According to a Nikkei report, The hacker(s) responsible for the $550 million worth of Japanese NEM tokens are close to completely cashing out on their ill-gotten gains.
A Tokyo based cybersecurity firm conducted their security findings and analysis of online transaction records related to the stolen NEM and found that most of all the loots were laundered through the dark web. Furthermore, as of Thursday evening last week, a dark web portal selling the stolen NEM funds was showing zero balance, confirmed.
In the immediate aftermath of the January 26th heist, some of the stolen NEM was transferred to a third-party digital wallet unrelated to the heist, the cybersecurity firm revealed in its analysis. As reported previously in mid-March, hackers had already laundered 40% of the 500 million tokens despite being tagged by Singapore-based NEM Foundation at the time.
“The decentralized NEM protocol’s flexibility allows transactions to be traced in real-time, which aids exchanges to identify wallets attached to the malicious activity,” the non-profit foundation said in February. “This helps make stolen XEM tokens effectively unusable because they cannot be deposited without being flagged by NEM. “
For reasons unknown, that automated tagging system was disabled last week by the NEM Foundation. The move, according to the Tokyo-based cybersecurity firm, has effectively fast-tracked the laundering swap into other coins in multiple wallets. This, despite the Tokyo Metropolitan Police Department reportedly assigning over 100 police officers to look into the theft.
As things stand, the money launderers are expected to cash out their coins – already swapped from NEM to other cryptocurrencies like bitcoin – in overseas exchanges that do not adhere to stringent know-your-customer (KYC) or ID norms. The stolen NEM now exists in other swapped coins spread across a number of virtual wallets including multiple addresses that each contain several hundred million yen’s worths of bitcoins exchanged from the stolen NEM, the report revealed citing a source close to the investigation.
Meanwhile, Tokyo-based Coincheck has kept its promise to refund NEM holders impacted by the breach by beginning to distributing reparations in Japanese Yen on March 12.