Bitfinex

Comment

Author: Admin | 2025-04-27

Bullets from different crime scenes to the same firearm, this made it possible to link multiple alleged thefts to the Electrum Atom malware and broaden the surface area of the investigation.Table 1. Addresses embedded in the Electrum Atom malware which received BTC.Two of the malware-controlled addresses, 1PpV and 1A6K, sent about 0.54 BTC to a different Bitfinex account than the one which received Schober’s stolen BTC. This Bitfinex account had a deposit address beginning with 1Gqt. [Fig. 4]Figure 4. A transaction graph showing the flow of funds from a non-malware address, 3JjP, to two Electrum Atom malware addresses, 1A6K and 1PpV, and then on to the Bitfinex deposit address 1Gqt.An FBI document reveals that the username on the 1Gqt Bitfinex account was “JamesandJohn” and the e-mail “annaadmams12@gmail.com”. [Fig. 5] Benedict Thompson acknowledged using this email, though he claims it was also used by others. [Fig. 6] Benedict Thompson has denied using the alias “JamesandJohn”. This is contradicted by the FBI document, which identifies JamesandJohn as an alias used by Benedict Thompson. [Fig. 5] This connection is further corroborated by a comment Benedict Thompson posted on Github, where he disclosed using a computer with the username “JamesandJohn”. [Fig. 7]Figure 5. Screenshot of FBI file stating that Benedict Thompson was using the username ‘JamesandJohn’ as an aka. This username is connected to the 1GQt Bitfinex account. [Highlighting added]Figure 6. Benedict Thompson’s response to a discovery question admitting he used the e-mail address “annaadmams12@gmail.com”. This e-mail address was used to register the 1GQt Bitfinex account, which received stolen BTC from the Electrum Atom malware. [Table 1, Figs. 4,5]Figure 7. Screenshot of comment posted on Github where Thompson reveals he is using a computer with the username “JamesandJohn”. [Emphasis added]In summary, there are multiple connections between Benedict Thompson and the 1Gqt Bitfinex account which received BTC from addresses embedded in the Electrum Atom malware.The controller of the Bitfinex account which received Schober’s stolen BTC used an IP address which likely shared a subnet used by ThompsonSchober’s stolen BTC was sent to a Bitfinex account with a deposit address beginning in “3CWQ”. The 3CWQ account was registered with the username “thp2k”. An FBI document shows that on February 25, 2018, thp2pk logged in to the 3CQW Bitfinex account from Southampton, UK, where the Thompson family lives, using an IP address registered to British Telecom: 86.158.130.34. [Fig. 8]Figure 8. FBI document stating that the 3CWQ Bitfinex

Add Comment

Best Articles

Bitcoin mining profitability calculatorLolminer amd onlyDynex srbminer hiveosMining definition environmental sciencePhoenixminer low hashrateNicehash mining calculatorUnmineable lolminerAsus shoesGold mining cradleEthminer for ubuntuHow to start phoenixminerGold mining sifterHow to make bitcoinBest bitcoin miner softwareLolminer 1.47Lolminer 설정Phoenix miner low hashrateGminer vs gminerAsic chip meaningCpp-ethminer

Subscibe