Theft of $20 Million in Cryptocurrency

Someone appears to have stolen approximately $20 million worth of cryptocurrency from U.S. government wallets, as reported by analytics firm Arkham Intelligence. Unusual on-chain activity began around 2:00 p.m. ET on Thursday, when funds that hadn’t moved in over eight months were withdrawn from the decentralized lending platform Aave.

Arkham noted that the address 0xc9E received U.S. government seized funds linked to the Bitfinex hackers from nine separate seizure addresses, including 0xE2F699AB099e97Db1CF0b13993c31C7ee42FB2ac, featured in court documents related to the Bitfinex seizure.

The tokens include nearly $14 million in the AUSDC stablecoin, $5.4 million in USDC, $1.1 million in USDT, and nearly half a million in ETH.

While the suspect remains unidentified and how the government—holding over $14 billion in various cryptocurrencies—was compromised is unclear, the suspicious activity suggests a malicious operation. Shortly after the tokens were moved, the suspect’s account began transferring funds to various non-custodial applications in an apparent money-laundering attempt, as reported by Arkham.

Crypto analyst ZachXBT indicated that it’s more plausible that the funds were stolen rather than moved by the U.S. government, noting, “U.S. government is not going to use Switchain or N.Exchange.”

The suspect’s wallet currently holds about $13 million worth of cryptocurrency, following transfers to addresses beginning with 0x15D0a and 0xBf6F7, which contain approximately $5.5 million and $1.4 million in ETH, respectively.

Crypto hacks are not unusual; Rekt estimates that nearly $81 billion worth of tokens have been lost in various exploits since 2011. However, the Bitfinex hack stands out: only about $65 million was stolen at that time, making it the 80th largest loss to date. The U.S. government's seizure, however, involved assets that had appreciated in value to over $4 billion, marking it the largest seizure to date. The fate of these tokens is still debated, though indications suggest they might be returned to Bitfinex.

If it turns out that the U.S. Marshals Service was compromised, it would contribute another surprising chapter to a story unfolding since 2016.

Hours post-attack, a crypto user identified as typicaldoomer.eth sent the suspected hacker 69 NOCHILL tokens.