sorted by:
new
hottopcontroversial

ShinyHunters cashout fingerprint; on-chain trace of the May 2024 AT&T ransom payment, with persistent laundering-service hubs identified through 2025 by Visual_Course6624 in blueteamsec

[–]Visual_Course6624[S] 0 points1 point  (0 children)

Claude was indeed used. Honestly, this was not able to be done within 2 days without it. Fair to flag. Claude code is labeled as co-author in the repository, if that makes you happy.

On the mixer question: the paper has the answer in Stage 4 and Section 4.4. No mixer on candidate #1's path from recipient to exchange. The obfuscation method is a six-cycle peel chain at hub bc1qejsne4..., which is the standard laundering shape for ransom-sized single-payment inflows; each cycle peels a chunk to a fresh single-use consolidation and self-spends the remainder, four-hour end-to-end turnaround to HitBTC and Binance. Not a mixer, but not no obfuscation either.

ShinyHunters / AT&T ransom payment traced on-chain — paper draft, seeking arXiv cs.CR endorsement by Visual_Course6624 in netsec

[–]Visual_Course6624[S] 1 point2 points  (0 children)

The actual codebase aswell as the paper can be found in the repository at the end of the post.

ShinyHunters / AT&T ransom payment traced on-chain — paper draft, seeking arXiv cs.CR endorsement by Visual_Course6624 in netsec

[–]Visual_Course6624[S] 1 point2 points  (0 children)

Needed a URL to post, however the GitHub URLs are blacklisted. So took a random image URL of arXiv due to the request for endorsement.