$590M BNB moved to Tether-blacklisted wallet amid rumors of Binance hack

Two million BNB tokens worth roughly $590 million were transferred to a newly generated wallet to an address that Tether then blacklisted. The blacklisting was highlighted by a Tether bot on Twitter, fueling the rumor of one of the year’s biggest hacks.

MevRefund publicized the event on Twitter by posting a suspicious transaction that included 1 million BNB, claiming there may be a hack in progress. The rumor of the trade being related to some form of hack is, as yet, unconfirmed. However, the receiving wallet, “0x489A…7F79BEc,” being blacklisted by Tether suggests something malicious may be in progress.

MevRefund confirmed the blacklisting via on-chain data in a later tweet.

At the time of press, CZ, the CEO of Binance, has not commented on the transaction. His last tweet was made an hour before the information became public knowledge and stated, “it’s not about cash flow; it’s crypto flow.” Since the tweet, almost half a billion dollars of BNB has flowed through a now-blacklisted wallet.

Green Jeff on Twitter argued that the receiving wallet had bridged BNB tokens and subsequently made a leveraged DeFi play using the funds. CryptoSlate’s analysis also arrived at this conclusion as on-chain data shows a large deposit to Venus swapping tokens for stablecoins using the BNB as collateral.

Further analysis by Green Jeff, however, confirmed that the Tether blacklisting might suggest malicious activity. While Green Jeff commented that the “activity doesn’t really look like a hack,” he questioned why Tether would be moving faster than Binance. If this is related to some form of exploit, he further posited that Binance itself might be the victim.

Another theory is that the Ethereum held in the wallet may have been sent to Tornado Cash. However, only around 20% of the total wallet value has been converted to ETH.

The price of BNB fell sharply by 5% during the period when the wallet became active, giving up the gains it had made since the start of October.

There has been no confirmation that the event was the result of a hack or exploit. However, further analysis is required.

The BNB chain has now been paused, giving further indication of a malicious actor being at play.

This is an evolving story; further information will be reported as it becomes available.