k BTC.
Hopefully, this thread serves as a starting point for other researchers.
3
13
282
We took these corresponding transactions and scoured the “nearby” graph in an effort to ID the addresses that are currently holding the associated Grayscale coins.
A subset of the graph can be viewed here.
5
9
265
~13k in new PlusToken mixer deposits in last 24 hrs.
Almost all previous mixer deposit change has entered mixing, confirming my theory.
Distributions still on/off. Much slower than September and November.
New report and full sit rep imminent.
19
84
252
The corresponding large volume transactions from XAPO total about 233k BTC in volume.
4
8
257
We can see everything you do, so it's best not to pin your shitty wallet management on network fees (congestion, instability, whatever you wanna call it).
16
43
254
In total, we were able to attribute 432 addresses with a total balance of about 317,705 BTC to likely GBTC TXOs held by Coinbase Custody.
Note this is about 78k BTC more than GBTC held during the transition from XAPO to Coinbase Custody.
5
13
246
It may be possible to attribute additional blockchain addresses to GBTC based on the activity around these MM addresses or by performing an in depth volume and timing analysis around the Coinbase Custody cluster.
1
7
214
The increase, was noted due to surrounding activity from GBTC’s favorite and second favorite market makers at the following addresses/clusters.
1
9
206
Recently I wrote a thread regarding the multi-billion dollar PlusToken scam it’s potential market impacts.
A few days later, the exchange rate fell out of bed and the bloggers attached themselves to this narrative for a few news cycles.
So what’s the status of the PT coins?
9
40
197
FBI Colonial Pipe/DarkSide ransom recovery has the BTC Twitter rumor mill in overdrive.
After getting acquainted with the on-chain activity, we can start to narrow down or remove some of these theories.
Colonial Pipeline and DarkSide Ransomware on-chain flows.
Surf the tx graph for all the addresses mentioned in the affidavit.
17
174
455
10
58
184
In Summary:
1 - We have been able to independently verify the credibility of G(BTC)’s holdings of 633k BTC using on-chain forensics and public data.
2 - Grayscale refuses to disclose their addresses for unknown reasons, despite an apparent willingness by Coinbase Custody.
16
33
156
"While you were doing what we told you to do (ie worthless degree and 6 figures of debt), we voted to bail ourselves out. Now you're working to fund my retirement."
Holy shit the boomer’s Union is clapping back.
17
72
698
0
21
151
@BTCwillrule
@fluffypony
CA didn't do shit.
This is copypasta of my work, with a big side of marketing sauce.
3
13
136
Leaving love notes on the blockchain.
This man is the Shakespeare of our times.
8
25
129
While the TRC20 ETH was rehypothecated, 60k of the TRC20 BTC appear to have simply never been backed.
The likely unbacked tokens are currently parked in the JustLend protocol, implying an unbacked (non-existent) TVL of $1.8B, or roughly 50% of the current TVL.
i think i found the wallet that backs the 60k eth on tron
tl;dr: current balance is zero
13
26
271
20
33
131
My latest on PlusToken is available here.
More than a blog post or tweet thread.
Updates will be provided via OXT Research going forward.
Not a fan of my conclusions and want to make your own?
My methodology and data is provided, so you can.
7
21
130
Based on the history of the first destination address of the cryptoforhealth scam addresses, the scammers have a history of gambling on Bitmex and Coinbase usage.
This is peak crypto.
Destination Cluster>>>
Preliminary Notes >>>
9
35
120
Expanded labels for the LFG BTC address activity after running off with funds intended for defense of the UST depeg have been added to Arkham as a part of their bounty program.
Details and additional color on the attribution are provided below.
The Arkham Intel Exchange now has its first approved submission: new evidence of wallets owned by Do Kwon / Terraform Labs.
An anonymous on-chain sleuth and
@ErgoBTC
were the successful bounty hunters. The new labels are available for all to track here:
120
180
797
17
24
113
Part 2 Estimate: 634,639 BTC
G(BTC) Reported: 633,394 BTC
Based on the results of this analysis, we can conclude that Grayscale’s self-reporting is credible.
8
13
120
The IRS on peelchains.
