Because of this thread
I have incidentally looked at wallets #2 and #3 in some detail just today.
I don’t know if your conclusion of a custody service is correct.
During the last few hours, addr1…a2wu8qu5g9nq has moved an impressive amount of ADA to addr1…swdfpqxu74xt and addr1…dyl53sgu4pen in very regular chunks of 800k ADA.
In the past days before that, it had incoming transactions like 207ace0a100bc64c8910a64bc3a920d49e1ecd9cc09a3032d6a5af4e07451f3d, where a lot of small amounts of ADA were collected from lots and lots of Byron addresses.
The other two wallets regularly have outgoing transactions like 58b0601cea08faf3243d95fb08234ad324d2f1d869b626d17ba64c930027eb78 or 06fb39945277d0c25a79ea5db427c3b4339eecd90d8616fc3e892ced24233ee1, where widely varying including very small amounts go to a wide variety of addresses.
I would interpret this altogether as three wallets belonging to the same exchange and they internally distribute their assets in 800k chunks between these three wallets, where two are used for payouts to customers and one was used to get funds from old Byron addresses, but is just in this moment in the process of being retired or something like that.
EDIT: When you look at the two transactions funding wallet #1 – b7418577cb7265c7a986595d57b9ae9b355b4e51dfda400e1bb0732ae6cca48f and e6225c16c04e22c7286de58ed0cb2bcd57b02ff85829e0757875e7c7f1fb3a72 – they come exactly from these two wallets and they both collect a huge amount of UTxOs to get the sum of two times almost a million ADA together. These UTxOs look rather typical for a regular exchange, not necessarily a custody for high amounts.
Why might this be important? In the other thread, someone identified this as the end location of ADA scammed from them. If it was a custody solution that might mean that the scammer could be identified as one of these few high-wealth individual customers. If it is just a regular exchange, the chances are much slimmer.