0x67922a9561423548a9ccfd67ad80d6c637c26bfe
0x156e6c5a2fac34bb2fcf2ac1bbaa0e75bde3ac4f
0x22021bb4404a637cc82cbff53bd30f9c16083095
0x3c467f871517363a5b32b894d07dadb7de5232f7
0x3e8f7fef4a277a5866956f6fd31a8d53f9d74e69
0x795f50722cf5ad82f78dda8dc8f7b235332977c3
0x993b0af94d3e816aaa5e32381ed0ab30ad216bc9
0xd304465ac940fe6d5674a9823191f5f6e738f9f0
0xefd718e07b10db1f1400f0db6346b99fbbbf02e5
0x67922a9561423548a9ccfd67ad80d6c637c26bfe
0x600ff523c83fb5010afaff6ce6f1fce6f35b2bb4
0x72b3ba62ece7f9086ecf0df80bd121bb53b88871
0xe989f0bda987e9205355fbd7823c98e6fa0d4694
0xc6a5f848ec2a149a230d4a8d2496e111ee492529
0x1e8cad4a817b6a6ca8a5b63aa0cc39e2b48b78f7
# Reasoning
0x67922a9561423548a9ccfd67ad80d6c637c26bfe >
>0x3c467f871517363a5b32b894d07dadb7de5232f7
0x0a16c2d58a052bb081cf4c6aee023b03bacb96d69888400f1d0c8013ce5f945b
>0x156e6c5a2fac34bb2fcf2ac1bbaa0e75bde3ac4f
0x38a76a2424610a862eacd3060441116e5b258af9e30bdb142dc18a924a4c03c8
>0x3e8f7fef4a277a5866956f6fd31a8d53f9d74e69
0xfca0c0db80d576a093154b47332e7b81425162036f458eef2a65399ec595ec32
>0xd304465ac940fe6d5674a9823191f5f6e738f9f0
0x7334dd8d6523e92ed25263ea85b870c5cbfc5cc5db74e3bce97f0d3c825afd05
>0x3c467f871517363a5b32b894d07dadb7de5232f7
0xfcf7279ead0956f878b10834b20e42fdfa53c6f89ec21904dd5734063bafba50
>0x22021bb4404a637cc82cbff53bd30f9c16083095
0x378b2a5727333a195bfcfae56c1ebd7bb78c70649c8928a92242776e56145417
>0x795f50722cf5ad82f78dda8dc8f7b235332977c3
0xc5b60095f2cd7483ecf9ceadd2250b98bae0ec4d5ed98ba54e1b4225ef206d38
>0x993b0af94d3e816aaa5e32381ed0ab30ad216bc9
0xb328a27775ef74060615860123e923b58f9973e910d18dc36726dd1c3b3b0892
forward funds to multiple wallets on arbitrum >
>0x1e8cad4a817b6a6ca8a5b63aa0cc39e2b48b78f7
tnx.0x8bc5f42560989239d893745507a0797720379be9ac2faf8365ba84f5f03b7de2
interacted with
>0xc6a5f848ec2a149a230d4a8d2496e111ee492529 tnx. 0xa52ca2a7beb1e222f05aba367ce3bf950ab2b755da4c00acb512a65edcd87928
>0xe989f0bda987e9205355fbd7823c98e6fa0d4694 tnx. 0xc7f806cc14c25ad84ef7d2a10807015d48c3b03247c8f4cfbf86f7fda7a7752d
>0x72b3ba62ece7f9086ecf0df80bd121bb53b88871 tnx. 0x04fd0c445799a79e7e1a22897d4a13d03362132c1fe36f2e87c19ff520efcaa5
>0x25955561740ee18502b1a329a664c2cd77b23e48 tnxid. 0x302b457a578778e497381258582fa6616882535cf19d54055d821eac0aad27dd
>0xefd718e07b10db1f1400f0db6346b99fbbbf02e5
0xfe38aeaba8abc1ef28d855f46dd279d3166ef96441546170ea1b6cb081ab30c9
>0x600ff523c83fb5010afaff6ce6f1fce6f35b2bb4
0x93fdebff1d29965c1f49c2d2882820561acc7d66fe7a301a4a45e59b6a192459
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> HOP BRIDGE TRANS
0x67922a9561423548a9ccfd67ad80d6c637c26bfe > 104 and 107 DAYS AGO ,2 TRANSACTIONS , VALUE 10K ,
tnx.0xc90f2aa8a54134347acbc3a7734399c82cf2e19ffe7bbeb1292d049a6b6f2a65 , 0xbfcf986166932d5f20dc3cf5a62992832eae3e6fe662605c48f804ddc30a1afa