They understands bitcoin transaction privacy better than your favorite "best practicer".🍌
4
32
113
The logical conclusion of KYC and custodial exchanges is playing out now.
Censorship isn't being applied at the protocol layer, but at the interaction with the banking system.
4
28
110
The privacy battle is just getting started.
The lines have been drawn and people are showing their true colors.
8
20
110
@coinableS
@RMessitt
It looks like the funds had gone through a single weak Wasabi “mix” before mostly being deposited to Fixed Float (an instant swap exchange).
Most of the deposits are quite old, and unlikely to be recovered.
However...
9
10
115
With all the excitement, a short update on their BTC is warranted.
We have also seen just about all of the remaining unmixed coins ~22k on our watch list begin entering their mixer over the last few days.
🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 789,533
#ETH
(190,050,469 USD) transferred from unknown wallet to unknown wallet
Tx:
20
31
158
4
16
103
The 140k (remaining) Mt Gox Coins
As the saga seems to be winding down with the planned release from the trust, it’s worth revisiting the coin status and some of the history behind the BTC addresses involved.
(1/n)
2
26
112
A few weeks ago, we were contacted by the friend of a
@Ledger
phishing victim.
The friend was actively trying to outbid the phisher on miner fees before the theft tx could be confirmed by miners.
They were unsuccessful and the coins sat unspent for a few weeks.
8
25
107
FTX International and FTX US BTC hot wallets drained and sent to the following address.
Address Balance = 3872 BTC.
FTX US Sweep:
FTX Int’l Hot Wallet Sweep Bookmark:
32
32
108
Elliptic misses, a thread documenting flawed analyses and incorrect talking points.
5
22
109
With the unsealing of the Avi Eisenberg DoJ compliant, we now have a second member of the inaugural (2022) class of the KYC Hall of Fame.
The class inductees:
- Avi Eisen as “Ukranian Woman”
- The DRPK Conspirators as “AI Generated T-shrit model with miss-proportioned hands”
4
15
105
I will update this thread with additional info as the situation develops.
Sidenote: Great that crypto dot com appears to be making its users whole, but sweet custodial honeypots (even with 2FA) continue to be targets for hackers. Not your keys, not your coins.
5
6
102
Previous spends of the BFX hack coins were methodically isolated, slowly mixed, or slowly sent to Hydra (DNM).
The most recent spends were swept to a *SINGLE* address.
The complete opposite in terms of privacy from previous activity.
5
29
101
While the mainstream bloggers are busy writing click bait headlines about Chinese miners the elephant...
*cough*
*cough*
... whale in the room is slowly dumping through Huobi.
UPDATE:
35,000 BTC whale funds dormant since mid-August on the move again.
Via ANON-2374835914
4
11
41
7
26
96
3 - Grayscale's refusal to disclose addresses or participate in a Proof Of Reserve serves to invite more scrutiny of their activity from the community and users.
6
4
91
renBTC liquidity getting low 3777 BTC +/- despite a ton of mints today.
Assuming the remaining 200k ETH from the FTX drainer is bridged, I'm not sure how the liquidity incentive can cover the remaining +/- 10k BTC.
8
11
78
Anyone interested in an OXT livestream tracking ransomware payments and related activity?
10
7
81
DoJ recovers +50k BTC from James Zhong obtained from a 2012 exploit on a Silk Road Wallet.
The majority of the coins (~49k BTC) traceable to the exploit are currently sitting in the following address.
6
17
81
One of the simplest explanations of the Bitcoin's UTXO model that I have come across.
2
15
78
Part 1 covers the basics.
Problem definition and ex's of change detection heuristics.
In Parts 2, 3, & 4:
- clustering & tx graphs
- the effects of external tx data
- OXT how-to's
- basic privacy defenses
- why & how coinjoins work
- how the SW features subvert CA
Stay tuned.
4
15
78
All billion dollar frauds are given a pass.
Only the users get KYC'd so they can be doxxed in the bankruptcy fillings.
FTX Has More Than 200 Bank Accounts, Attorney Says.
So not a single bank did any AML/KYC background check on FTX?
192
567
3K
4
21
80
The scammers are trying to get their ETH gone before I can hire someone to finish coding up TXO a proper shitcoin explorer.
🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 789,525
#ETH
(105,099,509 USD) transferred from PlusToken to unknown wallet
Tx:
96
167
665
2
4
73
This is evidence that clearly flies in the face of the “Alameda, FTX Int’l, and FTX US are separate entities” story that was propagated by FTX management.
In fact, this may be evidence that Alameda was handling FTX US funds.
6
13
81
inb4 new financing witch hunt
3
5
68
> surely there can't be a license for that. must be a typo
> checks notes and remembers that HSBC is a thing
0
13
79
The BFX hack seizure.
A mountain of evidence in an apparent straightforward analysis.
>> Coins tracked across custodial entities sent to exchanges with the couples IDs.
Some thoughts from following the followers.
2
23
76
So let me get this straight.
The guy that was using AlphaBay in 2017 to launder these coins was also keeping them in an encrypted file "in the cloud"?
7
6
70
Let me get this straight, Chen Bo, the mastermind of PlusToken (arrested in June 2019), was entrusted with selling PlusToken's BTC, via a third party business, on behalf of the CCP?
3
12
75
As the saga continues, I suggest keeping an eye on the last address in this transaction trail.
It currently holds 6980 BTC and shows some a possible change in wallet behavior on 3 October.
8
4
71
No need for blacklists with an automated "coin control" and a coinjoin algo like this one.
Cyka Blyat 🍌
9
13
73
If we are going to save the planet, we have to recycle everything, including FUD.
2
7
73
One of the only real reason we can guess as to why Grayscale does not want to disclose their addresses is to avoid providing information about who their most frequent counterparties are (ie DCG, Genesis, etc).
5
7
74
Binance static deposit addresses are literal cancer.
Demand privacy.
Demand BIP47.
4
15
74
A few weeks ago, an Electrum user reportedly had 1400 BTC “stolen.”
Since then a little over 330 of the “stolen" coins have made their way to Binance.
3
19
72
We noted this abnormally large withdrawal from
@cryptocom
's payout wallet bc1q7cyrfmck2ffu2ud3rn5l5a8yv6f0chkp0zpemf via
Shortly after, several hundred withdrawals are consolidated into 4 outputs for 67.75 BTC.
2
2
69
Several media outlets reporting Hydra Market DNM servers have been seized by German LEAs.
The 543 BTC in Hydra's wallet has been emptied over a series of 88txs to the following address.
3
16
70
In other words, a complete emptying of the "hackers wallet" and disregard for previous privacy practices (LEA seizure???).
5
1
73
What a coincidence?
*Almost* all the post-shutdown BTC makes it to exchanges, then the *news* of arrests are released.
Hmm.
Just in, 27 principal criminals and 87 core members of Plustoken Scam all got arrested.
10
35
217
6
7
68
What is entropy & how can it be used to evaluate your Bitcoin transaction “privacy”?
Entropy is defined as:
A measure of disorder or randomness in a closed system.
It has many applications in dynamic systems and is most often used in physics but also applies to information.
1
32
70
The FTX hot wallet payout alerts will continue until the change detection algo improves.
5
15
66
This 54k BTC headline number implies the miner(s) have stocked up months of BTC without having to meet payout needs or electricity bills.
The number is so significant that it just feels off and I’m not convinced this is simple direct evidence of spot selling.
#Bitcoin
miners sent 54k $BTC to Binance in the past 3 weeks.
No significant change in BTC-USD open interest, suggesting less likelihood of filling collaterals to punt new long positions. Spot selling seems more likely, imo.
45
92
533
9
21
66
While we don’t know why Grayscale refuses to disclose their on-chain holdings, their refusal has lead to nonsense tweets from “the people in charge”.
These awkward moments that degrade trust could easily be avoided if Grayscale chose the path of transparency/Proof of Reserves.
4
3
66
@NighttimeBTC
I just want everyone to know how I happy I am with my life in the event that I am suicided or disappear ;)
1
2
65
Am I the only one noticing the subtle language changes?
Compliance bros and regulators have been replacing "self-custody" with "self-hosted".
5
6
66
So far the Kucoin hacker mixed:
~322 BTC with Chipmixer
~288 BTC partially mixed via Wasabi
~another 245 BTC pending partial Wasabi mixing?
