Share this article
Hackers Are Shuffling Binance's Stolen Bitcoin
The Binance hackers are moving their stolen BTC into smaller and smaller wallets in an effort to hide their tracks.
By John Biggs
Updated May 2, 2022, 3:59 p.m. Published May 8, 2019, 5:56 p.m.
A team at blockchain services company Coinfirm has been watching the erratic movements of the bitcoin associated with $40 million stolen in the latest Binance breach.
At 4:11 AM on May 8 the hacker or hackers moved 1214 BTC ($7.16 million) to new addresses and then moved another 1337 "to 2 new addresses held by the hacker."
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
This is the fourth major exchange hack of the year, following Cryptopia, DragonEx and Bithumb.
Image via Coinfirm
The hack took place at 5:15:24PM on May 7 when hackers dragged over 7,000 bitcoin from a single Binance hot wallet into in a number of smaller wallets in a single transaction. The hackers then moved small amounts into smaller wallets. Given the nature of the BTC blockchain it's easy to see where each Binance bitcoin is going but it is difficult to perform real forensics on the wallets in order to understand who - or what - created them.
According to @Coinfirm_io analysis the @Binance hacker has recently moved over 1214 #BTC (~$7.16M) to new addresses
— Coinfirm (@Coinfirm_io) May 8, 2019
But almost 5786 BTC (~$34.14M) still sit on the #Binance hackers original addresses
More exclusive insights coming!https://t.co/CdRIXAT8dC pic.twitter.com/YUVrHeVOhn
The #Binance hacker just moved the funds again!
— Coinfirm (@Coinfirm_io) May 8, 2019
Coinfirm analysis shows 1227 #BTC of the #BinanceHack funds moved to 2 new addresses held by the hacker(Red bubbles)
One holds 707 BTC the other 520 BTC
Below is also a Coinfirm #aml Risk Report of one https://t.co/CdRIXAT8dC pic.twitter.com/c2VZwtfub6
The funds have moved again #binancehack #btc @AMLT_Token https://t.co/rstGxwURx6
— Coinfirm (@Coinfirm_io) May 8, 2019
Why the brisk back and forth movement? Writer and blockchain analyst Amy Castor thinks the hackers are trying to erase their tracks.
"Money laundering 101: breaking the transactions up into smaller and smaller amounts making them more and more difficult to track," she said.
Image via Coinfirm
Image via Shutterstock
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Bitcoin Faces Japan Rate Hike: Debunking The Yen Carry Trade Unwind Alarms, Real Risk Elsewhere
Speculators maintain net bullish positions in the yen, limiting scope for sudden JPY strength and mass carry unwind.
What to know:
- Impending BOJ rate hike largely priced in; Japanese bond yields near multi-decade highs.
- Speculators maintain net bullish positions in the yen, limiting scope for sudden yen strength.
- BOJ tightening may contribute to sustained upward pressure on global yields, impacting risk sentiment.
Top Stories
