SH20TAATSB18    Study    Archive    Feed    About    Error ?

The Shadow Brokers Cryptocurrency Conversion

Thanks

I have received assistance for the information below from a third party who does not wish to be publicly identified. We have noticed that amounts substantially corresponding to withdrawals from The Shadow Brokers’ BTC wallet have been withdrawn from a Zcash wallet through the ShapeShift exchange. The retrieval intervals are coherent as well. This input allowed to access the raw transactions.

ShapeShift.io Cryptocurrencies Exchange History

ShapeShift is a cryptocurrency exchange headquartered in the city of Zug, in Switzerland. It lists more than 60 cryptocurrencies and allows to convert them at competitive rates. No registration is required to do so.

On 2017-08-03, ShapeShift and Changelly (another cryptocurrency exchange) were used for converting cryptocurrencies associated with the WannaCry malware. ShapeShift issued a statement:

Source: https://www.cyberscoop.com/wannacry-monero-bitcoin/

BTC Conversion (STEP 1)

The BTCs were transferred by successive divisions to land in BTC wallkets identified as belonging to an exchange named ShapeShift:

The-Shadow-Brokers-BTC-Cash-Out-Flow_STEP1_By-SwitHak

ZEC Convert (STEP 2)

These collectors wallets then redirected the BTCs into the ShapeShift exchange. We were able to trace these transactions to one of ShapeShift’s ZEC wallet and saw some very interesting outputs transactions taking place in the same time frame:.

ShapeShift’ ZEC account: t1dMofJF2chVUa92okz4empBKhngRTjcck2 Link: https://explorer.zcha.in/accounts/t1dMofJF2chVUa92okz4empBKhngRTjcck2

Transaction ID Amount DATE / TIME (CEST) Block ID
2161ed19dd1836f8eee3b7096f6eb0c0f5feff3cc6ef878cf3ac4e3e8aff7d14 13.12034779 ZEC 2017-05-29 06:37:20 122361
3b6ec629340ceca9c8b7f22a134c2093ed9a44f40995a55c9b9f933a0f016647 13.11997417 ZEC 2017-05-29 07:09:11 122375
143930e29bb47cd0c667f53b86255c401c8e8137e61a7c7aa27f00b9c585d86a 13.09395776 ZEC 2017-05-29 07:37:50 122383
12c35797a201eb1b572215e7d2d3f633d29487baab8d7e91d56d537cf1290441 12.9237798 ZEC 2017-05-29 23:28:09 122764
ec174766cdb522fb4a997786cdf1421dbf63f79661881e4802a583ec26ac56e3 12.2450923 ZEC 2017-05-30 00:21:09 122784
2462f039a62d927de6e3e2244533528d1ba14c067c8e1acf4c4018f256a4a003 12.09906129 ZEC 2017-05-30 00:52:33 122794
0817c1b40f56158e8abdbf4b4cfc3c3829144cf1898b9a7b1fdc58b4a23f7ae1 12.36935019 ZEC 2017-05-30 01:33:41 122817
fab257bf1dca30de950309149e05202e8e152395d562802d893b908b3a697a1a 12.34939723 ZEC 2017-05-30 02:26:37 122839
0d71c2b3aa236b55453f738238cc704849e24e70a046f5719e0f3901ef328238 11.73643239 ZEC 2017-05-30 02:49:59 122849

We were able to access to the raw transactions which are available in raw format in Archive. With these information, we were able to discover 6 new ZEC privvate wallets:

Links:

https://explorer.zcha.in/transactions/2161ed19dd1836f8eee3b7096f6eb0c0f5feff3cc6ef878cf3ac4e3e8aff7d14 https://explorer.zcha.in/transactions/3b6ec629340ceca9c8b7f22a134c2093ed9a44f40995a55c9b9f933a0f016647 https://explorer.zcha.in/transactions/143930e29bb47cd0c667f53b86255c401c8e8137e61a7c7aa27f00b9c585d86a https://explorer.zcha.in/transactions/12c35797a201eb1b572215e7d2d3f633d29487baab8d7e91d56d537cf1290441 https://explorer.zcha.in/transactions/ec174766cdb522fb4a997786cdf1421dbf63f79661881e4802a583ec26ac56e3 https://explorer.zcha.in/transactions/2462f039a62d927de6e3e2244533528d1ba14c067c8e1acf4c4018f256a4a003 https://explorer.zcha.in/transactions/0817c1b40f56158e8abdbf4b4cfc3c3829144cf1898b9a7b1fdc58b4a23f7ae1 https://explorer.zcha.in/transactions/fab257bf1dca30de950309149e05202e8e152395d562802d893b908b3a697a1a https://explorer.zcha.in/transactions/0d71c2b3aa236b55453f738238cc704849e24e70a046f5719e0f3901ef328238

The-Shadow-Brokers-BTC-Cash-Out-Flow_STEP2_By-SwitHak

Results (STEP 3)

As of 2017-05-30, this cryptocurrency was being exchanged, based on the rate used by the ShapeShift exchange, at ~$2,243 / 1 BTC.

In May 2017, during these operations, the ZEC had, on the ShapeShift exchange, a value of ~$181 / 1 ZEC. That is, if we add all the transactions above, an amount of ~113,05739292 ZEC or using the transfer rate mentioned above ~$20,576.44551144.

This represents an exchange rate and expense loss for The Shadow Brokers of $2,685.

(23,261.70323364 - 20,576.44551144) = $2,685.2577222

In summary, The Shadow Brokers’ cash out graph would therefore be:

The-Shadow-Brokers-BTC-Cash-Out-Flow_STEP3_By-SwitHak