Crypto analyst ZachXBT successfully traced $28 million stolen in the 2024 Bittensor hack, despite the use of the privacy-focused mixer Railgun. By applying a proprietary combination of timing and sum heuristics, he was able to link otherwise anonymous transactions and uncover the addresses involved in laundering the funds through NFTs and mixers.
According to ZachXBT, the attackers initially converted the stolen tokens into Monero via instant exchanges. Around $5 million was later funneled into Railgun as Ethereum, USDC, and WETH. Although Railgun, similar to Tornado Cash, is designed for confidential transfers, it is occasionally exploited to obscure illicit activity.
Using a detailed analysis of transaction timestamps and amounts, ZachXBT traced connections between inputs and outputs within the Railgun network. He explained, “Unique denominations and short intervals between transactions allow for reliable de-mixing.”
Once withdrawn, the assets were divided across three addresses and used to buy and sell anime-themed NFTs. While such NFT activity is rarely used for money laundering, in this case, it helped conceal the flow of funds.
One of the addresses was linked to a Bittensor user known as Rusty, creator of the “Skrtt Racing” project, which involved crypto betting on Hot Wheels races. Later investigations identified this individual in court documents as Ayden B., who denied involvement in the hack but confirmed ownership of wallets used in the transaction chain.
ZachXBT hopes that the collected evidence will support a formal criminal case against those responsible.
Previously, similar high-profile crypto thefts included a $20 million hack from a Hyperliquid user wallet, highlighting ongoing risks in decentralized networks.
