The massive hijacking of Twitter accounts on July 15 looks like it was done by a rather unsophisticated group of hackers. They left trails to and from the exchanges that likely hold the information needed in order to obtain their identities. The Bitcoin address they used in order to solicit donations was published online. A few hours into the hacking event, the con artists started to move Bitcoin into other locations.

They left a Bitcoin trail, which suggests they are not sophisticated users of blockchain systems. The hackers have reused the same addresses and did not hide their path to and from each exchange. They did not use mixing services. The address once removed from t he original got 14.76 Bitcoin. The first address became active on May 3. About half of the Bitcoins came from one address, and the rest was from different sources.

Some of the Bitcoin came from CoinBase and BitMex. Two addresses were identified for those transactions. They are two addresses removed from the location that received direct deposits from the original address. It looks like the hackers withdrew 10 Bitcoin from Coinbase on the morning of July 15. Later, they took 0.4 Bitcoin out.

On BitMex, they took one withdrawal. That address was used as early as April 27. The group also used another address to remove funds from the first address they used. The newer one got a small amount of Bitcoin. The account they transferred it to got Bitcoin from several other locations that are associated with the BitGo network. On July 6, a small Bitcoin deposit was made to one of the addresses on Binance. This is three moves away from the original address. There were not any big players between the locations.

To analysts, it looks like the hackers are using a proxy to originate transactions in different areas of the globe. The Bitcoin addresses are in different formats. Some are new and some are old formats. Because of this, several of the cryptocurrency exchanges should be able to uncover the identity or identities of the hackers responsible for the events.