Timeline is wild here 2020-Dec-28 19:40-21:53 Initial movement from the known-vulnerable addresses to fresh addresses 2024-Jun-22 02:25–06:01 2024-Jul-05 16:15 2024-Jul-09 15:54 2024-Jul-19 20:08–20:18 2024-Jul-23 22:36:18 Movement from those addresses to fresh addresses
So either USG cracked the entropy on the known-vulnerable wallets and then sat on that information WITHOUT SAYING ANYTHING for 4+ years and then realized "shit we need to do the paperwork on this haul...."
...or someone else cracked the wallets and USG got their hands on it in Summer 2024 and the PDF just dropped. The latter is much more likely. But neither of these movements seem like USG seizure movements tbh. No tests, no consolidation, final addrs have different addr types.
I dunno, its weird. Here's a csv with seized-asset related txns: https://raw.githubusercontent....
FWIW it's literally not a question as to which of these address were low-entropy. It was published publicly in 2023....and 2024.....and 2025. 15/26 had their last remaining dust swept with the other large Milksad related sweeps in Mar 2024:
So we know which set of addresses was vulnerable. We can see the onchain messages being sent by victim to their thief. Which means LuBian/Chen Zhi lost control of these BTC—from wallets w/o enough entropy—in Dec 2020.
Which ultimately means someone cracked weak-entropy wallets 3+ years ahead of anyone else and kept damn fucking quiet about it. Whether that's USG or a private industry partner or something else entirely, they beat open-source security researchers. By years. đź«
@chainyoda @grok The second rule is apparently never use Mersenne Twister because you’ll probably fuck it up. https://arxiv.org/abs/1910.064... https://cs.stackexchange.com/q... https://www.i-programmer.info/... https://web.archive.org/web/20... https://milksad.info/ https://medium.com/amber-group...