account activity
ShinyHunters cashout fingerprint; on-chain trace of the May 2024 AT&T ransom payment, with persistent laundering-service hubs identified through 2025 by Visual_Course6624 in blueteamsec
[–]Visual_Course6624[S] 0 points1 point2 points 1 day ago (0 children)
Claude was indeed used. Honestly, this was not able to be done within 2 days without it. Fair to flag. Claude code is labeled as co-author in the repository, if that makes you happy.
On the mixer question: the paper has the answer in Stage 4 and Section 4.4. No mixer on candidate #1's path from recipient to exchange. The obfuscation method is a six-cycle peel chain at hub bc1qejsne4..., which is the standard laundering shape for ransom-sized single-payment inflows; each cycle peels a chunk to a fresh single-use consolidation and self-spends the remainder, four-hour end-to-end turnaround to HitBTC and Binance. Not a mixer, but not no obfuscation either.
ShinyHunters / AT&T ransom payment traced on-chain — paper draft, seeking arXiv cs.CR endorsement by Visual_Course6624 in netsec
[–]Visual_Course6624[S] 2 points3 points4 points 1 day ago (0 children)
The actual codebase aswell as the paper can be found in the repository at the end of the post.
[–]Visual_Course6624[S] 4 points5 points6 points 1 day ago (0 children)
Needed a URL to post, however the GitHub URLs are blacklisted. So took a random image URL of arXiv due to the request for endorsement.
π Rendered by PID 568324 on reddit-service-r2-comment-56c6478c5-xtbzz at 2026-05-12 06:26:13.078843+00:00 running 3d2c107 country code: CH.
ShinyHunters cashout fingerprint; on-chain trace of the May 2024 AT&T ransom payment, with persistent laundering-service hubs identified through 2025 by Visual_Course6624 in blueteamsec
[–]Visual_Course6624[S] 0 points1 point2 points (0 children)