0x156e6c5a2fac34bb2fcf2ac1bbaa0e75bde3ac4f > 95 and 98 days ago , 2 transactions , VALUE 10K
0xad93f8c9a74c899f731a23a15f2d65eb190ef1eca0ae5dc1a92e46397efc6935 , 0xcbf7a69c1c2b2b60c46dec7f82f1fa3fd6d7902dad297af3a617429a4bd3ff98
0x22021bb4404a637cc82cbff53bd30f9c16083095 > 240 days ago , value 5k
0x3c467f871517363a5b32b894d07dadb7de5232f7 > 104 and 107 days ago , 2 transaction , value 10k
0xbfcf986166932d5f20dc3cf5a62992832eae3e6fe662605c48f804ddc30a1afa
0x3e8f7fef4a277a5866956f6fd31a8d53f9d74e69 > 200 days ago , value 5k
0xda5f45aa80333cb78befbe25e62d414f32437b7bd0fc9fb2c500667c9b537536
0x795f50722cf5ad82f78dda8dc8f7b235332977c3 > 190 days ago , value 5k
0xbffcc26d661ff95d03a46d88d9f93ff50981152265015d7485061118ea6216ca
0x993b0af94d3e816aaa5e32381ed0ab30ad216bc9 >184 days and 110 days ago , value 5k and 50k
0x4263e467ff8a74bbb927585fa85cc2d679949ee502e1687e1857b1744f64f5a0 , 0x8f4db3173c9017999d56e2d76674d88e72d3cef951db42e990062ca8b33cfe6d
0xd304465ac940fe6d5674a9823191f5f6e738f9f0 > 190 days ago , value 5k
0x82b29f73f8f14ac9df277f76a6f651f9f746a062048b429e34225f3d5829f82e
0xefd718e07b10db1f1400f0db6346b99fbbbf02e5 > 210 days ago, value 1k
0x45d01f2d5ddff091a3b7180dfb507800e3c244cfc87a5d8abc7f6b8f910dc216
0x67922a9561423548a9ccfd67ad80d6c637c26bfe > 180 and 105 days ago , value 10k
0x98c14025c17393f5cbedb0c0a56d0bb00785aded8f632b15dc4abf1aaeaed1e4
0x600ff523c83fb5010afaff6ce6f1fce6f35b2bb4 > 200 days ago , whole bridged value is 5k
0x25955561740ee18502b1a329a664c2cd77b23e48 >110 days ago ,value 10k value 5.5k
0x44cf96d301df12faa70f63a1b542f7f3fe0fbaf881148a5127e533d83f7c10a6
0x72b3ba62ece7f9086ecf0df80bd121bb53b88871 > 190 days ago , value 5.5k
0x7e63e0c229906cf5b47671bcccbafd297607028b25c52798e434f8c764f04fa4
0xe989f0bda987e9205355fbd7823c98e6fa0d4694 > 190 days ago , value 5.5k
0x637c86ad680e9d594e5c999759c4b2ebe6ed9042e5b0943bb03879179e37ac9e
0xc6a5f848ec2a149a230d4a8d2496e111ee492529 > 190 days ago , value 10k
0x06c23d4ec9daa23d05402acc415573b65f1a18f4a6ef79e6eea3cc92ef83eae0
0x1e8cad4a817b6a6ca8a5b63aa0cc39e2b48b78f7 > 170 and 180 days ago , value 10k
0xa21603c289888a42432a3886eeecf2d0203791ae4aec86314a1e2c95dc2f2adb , 0xc477552c2b8db128c65338fd5604aa1d21aa50fc0a7789ca1e7a70410d156dc4
# Methodology
Attacker had a main wallet from where he sent funds to multiple wallets and then used HOP protocol. He used polygon arbitrum bridge.
He mostly did transaction of 10k and 5k value . He used the bridge 2 different times on all the wallets (190-200 days ago and 100-110
days ago ) I found attacker using script for eligible wallets then checked what addresses they worked with and when and how much funds did they bridge. Found correlation on all subjects.
