SM Was Hacked by "Profesorhouse", it is now prooved.

Hi,

you can follow here my original post about all this and how i have come progressively to this conclusion and finally found consistant elements prooving my theory.

http://www.reddit.com/r/DarkNetMarkets/comments/1tn1ca/was_tm_hacked_and_robbed_as_sm_was_and_by_the/

To make the things short after following the Bitcoinchain starting with an address used by "profesorhouse" on hackforums.net in a transaction, i have found a link to the SM Stolen BTCs.

"Profesorhouse" user has received 10 BTC coming from the Stolen SM funds.

starting with the address used by "Profesorhouse"

1Hj45nrcQf1fP8n6KUWXbGDfmW12u5hgCQ

You can see 2 strange big transactions of 5 BTC coming to the address and from big wallets of about 130 BTC.

When you follow these wallets you enter a heavy tumbling system.

Each time a small part of the funds go into a mixer and the rest of the funds go to another one time address.

After Following hundreds of bounces you find the source, the 130 BTC addresses were originally addresses of 500BTC :

11mbAcNgTixVUUvfGMR2e8uyhLdvwXK42

And where does these 500 BTC come from?

1D55bWMJeqZTVKACpcZMFjEYfTaqg5jt2E

A big Big address where a big amount of bitcoins have transitted, 5600 exactly, in fact the amount of bitcoins that were stolen to SM.

This mean our "profesorhouse" on hackforums.net had received 10 bitcoins in two transfers from the funds stolen to SM, while they were in the middle of tumbling.

I guess nobody is perfect, he was maybe to much in need of money or wanted to make presents for Xmas.

Now that there is consistant proof that he is the hacker of SM and have robbed 5600 BTC minimum if not more with a supposed TM Hack everything about him is going to be precisely analyzed and it seems he has left a lot of things on the hackforums.net.

The time of the payback has come...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

EDIT : He definitely has made some mistakes, after the hack, it seems he needed a little bit of money and he transfered 10 BTC from 2 adresses that were tumbling the SM funds.

He direclty tranfered them to what seems to be a exchange place

1Hj45nrcQf1fP8n6KUWXbGDfmW12u5hgCQ

Still looking the 5 BTC transaction and where they are going, you arrive directly in what seems to be accounts of a BTC exchange, meaning he has probably left tracks of his RL identity there too.

The few bitcoins he transfered, compare to the big amount still hided, were sent to the Btc exchange and cashed out probably.

That does not indicate if all the money was changed or not but i bet he didn't, he cashed out a small amount (at the actual rate 10 BTC is some money) and left all the rest to be tumbled and stocked so he could cash out later.

1KQiSvSjFZix7SMdTNLtsGhdwv8qi7eddc

Here is the address of his account in a BTC exchange i can't identify, you can see that it is a BTC exchange with the activity of the addresses linked to this one.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

EDIT :

He definitely have done some mistakes in how he managed to wash the bitcoins, that can lead to his identity for experienced users.

He probably wanted to get a little bit of money of the hack, and before he put all the bitcoins in sleep after tumbling, he decided to take only a tiny share of the bitcoins stolen, just enough to have fun i guess (around 10000$).

It reminds me the old rules of "Hold-Up" when you succeed to steal an enormous amount of money, "stay low, don't buy anything unusual, stay silent, the slightest detail can lead you to be arrested".

Anyway he transfered these 10 BTC out in the middle of the process of tumbling, to a wallet he had used in the past for transactions on hackforums.net, and then to his usual exchange.

The 2 transactions are issued at two different times from 2 different packets of 500 BTC in tumbling, coming from the original wallet of 5600 BTC and only 1 Transaction out is issued one day later. This can't be a coincidence.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

EDIT :

Damn so much time needed to justify everything, it is exhausting...

Some peope have questioned the legitimacy of the Bitcoin address i use and its link to "profesorhouse"

You can find the original conversation between "profesorhouse" and his alleged scammer here :

You can see here the bitcoin address the scammer gave to "profesorhouse" for the change of 1 BTC. When you look at this address you can see where the 1BTC was coming from, the "profesorhouse" wallet.

http://www.hackforums.net/showthread.php?tid=3816931

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

EDIT :

Some people don't understand totally why the addresses i give and the transactions I point ou are a decisive proof of the "Profesorhouse" role in the hack.

Let's so try to summarize the facts.

You can see it is very hard to find a possible explanation for this if he is not the hacker...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

EDIT :

Fucking Breaking News!!!!

One guy is claiming that he knows in RL the "Profesorhouse" form hackforums.net!!!

See the story here, but take it with caution, nothing proves it is real...

http://www.reddit.com/r/DarkNetMarkets/comments/1tuoly/i_know_whos_behind_the_sheephack_in_real_life/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Comments


[4 Points] funkskipneedlebank:

Prooved? Seriously?


[5 Points] miserlou:

Just out of curiosity, do you use any tools for your blockchain analysis?


[5 Points] tmispissingmeoff:

how can we kill this guy


[5 Points] permanentlytrippin:

some diggin in HF shows his paypal email to be lever19662@mail.com


[3 Points] jazzcat_whereru:

I just want to say thank you for investigating this robbery. It is very noble to do so, especially given the complexity of what you are doing. Anyone can say it doesnt get them there money back, but the fact is the investigations you are making will contribute to the development of new security measures for the immediate future. Nice freakin work! Keep it up...


[2 Points] Xerxero:

Great work but to what point? You never get a real name or address.


[2 Points] whothisguy:

get him!


[2 Points] MoeVsWORLD:

so I guess TM is gg two...


[2 Points] chrisidone:

So now what....


[2 Points] KnightOTS:

http://www.hacksurfer.com/cybertags/EBOOK101 Just happened to find this

Theres also this on scribd, a sight with a bunch of ebooks http://www.scribd.com/doc/176710960/Historical-Development-of-Police Dont think either one of these will help much, but who knows.


[2 Points] cadillac55:

Someone posts that a former BM and TM stole 5600 BTC and shows proof of a BTC adress that received 150 BTC in total over the past 12 months. You can see that most BTC waggered was when the price was under 300 $.

Then they looked for similar names used by other people on different forums. profesorhouse is a common username.... They just try to find someone to blame. That user just sold ebooks just like many other users on there.

Gabralkhan I say you seek profesorhouse everywhere on the internet and find that after all profesorhouse is you


[2 Points] cadillac55:

http://www.cpaelites.com/User-Profesorhouse http://wikimapia.org/29486241/ur/PROFESOR-HOUSE http://profesorhouse.com/

I found HIM ! I lost 40 000$ in BTC on those 2 websites and you just give me shitty info about a book seller.

You know the difference between SR , BM and the rest ?? SR and BM stood up and still standing there. Tor Market and Sheep were scams from the start. Then admins looked for a black sheep and kept on giving all the info they had so that a hunt would start.


[1 Points] cadillac55:

https://blockchain.info/ro/tx/e9eca1988f7a1d4d07801a67bf80f0ee7829aa353eb3b7650dd58d3ef9653021 Zurrich https://blockchain.info/ro/tx/a936e1e613b668d0779e824d95372cfc1e860847e05802936707d60a73e9c864 Moskva

These 2 maybe. Show me how they come from Sheep Market. And , please let's just stop arguing , because we just want the same thing


[1 Points] snigga12:

it is back on sr read my post http://www.reddit.com/r/DarkNetMarkets/comments/1usick/attention_profesorhouse_is_back/


[-1 Points] sheapmarket:

Well deduced Tomasz.


[-2 Points] twigburst:

This doesn't look like proof.