specialists conducted an investigation of a case in which the victim as a result of a "dust attack" (dandruff attack) inadvertently sent 50 thousand USDT tokens to the fraudster's cryptocurrency address. More information about "dust attacks" (dandruff attacks) can be found in the article at the link
Upon the victim's appeal, first of all, operational measures were carried out to mark the attacker's address as "stolen funds" in all major blockchain analyzers, and an urgent notification was also sent about the attacker's address belonging to illegal activities to all major cryptocurrency exchanges. These measures increase the chance of temporarily blocking stolen funds when they are sent to exchanges. Additionally, the attacker's address, where the victim's funds were sent, was put on special monitoring by Match Systems.
A few days after the theft, the attacker began moving the stolen funds from an address that had previously received a 100% "stolen funds" markup as a result of operational actions by Match Systems.
The general scheme of the movement of stolen funds is shown in the visualization. Let's go through it in order.