# Rewards Address
0x82742CC8A0dF025Ff7B6bbdd22429A351FA2DE7c
Related Addresses
0x67922a9561423548a9ccfd67ad80d6c637c26bfe 0x156e6c5a2fac34bb2fcf2ac1bbaa0e75bde3ac4f 0x22021bb4404a637cc82cbff53bd30f9c16083095 0x3c467f871517363a5b32b894d07dadb7de5232f7 0x3e8f7fef4a277a5866956f6fd31a8d53f9d74e69 0x795f50722cf5ad82f78dda8dc8f7b235332977c3 0x993b0af94d3e816aaa5e32381ed0ab30ad216bc9 0xd304465ac940fe6d5674a9823191f5f6e738f9f0 0xefd718e07b10db1f1400f0db6346b99fbbbf02e5 0x67922a9561423548a9ccfd67ad80d6c637c26bfe 0x600ff523c83fb5010afaff6ce6f1fce6f35b2bb4 0x72b3ba62ece7f9086ecf0df80bd121bb53b88871 0xe989f0bda987e9205355fbd7823c98e6fa0d4694 0xc6a5f848ec2a149a230d4a8d2496e111ee492529 0x1e8cad4a817b6a6ca8a5b63aa0cc39e2b48b78f7 # Reasoning 0x67922a9561423548a9ccfd67ad80d6c637c26bfe > >0x3c467f871517363a5b32b894d07dadb7de5232f7 0x0a16c2d58a052bb081cf4c6aee023b03bacb96d69888400f1d0c8013ce5f945b >0x156e6c5a2fac34bb2fcf2ac1bbaa0e75bde3ac4f 0x38a76a2424610a862eacd3060441116e5b258af9e30bdb142dc18a924a4c03c8 >0x3e8f7fef4a277a5866956f6fd31a8d53f9d74e69 0xfca0c0db80d576a093154b47332e7b81425162036f458eef2a65399ec595ec32 >0xd304465ac940fe6d5674a9823191f5f6e738f9f0 0x7334dd8d6523e92ed25263ea85b870c5cbfc5cc5db74e3bce97f0d3c825afd05 >0x3c467f871517363a5b32b894d07dadb7de5232f7 0xfcf7279ead0956f878b10834b20e42fdfa53c6f89ec21904dd5734063bafba50 >0x22021bb4404a637cc82cbff53bd30f9c16083095 0x378b2a5727333a195bfcfae56c1ebd7bb78c70649c8928a92242776e56145417 >0x795f50722cf5ad82f78dda8dc8f7b235332977c3 0xc5b60095f2cd7483ecf9ceadd2250b98bae0ec4d5ed98ba54e1b4225ef206d38 >0x993b0af94d3e816aaa5e32381ed0ab30ad216bc9 0xb328a27775ef74060615860123e923b58f9973e910d18dc36726dd1c3b3b0892 forward funds to multiple wallets on arbitrum > >0x1e8cad4a817b6a6ca8a5b63aa0cc39e2b48b78f7 tnx.0x8bc5f42560989239d893745507a0797720379be9ac2faf8365ba84f5f03b7de2 interacted with >0xc6a5f848ec2a149a230d4a8d2496e111ee492529 tnx. 0xa52ca2a7beb1e222f05aba367ce3bf950ab2b755da4c00acb512a65edcd87928 >0xe989f0bda987e9205355fbd7823c98e6fa0d4694 tnx. 0xc7f806cc14c25ad84ef7d2a10807015d48c3b03247c8f4cfbf86f7fda7a7752d >0x72b3ba62ece7f9086ecf0df80bd121bb53b88871 tnx. 0x04fd0c445799a79e7e1a22897d4a13d03362132c1fe36f2e87c19ff520efcaa5 >0x25955561740ee18502b1a329a664c2cd77b23e48 tnxid. 0x302b457a578778e497381258582fa6616882535cf19d54055d821eac0aad27dd >0xefd718e07b10db1f1400f0db6346b99fbbbf02e5 0xfe38aeaba8abc1ef28d855f46dd279d3166ef96441546170ea1b6cb081ab30c9 >0x600ff523c83fb5010afaff6ce6f1fce6f35b2bb4 0x93fdebff1d29965c1f49c2d2882820561acc7d66fe7a301a4a45e59b6a192459 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> HOP BRIDGE TRANS 0x67922a9561423548a9ccfd67ad80d6c637c26bfe > 104 and 107 DAYS AGO ,2 TRANSACTIONS , VALUE 10K , tnx.0xc90f2aa8a54134347acbc3a7734399c82cf2e19ffe7bbeb1292d049a6b6f2a65 , 