The Bitcoin stolen from cryptocurrency exchange ShapeShift has begun to move.

In March of 2016, a hacker, aided by a rogue employee, stole more than $230,000 worth of cryptocurrency from ShapeShift. Most of it has not been recovered, and the perpetrator has not yet been identified.

Erik Voorhees, CEO of ShapeShift, kept the general public appraised as to the situation during and after the hacking incident.

Mixing transactions so as to confuse traceability

On June 30th, the stolen funds were moved to two separate addresses, one in a $205,666 chunk and the other in a $654 chunk. Each one of these addresses shows only two transactions: the receipt of the funds, and the subsequent transmission of those funds to two separate addresses. This continues on seemingly endlessly, as each new transaction is separated into two and sent to two new, empty addresses so as to cover the thief’s tracks.

All Bitcoin transactions are publicly viewable via the blockchain. However, since addresses are not tied to any specific identity, and new ones may be created easily, the obfuscation of financial transfers becomes very doable. Coin mixing services send coins to and from many addresses so that their final destination, and origin, remains unclear, thereby maintaining privacy. Dash has a coin mixing service built in, performed by its masternodes.

ShapeShift has since moved on

Since the attack, ShapeShift has pledged to rebuild and recover. No customer funds were stolen during the hacks, and ShapeShift’s infrastructure has since been rebuilt.