Sign in Subscribe

Reports

PlusToken

PlusToken was the first multi-billion dollar cryptocurrency ponzi scheme operating largely in China, South Korea, and Japan 2.4 to 3 million users and a reported hoard of 200,000 BTC.

PlusToken
Executive Summary Cryptocurrency market participants are becoming more sophisticated. Investors have an abundance of historical market data, simple and reliable price models, and on-chain metrics to help advise positioning. Due to the relative youth of cryptocurrency markets, as well as some uniqu…
ErgoBTCOXT Research
PlusToken Impact Update
In the first issue of Special Situation Report, we peeled back the layers to reveal the facts around the first multi-billion dollar cryptocurrency ponzi scheme, PlusToken. Previously, we introduced estimates for the size of the PlusToken scam and assessments of market impacts based on the accumulat…
ErgoBTCOXT Research

The Lazarus Group

Lazarus Group was the infamous North Korean cyber crime group

The North Korean Connection
Executive Summary This report focuses on the complex laundering of thousands of BTC on behalf of the Lazarus Group, the infamous North Korean cyber crime group, by alleged conspirators engaged in money laundering on behalf of the group. Bitcoin exchanges have been subject to mysterious hacks and b…
ErgoBTCOXT Research

The KuCoin Hack

KuCoin was a Hong Kong based cryptocurrency exchange that was compromised and funds from several crypto hot wallets valued at approximately $280 million at the time of the hack.

The KuCoin Hack
Introduction On September 26th 2020, KuCoin, a Hong Kong based cryptocurrency exchange suspended withdraws as part of an on-going “security incident”. Shortly after the event, KuCoin revealed their security had been compromised and funds from several crypto hot wallets had been withdrawn to a list…
ErgoBTCOXT Research

Hydra Market

Hydra Market was the world’s largest Dark Net Market (DNM). It was taken down by German law enforcement as part of a global law enforcement operation.

The Fall of Hydra Market
…when one head was cut off, the place where it was severed put forth two others; for this reason The Hydra was considered to be invincible… Hydra Market, the world’s largest Dark Net Market (DNM), was taken down by German law enforcement in early April. The market grew to
ErgoBTCOXT Research

Liquid Global

Liquid Global was a small Asia based crypto exchange that was compromised and lost crypto valued at $91 million at the time of the hack.

The Liquid Global Hack
ℹ️Editors Note: This report was originally written in September 2021. It’s being made available now for posterity and the introduction of a “new” tumbler that will be featured in future OXT-R forensic reports. The forgotten hack. Another year, another hack of a small Asia based crypto exchange.T…
ErgoBTCOXT Research

Toxic Recall Attack

We deploy a novel attack in flaws that we discovered in JoinMarket coinjoin software to track the theft of 445 BTC through the mixer to their ultimate destination.

Toxic Recall Attack - Unwinding JoinMarket Case Study
Introduction This report aims to help solve a cold case that was never solved. The year is 2015, Bitcoin is still young but gaining in popularity. Reddit is the venue, the /r/bitcoin subreddit is where the alleged victim makes a plea for help “On the 9th of February 2015,
ErgoBTCOXT Research