# Reasoning 1. initially 1K (present in the 10k cluster) wallets were funded through OKX on arbitrum chain from 26 april - 30 april'23. All wallets received around $30-40 worth of ETH.  after receiving the funds the first txn on 959 wallets out of 1k bridged dust amount from arb on the L0 testnet bridge. the remaining few wallets used trader JOe to swap some ETH to usdc and bridge USDC to another chain.after almost a month of inactivity the wallets became active on 23rd and started depositing all the remaining ETH ($30+ worth of ETH in most cases) on arb to HUOBI exchange and the 1000th wallet deposited on 2023-05-24 07:53:29.000 UTC.  This is where it gets interesting now these 10k wallets (the preivous 1k wallets are included in this too) started receiving funds from binance few hours after (May-24-2023 10:28:25 AM +UTC) the last wallet completed its deposit to huobi. instead of receiving $30-40worth of fund this time all wallets were receiving 5-8 USD worth of BNB.  Until 26th march wallets were only receiving funds from binance but then funds also started coming from LayerZero refuel which was being sent from aptos , the refuel txn was sent on 24th may but the funds started arriving 2 days later because of the ~2 day waiting period layerZero had in place last year for aptos to EVM bridge. the aptos wallets that were refueling these BNB wallets also received funds from binance on 24th may. (As i am not familiar with aptos analytics tools i didn't bother getting list of all addresses involved in funding these wallets but they can be found manually by tracking through the txn hash of refuel on BNB chain).  the full tables that are used above can be found in this published google sheet (information in sheet can't be changed cause its published) : https://docs.google.com/spreadsheets/d/e/2PACX-1vQRkF2jyPDagwvipyQY4eQCZdE3MdT2JfN92tYYPOjaWqSeg0-qIO_UuqPf5MmxTFSvp1yswfPEY2Hp/pubhtml 2. between 17 june - 3 July'23 all wallets receive around ~22-24 BNB on BSC from Huobi exchange( 0x0E4e219315435392674d4063Ce880fb7D67d2C55 ). BNB is then transferred to harmony and back to BNB chain on the same day using LayerZero Harmony Bridge. After that all the BNB is sent back to HUOBI exchange everytime.This is the main pattern that is consistent throughout every wallet in the cluster and makes it clear all the wallets in the cluster are operated by one entity: - wallets start receiving around ~22-24 BNB on 17th june'2023 from huobi exchange (0x0e4e219315435392674d4063ce880fb7d67d2c55 is HUOBI's previous hot wallet verified with Arkham and connection with HUOBIs current wallet)  - minutes after receiving BNB every wallet does a bridge txn to harmony chain using L0 harmony bridge.  Full Table can be seen in this published google sheet : https://docs.google.com/spreadsheets/d/e/2PACX-1vRxXZ5INkW2cksbGXX7WaF6nmrAISkGWm_lzdvC51KDeTODrp1ZzzX-uEWVtidceh4zlgCjmad0XAkO/pubhtml# - After bridging to harmony the BNB is bridged back to BNB chain and then sent back to HUBOI exchange. harmony to bnb table couldn't be provided because of lack of DUNE analytics support but here are some random wallets from the cluster shwoing the transfer from Harmony to BNB and then to Huobi. (For some reason debank doesn't labels all huobi deposit address linked to the Old Huobi hot wallet but they can be verified by manually checking the automatic txn from the deposit address to old huobi address) 0x0469500a2017d46ac8dbece35a6e471d7c368a1c  0xa5748400a7232d110a2c604fc84c9fd38e11d0b1  0x3db389b3e44063b4267dd331cb947dad38f8827a  0xa35c48e899b1415f7bbc23c8a27f9c0a8c213f29  0x6894e251fc0e78a46f94b68f0d48c3caf3651ccc  3. Another consistent pattern that is the same txn on DFK OAPP months ago across every wallet in the list (Due to lack of dune support can't provide a full data of this pattern but will add some examples below from random wallets from the list): - DFK to klatyn txn around 16 July'23     - the next txn on almost every wallet is around 7-9 aug'23 again from DFK to klatyn     - next txn around 14-16sept'23 again from DFK to klatyn     - next txn around 12-13 oct'23 on DFK again     - these monthly DFK txn continued like this till feb'24 on some wallets. Also some wallets skip some months in between but the first 3 months have been consistentt on every wallet from the cluster. # Methodology Most of the initial work has been done manually and verified with help of dune queries. The initial set of cluster was identified from a LayerZero dune dash with custom filtering (more than $5k Volume and 3 months active ) where i look for similar txn history wallets. Initially around 300 wallets were found from the dune dash with similar bridged amount , same number of txns and same number of chains.  the wallets didn't have any similar source of funding but by skimming through their l0 activity it was pretty easy to tell they are controlled by same person. so i searched for consistent patterns across the wallets. Most had same starting months around end of may to mid june'23. After analyzing the addresses a bit more there was one thing that was consistent through out the 300 something wallets that was similar amount withdraw from huobi and then a bridge to harmony. To find more wallets following similar pattern i wrote a dune query to show atleast 20+ bnb bridge txn on the harmony bridge on BNB chain during the date 16june - 5july'2023 and funnily enough only the wallets part of the cluster did such big Volume txns on the harmony bridge during this time, the Query showed exactly 10k addresses. In order to verify these wallets are part of the same cluster i wrote another query to check if all wallets in this list received these funds from Huobi before doing the bridge txn. This pattern is what confirmed for me that all 10k wallets are from same entity Cause doing same actions in same order across exactly 10k wallets ,with similar amount and that too on a bridge that barely does this amount of Volume isnt a coincidence.