Follow the Bitcoin From the Shadow Brokers NSA Hacking Tool Auction

Is the hacking group finally cashing out?

|
May 29 2017, 5:37pm

When a self-described hacking group calling themselves the Shadow Brokers stole a cache of National Security Agency hacking tools last year, one of their first moves was to try and auction them off for bitcoin. It didn't go well.

The auction began in September of 2016, and almost a year later, the bitcoin address set up to collect bids has amassed a grand total of 10.5 bitcoin, or roughly $24,000 USD. On Monday, for the first time, whoever controls the Shadow Broker bitcoin address cleaned it out, moving all the bitcoins to subsidiary bitcoin addresses.

In other words, it sure looks like the Shadow Brokers are finally collecting the rather meagre returns on their bid to sell government-grade hacking tools to the highest bidder, or at least moving it somewhere less conspicuous. Recent actions from the group seem to indicate they've given up. In April, the Shadow Brokers dumped yet another cache of NSA exploits for free on the internet, even though they could have netted a hefty sum had they attempted to sell the exploits first.

Read More: 'Shadow Brokers' Whine That Nobody Is Buying Their Hacked NSA Files

The group also made it back into the news with the recent WannaCry ransomware that targeted computers around the globe; it piggybacked on exploits revealed by the Shadow Brokers.

Regardless, in bitcoin, things are not always as they appear. Many questions about who is moving the funds and where they're going remain unanswered. Presumably, unless the private key that controls the address has changed hands since it was opened, the Shadow Brokers (if they did indeed open this address in the first place) are the ones moving the coin. However, this isn't guaranteed.

There's also the question of who is receiving the coin. A quick look at the blockchain shows that the coin in the auction address is being moved through a series of addresses in increasingly smaller denominations. This might indicate that the coins are being sent through a "mixer"—a service that moves coins through a byzantine series of addresses until they can't be directly traced back to the original address.

Since bitcoin is a rather transparent system, you can watch all the action unfold in real-time and do a little detective work yourself. You can start with the auction address, here.

Happy hunting.

Subscribe to Science Solved It , Motherboard's new show about the greatest mysteries that were solved by science.

Stories