Post-chipmixer distribution activity starts here.
4
13
64
Despite holding what they claim to hold, Grayscale have chosen to forgo using transparency to build trust at a time when trust in crypto is at an all time low.
Why?
3
1
63
@fluffypony
@BTCwillrule
No worries fluffy!
The rent seekers aren't going to directly cite the crazy Twitter nym using free block explorers (oxt/kycp) and a spreadsheet to beat them at their own game. ;)
1
0
62
Thread on Celisus Network BTC wallet clusters and balances.
TLDR >> The major Celsius address/clusters do not have significant balances. ~108k BTC were sent from CN through a single OTC/MM cluster (as advertised?). On-chain data cannot be used to deduce the true CN BTC balance.
4
22
62
I’ve spent some time digging into Fcoin’s reported on-chain activity based on this tweet.
The TxGraph implies transfer from cold storage to other exchange wallets as part of an exit scam.
WTF tracking on Fcoin's Bitcoin cold wallet shows the majority of its asset has been transferred to other exchanges ...address: 12rU7whLERNrkDb8bTe9VJJSKZvCXy7dj7
They said they can‘t withdraw for its users???
What a SHAMELESS scammer
(visualization done by
@ChainDotInfo
)
18
62
195
6
19
61
While it may be true that this is the only formally “declared” wallet controlled by the LFG, they seem to have failed to account for the trail of bread crumbs left by the change outputs used to fund their new declared wallet.
5
1
59
Latest PlusToken report is live!
Did they cause the 7 March dump?
Probably not...
Issue 2 of the OXT Research PlusToken report is live. Follow along as we continue peeling back the layers of the PlusToken scam.
In this issue:
- a new destination for the PlusToken coins
- a new mixing partner is unmasked
- updated distribution
Free @
4
41
125
6
9
60
FTX under investigation?
No matter, they just made a substantial (6500 BTC, $125mm) liquidity infusion to bankrupt Voyager.
1
7
62
Sorry to temper the latest hopium, but this is an Upbit cold storage address/internal wallet.
The address receives exclusively from Upbit's deposit wallet cluster and spends exclusively to Upbits withdrawal wallet cluster.
3
8
60
Why do we need coinjoin?
Breaking deterministic links, creating uncertainty, and multiple transaction interpretations.
4
24
57
For those asking, Coinbase wallet automatically splits large volume UTXOs to equal denominations.
+50% of the +1000 BTC txs we see go by are Coinbase doing their own internal wallet management.
Once you see it you can't unsee it.
Today's Tx vs March.
Normally, these whales avoid getting so easily tagged by the Coinbase deposit cluster, thanks to CB's unique deposit address scheme.
But we got an address reuser on our hands.
1
1
8
5
18
57
Gotta be careful goalseeking your narrative after the fact. cc @ clickbait jouno's and their daily price discussions.
But maybe this was the result of a single entity gobbling up 1% of total supply.
¯\_(ツ)_/¯
I’ve been seeing a lot of Twitter FUD opining on miner capitulation in the last few days.
This got me thinking… could the selling by the PlusToken scammers have had an abnormal effect on this market cycle?
31
127
388
3
7
57
This tumbler has been commonly used in hacks attributed to the DPRK Lazarus Group and more recently in the attempted laundering of BTC from to this summer's Darkside ransomware activity.
Another "Darkmatter" BTC update.
Moving towards identifying “parallel” wallets controlled by the same tumbler responsible for paying out to the entity depositing DM's BTC.
1
8
52
3
0
53
Over the last two weeks, 2x10k BTC txs were sent from Coinbase Custody to *possibly* the OTC/Prime wallet.
The entity spending these coins still holds some ~32,175 BTC and has given me an excuse to organize otherwise scattered observations in one place.
1
10
55
Our analysis shows that Grayscale has two preferred wallet clusters as counterparties:
- ANON-3499303328 for purchases/selling for management fees at [1NvE65r…]
- [1J65CQ4...] at ANON-2829758496
1
2
57
Even when the selling finishes I’m sure there will be more to this story.
Feel free to elaborate on your favorite Huobi/CCP/PlusToken conspiracy theories.
6
1
56