A concept that has become fairly common within the crypto industry is that of exchange hacks as many exchanges from the small ones like Maplecoin to large ones like Binance have experienced hacks by malicious parties and this has led to the loss of millions of dollars and even the closing down of several prominent ones such as Mt Gox.
When funds are stolen from an exchange there is the question of how the malicious parties intend to profit from them and several times the stolen funds have been traced to exchanges or mixers is where they have either been frozen or have led to the discovery of the hackers and this is the recent case Binance which was hacked in May 2019.
According to a report, at least 4,836 bitcoin that was stolen from Binance have been found to have been laundered through Chipmixer which is a crypto mixing service. At the time of the hack, Binance suffered a security breach that led to the loss of 7000 bitcoin which was worth about $80 million and hackers had started to launder the stolen funds on June 12, 2019, and this comes via a published research by Clain, a crypto capital flow firm.
According to the report, tracing the steps of the hackers was very straight forward mostly because the laundering of large amount of tokens in a short period of time will raise suspicions and researchers were able to find the initial pool of hacker addresses and the extraction and analysis of those addresses also allowed the recognition of changes in ownership of the stolen funds through the use of a neural network.
What was done in this case is that the funds were stolen from Binance and was sent Chipmixer who at the time saw a very high inflow of funds. According to Clain, this sort of high volume can be assumed to be coming from a single owner.
The report goes on to say that the total amount of funds that were found in pond clusters was more than 5,200 bitcoin and there was also another 183 bitcoin that were identified as belonging to the hackers after attempted laundering while 814 have been confirmed as hacker funds but confirmation is still pending as to when the funds start moving. In conclusion, the hackers are likely trying to sever any direct ties with the illegal sources by making use of Chipmixer and thus far, no evidence indicates that the hackers have moved any of the funds to crypto exchanges meaning they are still at large.