An analysis of the blockchain conducted by an anonymous researcher, ZachXBT, revealed that the hacker who breached the DeFi platform Uranium Finance in 2021 used the card game Magic: The Gathering for money laundering.
According to ZachXBT's findings, over the past year, the hacker gradually withdrew approximately 11,200 ETH through the Tornado Cash transaction mixer, transferring them in batches of 100 coins at a time. Then they converted these funds into "wrapped" ETH (WETH), transferred them to a new address, exchanged them for USDC stablecoins, and used some of the funds to purchase cards from the collectible card game Magic: The Gathering. Additionally, some of the funds were sent to centralized exchanges such as Kraken, Bitpay, and Coinbase.
The analyst notes that the hacker approached an American broker who helped find sellers of Magic: The Gathering cards. They spent "millions on starter decks, alpha sets, and sealed boxes of cards," paying sellers an additional 5-10%. It is important to note that the hacker provided the broker with cryptocurrency in advance, thus keeping their identity concealed from the buyers. All the purchased cards are rare and have a high value, but transactions for their sale occur relatively infrequently.
Recall that Uranium Finance is a project based on the Binance Smart Chain blockchain and is a fork of the Uniswap V2 exchange. The hacker managed to withdraw various tokens from this protocol totaling $50 million, and this happened during the migration process.
