ATTACKER TRIED TO ESCAPE TAGGING 7 TIMES
Our Case. Episode 2
How the attacker tried to evade tagging 7 times
A mining client, a compromised seed phrase, and a $250,000 theft . At first, the case looked fairly standard.But it quickly turned into a race between the attacker and our investigator.
We immediately tagged the attacker’s addresses as stolen funds, sending a clear signal to exchanges and services across the ecosystem.
In response, the attacker began routing the funds through multiple centralized and decentralized (DEX) services, trying to break the tracking trail and wash out the tagging.
Each time the funds surfaced on a new address, we tagged it again, restoring full visibility of the stolen assets. Within 48 hours, this happened seven times:
seven escape attempts and seven counter-actions.
As a result, a significant portion of the funds was blocked, and the recovery process was initiated.
Conclusion: even when an attacker actively tries to evade control, real-time tagging allows stolen funds to be tracked in motion and stopped before they disappear.
How the attacker tried to evade tagging 7 times
A mining client, a compromised seed phrase, and a $250,000 theft . At first, the case looked fairly standard.But it quickly turned into a race between the attacker and our investigator.
We immediately tagged the attacker’s addresses as stolen funds, sending a clear signal to exchanges and services across the ecosystem.
In response, the attacker began routing the funds through multiple centralized and decentralized (DEX) services, trying to break the tracking trail and wash out the tagging.
Each time the funds surfaced on a new address, we tagged it again, restoring full visibility of the stolen assets. Within 48 hours, this happened seven times:
seven escape attempts and seven counter-actions.
As a result, a significant portion of the funds was blocked, and the recovery process was initiated.
Conclusion: even when an attacker actively tries to evade control, real-time tagging allows stolen funds to be tracked in motion and stopped before they disappear.
- Ais Dorzhinov
Co-Founder & CTO
Blog