[Bounty Hunting 2.0] – Tracking a $200M + Protocol Hacker
Hello! Last week I was challenged with the task to find out who this wallet belongs to – 0x99854BA0A00012336fb508c082e5Bd974333dBD3 – qklpj.eth I immediately noticed this particular wallet had hundreds of millions of dollars worth of transactions. My first thought was WHALE! However, after digging a bit deeper, I came up with a different conclusion. This wallet was posted as a public bounty and the research is all my own. If I'm completely off base in my analysis feel free to rip this apart! I removed all social info acquired in my research per moderators request and guidelines. Maybe at some point I'll post full details on my Twitter or a newsletter. ThesisIt's my belief that 0x99854BA0A00012336fb508c082e5Bd974333dBD3 – qklpj.eth is actually the Pancake Bunny Flash Loan Exploiter. The exploit took place on 5/19/21. We know that this wallet – 0xa0ACC61547f6bd066f7c9663C17A312b6Ad7E187 executed the exploit. This wallet is marked in the image below [the white suspect icon in the middle] and numerous media outlets also reported on this wallet. I looked inside 0x99854BA0A00012336fb508c082e5Bd974333dBD3 – qklpj.eth to sort by the highest transactions for this wallet. I noticed that the top 3 highest txns all were for the BUNNY token taking place on 5/19/21. Lastly, I wanted to check the Pancake BUNNY token for the highest transactions of all time. Again, all the highest amount in txns took place on the day of the exploit. QKLPJ.ETH Main WalletQKLPJ.ETH Deposit Addresses0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance [most txns] 0x3ded0973E2e259a7760E231B63Ad2C5989f851BA – Binance 0xc9F1Fb88150176e594a5a98F302808f11F51D1f7 – Binance 0xF573cE9f5777782C801Bf6de5139b122A4CdC436 – Binance 0x89CeB171Cd88FF252E361408EE3fcC3f3C9463C6 – MEXC 0x554013Ea0bBefEa3a474Ac24A01AF097A9d65916 – OKX 0x64bF3d9F227c0F37346b9a2466529b32778fD6c7 – Huobi 0x7cfb933076406B00a1522D34522B18F994327C48 – Peatio Wallets of Interestqklpj 2 – 0x83d3CA86149AF8D904a4Fd46311472C0f82b0C2CThe Connection 0x83d3CA86149AF8D904a4Fd46311472C0f82b0C2C – qklpj 2 shares the below deposit address with 0x99854BA0A00012336fb508c082e5Bd974333dBD3 – qklpj.eth 0xF573cE9f5777782C801Bf6de5139b122A4CdC436 – Binance 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance Additionally there’s 44 txn’s totaling 194 MILLION between the two wallets. Deposit Addresses 0xF573cE9f5777782C801Bf6de5139b122A4CdC436 – Binance 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0x45E6BaC5bdD63877Ef936EE119fd424EB62C8445 – MEXC 0x9d215613eaBd91280e0fD4254d6f32e1FE29bE1A – FTX qklpj 3 – 0x1729f93e3c3C74B503B8130516984CED70bF47D9The Connection 0x1729f93e3c3C74B503B8130516984CED70bF47D9 – qklpj 3 shares the below deposit address with 0x99854BA0A00012336fb508c082e5Bd974333dBD3 – qklpj.eth 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0x554013Ea0bBefEa3a474Ac24A01AF097A9d65916 – OKX Additionally there’s 132 txn’s totaling 42.6 MILLION between the two wallets. Deposit Addresses 0x730d77C8362dDC0aBbB80242CCdbe3693d20b3FC – Coinbase 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0x6C0Ba846A572a207f3ED7ed243574B9DB7879669 – Binance 0x554013Ea0bBefEa3a474Ac24A01AF097A9d65916 – OKX qklpj 4 – 0x52433FDA99704bb08f553C8dEf3C6883F5FBbe8CThe Connection 0x52433FDA99704bb08f553C8dEf3C6883F5FBbe8C – qklpj 4 shares the below deposit address with 0x99854BA0A00012336fb508c082e5Bd974333dBD3 – qklpj.eth 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0x3ded0973E2e259a7760E231B63Ad2C5989f851BA – Binance 0x64bF3d9F227c0F37346b9a2466529b32778fD6c7 – Huobi 27 txns totaling 1.6 MILLION with qklpj.eth. 29 txns totaling 1.8 MILLION with qklpj 3. Deposit Addresses 0x3ded0973E2e259a7760E231B63Ad2C5989f851BA – Binance 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0x82CD862b962EEDf0F4c81230Cf608131B6b4a928 – Binance 0x44d2Ffd354E93Af942C1Da188d43279d1538eF26 – Huobi 0x64bF3d9F227c0F37346b9a2466529b32778fD6c7 – Huobi Additional WalletsBelow are the additional wallets owned by qklpj.eth. Many share the same deposit addresses or were funded directly by the Wallets of Interest above. 0x98c851a65785c340985cd5873ac809e2e1E83cf5 – qklpj 5 0xc9F1Fb88150176e594a5a98F302808f11F51D1f7 – Binance 0x015Fd5b0E791BbCBE65CeC906bfbB2940cbbb456 – qklpj 6 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0xb46595490ECA2Ca6a77C280896C7Ca35589589A8 – Binance 0x6C0Ba846A572a207f3ED7ed243574B9DB7879669 – Binance 0xA866b1b0c8ba7794a1FCB05Bf87961e4D7f43F29 – Binance 0x59Ee1832ce085ef5eAf8Bfb233f236141D6B6418 – FTX 0x6fF0fd821eAF8DF042972490618762e4a0bc3b43 – qklpj 7 0x4d46D06a3886ad3560477f6bF8fAB19ad9De2dc0 – Binance 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0xa862b63eE9ee12De213Fd3A42345783a0AA1F9fc – Binance 0x93f336a9E5e2f24D924455Bf70Cc450e5DF57AeC – qklpj 8 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0xF573cE9f5777782C801Bf6de5139b122A4CdC436 – Binance 0x618c3a9a403Aea2b2Be4E353312C9ab1aEabdF55 – qklpj 9 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0x45cbB7365cd027077c5d78bA2077b0a7B2fFC6F7 – qklpj 10 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0x2061fEbb50Cc60BFa1Ec13c444AA6ac7F25485B4 – qklpj 11 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0x723799b5361D800BeB633721b82E573C190100d7 – qklpj 12 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0xFaa653930260719e4b635a70c33394aCcA1E8595 – qklpj 13 0xb4176b3a385bE6D620b3333B10573c2611Eff8B5 – Binance 0x038294a85dd0ad3b357EF4bbA048d6D4b5f0f302 – qklpj 14 0xf80E7bA56C7e48c25Ee5f6D01F530781A0f4C850 – qklpj 15 [Contract?] 0xC1b22C206d69e1bD0A14c10f24FBD09457ecb8fE – qklpj 16 0x02349c5BF9f066076A61436c589A3f3A4F867BfF – qklpj 17 [Contract?] 0x9481DEaE9563F5C27291188d3AFEA7a5e410C742 – qklpj 18 [Contract?] 0x013eBEa6d8e3Eb0b637Af544Db0d9C6785217cA5 – qklpj 19 [Contract?] In ConclusionThe blockchain is forever! There's a number of "Persons of Interest" here that warrants further investigation. The Pancake Bunny Flash Loan exploit took place back in May of 2021. I believe this same group is responsible for a number of other exploits similar to this one. While not technically a hack, the result is still the same. A number of retail investors, developers, and exchanges lost millions. TLDRIn Pancake Bunny Finance's words here's what happened submitted by /u/jbtravel84 |