0xbfcf986166932d5f20dc3cf5a62992832eae3e6fe662605c48f804ddc30a1afa 0x156e6c5a2fac34bb2fcf2ac1bbaa0e75bde3ac4f > 95 and 98 days ago , 2 transactions , VALUE 10K 0xad93f8c9a74c899f731a23a15f2d65eb190ef1eca0ae5dc1a92e46397efc6935 , 0xcbf7a69c1c2b2b60c46dec7f82f1fa3fd6d7902dad297af3a617429a4bd3ff98 0x22021bb4404a637cc82cbff53bd30f9c16083095 > 240 days ago , value 5k 0x3c467f871517363a5b32b894d07dadb7de5232f7 > 104 and 107 days ago , 2 transaction , value 10k 0xbfcf986166932d5f20dc3cf5a62992832eae3e6fe662605c48f804ddc30a1afa 0x3e8f7fef4a277a5866956f6fd31a8d53f9d74e69 > 200 days ago , value 5k 0xda5f45aa80333cb78befbe25e62d414f32437b7bd0fc9fb2c500667c9b537536 0x795f50722cf5ad82f78dda8dc8f7b235332977c3 > 190 days ago , value 5k 0xbffcc26d661ff95d03a46d88d9f93ff50981152265015d7485061118ea6216ca 0x993b0af94d3e816aaa5e32381ed0ab30ad216bc9 >184 days and 110 days ago , value 5k and 50k 0x4263e467ff8a74bbb927585fa85cc2d679949ee502e1687e1857b1744f64f5a0 , 0x8f4db3173c9017999d56e2d76674d88e72d3cef951db42e990062ca8b33cfe6d 0xd304465ac940fe6d5674a9823191f5f6e738f9f0 > 190 days ago , value 5k 0x82b29f73f8f14ac9df277f76a6f651f9f746a062048b429e34225f3d5829f82e 0xefd718e07b10db1f1400f0db6346b99fbbbf02e5 > 210 days ago, value 1k 0x45d01f2d5ddff091a3b7180dfb507800e3c244cfc87a5d8abc7f6b8f910dc216 0x67922a9561423548a9ccfd67ad80d6c637c26bfe > 180 and 105 days ago , value 10k 0x98c14025c17393f5cbedb0c0a56d0bb00785aded8f632b15dc4abf1aaeaed1e4 0x600ff523c83fb5010afaff6ce6f1fce6f35b2bb4 > 200 days ago , whole bridged value is 5k 0x25955561740ee18502b1a329a664c2cd77b23e48 >110 days ago ,value 10k value 5.5k 0x44cf96d301df12faa70f63a1b542f7f3fe0fbaf881148a5127e533d83f7c10a6 0x72b3ba62ece7f9086ecf0df80bd121bb53b88871 > 190 days ago , value 5.5k 0x7e63e0c229906cf5b47671bcccbafd297607028b25c52798e434f8c764f04fa4 0xe989f0bda987e9205355fbd7823c98e6fa0d4694 > 190 days ago , value 5.5k 0x637c86ad680e9d594e5c999759c4b2ebe6ed9042e5b0943bb03879179e37ac9e 0xc6a5f848ec2a149a230d4a8d2496e111ee492529 > 190 days ago , value 10k 0x06c23d4ec9daa23d05402acc415573b65f1a18f4a6ef79e6eea3cc92ef83eae0 0x1e8cad4a817b6a6ca8a5b63aa0cc39e2b48b78f7 > 170 and 180 days ago , value 10k 0xa21603c289888a42432a3886eeecf2d0203791ae4aec86314a1e2c95dc2f2adb , 0xc477552c2b8db128c65338fd5604aa1d21aa50fc0a7789ca1e7a70410d156dc4 # Methodology Attacker had a main wallet from where he sent funds to multiple wallets and then used HOP protocol. He used polygon arbitrum bridge. He mostly did transaction of 10k and 5k value . He used the bridge 2 different times on all the wallets (190-200 days ago and 100-110 days ago ) I found attacker using script for eligible wallets then checked what addresses they worked with and when and how much funds did they bridge. Found correlation on all subjects. # Rewards Address 0x82742CC8A0dF025Ff7B6bbdd22429A351FA2DE7c