Here’s how the Parity Ethereum hacker is cashing out his funds

If you were around in 2017, you likely remember the Parity wallet hack.

Here’s some context if you don’t.

Parity is an Ethereum infrastructure provider that was in 2017 known for its multi-signature wallet. Multisig is a technology that requires multiple key holders to sign off on transactions to verify them, preventing the stealing of one key to lead to the loss of all funds.

A Parity version was bugged that allowed an attacker to drain 153,037 ETH from three high-profile multisig addresses:

“Today, we witnessed the second largest hack, in terms of ETH stolen, in the history of the Ethereum network. As of 12:19 pm UTC,  had drained 153,037 ETH from three high-profile multi-signature contracts used to store funds from past token sales. The problem was initially reported by the Parity team, since the affected MultiSig wallet contract was part of the Parity software suite.”

What happened was that there was a bug that allowed anyone to obtain “exclusive ownership of the MultiSig” and could thus move the funds once they obtained control of it.

150,000 ETH was worth around $30 million as of the time of the hack and around $115 million now.

While many of the funds were previously cashed out through instant swap tools that allowed them to launder their funds through other networks, these tools became unavailable as more stringent KYC/AML regulations were implemented.

This led to a period where the attacker did not cash out his funds.

But now, they have begun to move their Ethereum again.

Here’s how they’re cashing out their funds.

How the Parity hacker is moving their Ethereum

All of the Parity hacker’s addresses are tagged, leaving them with little opportunity to cash out their funds via a centralized exchange.

This raises the question, what can they do.

According to crypto research Igor Igamberdiev, what the individual or group is doing is swapping their Ethereum into RenBitcoin (RenBTC) via decentralized exchanges (take Uniswap, for instance),  then withdrawing those RenBTC to their own Bitcoin addresses.

From there, they can mix their funds using “mixer” services, then attempt to cash them out.

That is much more decentralized and private than the Tornado Cash solution, which may find it difficult to correctly hide the originations of millions of dollars worth of Ethereum.

In 2017, the Parity Multisig hacker used Changelly, Shapeshift, and Changer “instant” exchanges owned by real companies to launder money.

Today, they can swap Ether into Bitcoin through Ren and then cash out it through Wasabi, much more private and decentralized. https://t.co/Uy6eKqL2Us pic.twitter.com/kD5Z4iDBBl

— Igor Igamberdiev (@FrankResearcher) January 2, 2021

One address cashed out a handful of RenBTC, though the rest of the hacked funds are inactive for some reason.

Like what you see? Subscribe for daily updates.