In a new update from Arkham Intelligence, it seems that crypto wallets linked to the U.S. government may have been compromised, losing around $20 million. According to Arkham, the bulk of the funds, primarily made up of stablecoins, were converted into ethereum “through suspicious addresses linked to a money laundering service.”
Did Hackers Compromise US Government Crypto? $20M in Suspicious Activity
This article was published more than a year ago. Some information may no longer be current.
WRITTEN BY
SHARE
$20M Vanishes From U.S. Government Wallets
Earlier today, Bitcoin.com News shared that the U.S. government’s (USG) crypto wallets had been busy, with documented seized funds being pulled from Aave. Following that, a cumulative net total of approximately $20 million has now been shifted from the government’s stash. “U.S. Government linked address appears to have been compromised for $20M,” Arkham Intelligence announced Thursday at around 3:43 p.m. Eastern Time.
Arkham added:
$20M in USDC, USDT, aUSDC and ETH has been suspiciously moved from a USG-linked address… 0xc9E received USG seized funds linked to the Bitfinex hackers from 9 separate USG seizure addresses, including [0xE2F], an address named in the court documents relating to the Bitfinex seizure.
Arkham also revealed a court document from the case against Bitfinex hackers Ilya Lichtenstein and Heather Rhiannon Morgan. The case references Aave, Curve Finance, and Yearn Finance, as well as the “0xE2F” wallet. According to the document, it states:
Approximately 1,999,723.976 in tether ( USDT) contained within Yearn Finance Liquidity Pool address 0xaC8, approximately 3,689,545.195 USDT contained within Yearn Finance Liquidity Pool address 0xE2F, and approximately 1,700,000 USDT contained within Yearn Finance Liquidity Pool address [0x681].
“The funds were moved to wallet 0x348 which has begun selling the funds to ETH,” Arkham added. “We believe the attacker has already begun laundering the proceeds through suspicious addresses linked to a money laundering service.”
In another report, an onchain analyst named Ergo BTC pointed out inconsistencies and potential security lapses related to the handling of seized cryptocurrency in the documents. Ergo highlights conflicting information between transaction IDs (txids) and the custody agencies mentioned in the Bitfinex forfeiture document. He notes that the compromised ethereum ( ETH) address wasn’t officially reported as being transferred to the USMS.
However, 74 BTC from a change output, which was reportedly seized by the USMS, has already been spent. He references a specific transaction ID (txid) for this. Additionally, he points out that another 3,100 BTC from a set of seizure-related transactions, not reportedly seized by the USMS, have also been spent. He provides another txid for this one as well.
Ergo observes that there is little alignment between the reported seizures in the documents and what has actually been moved onchain. Despite these issues, he suggests it’s unlikely that all Bitfinex-seized assets have been compromised, noting that these moves likely occurred after realizing the need for improved “device hygiene”—which means better security and handling practices.
