A government wallet that was drained of US$20 million on Thursday had most of its assets recovered on Friday.
A hacker stole $20 million from a U.S. government wallet on Thursday, though most of the funds were unexpectedly returned on Friday, raising speculation about the incident.
The activity, which Twitter flagged as one of the largest thefts this year, was discovered by renowned blockchain investigator ZachXBT, who noted that the wallet had been making “nefarious” transfers through multiple DeFi protocols and instant exchanges.
U.S. Government Recovers Millions in Stolen Crypto
ZachXBT reported that the hacker allegedly stole around $20 million in crypto assets and returned about $19 million to the government.
Today’s transaction included the return of 2,408 ETH and 13.19 million aUSDC to the original government wallet. However, exchanges Switchain and HitBTC have not yet returned funds sent to them.
Arkham Intelligence said early Friday saw the return of $19.3 million in Ethereum and USDC to the wallet.
However, ZachXBT noted on his Telegram channel that “the funds sent to exchanges have not been recovered.”
Arkham’s analytics suggest the government wallet is still short about $1.2 million of the original $20 million, with these remaining funds linked to assets seized by the U.S. Department of Justice from the infamous 2016 Bitfinex hack.
Concerns Raised by Arkham Intelligence
Arkham Intelligence noted earlier suspicious activity in U.S. government crypto wallets when seized assets were moved from Aave, drawing attention to a transfer of $20 million in USDC, USDT, aUSDC, and ETH.
Notably, the address “0xc9E” allegedly received these seized assets from nine different government-linked addresses, including one, “0xE2F,” cited in court documents for the 2016 Bitfinex case involving Ilya Lichtenstein and Heather Rhiannon Morgan.
The documents referenced additional wallets associated with Aave, Curve Finance, and Yearn Finance, where significant USDT holdings were maintained.
After the transfers, Arkham noted the funds ended up in wallet “0x348,” where they appeared to be converted to ETH. Arkham suspects the hacker has started laundering the funds through addresses associated with a money-laundering service.
Analyst Identifies Gaps in Bitfinex Forfeiture Documents
On-chain analyst Ergo BTC recently identified potential discrepancies and security issues regarding seized crypto within the Bitfinex forfeiture documents.
He noted inconsistencies between the official records and the custody agencies listed, with the U.S. Marshals Service (USMS) notably absent in reports of the compromised Ethereum address transfer.
Ergo observed that 74 BTC from a seized change output had already been spent and provided a TXID for verification. He also reported another 3,100 BTC spent from a cluster of seizure-related addresses, again backed by a TXID.
Ergo pointed out a gap between the documented seized assets and the actual on-chain movements, adding that it’s improbable all Bitfinex-seized assets were compromised.
He suggested that these discrepancies may reflect a need for improved “device hygiene” in asset security and management practices.
