Yesterday, $50 million worth of ether (ETH) was lifted from South Korean crypto exchange UPbit. Today those funds have started moving.

According to blockchain security research firm Pecksheild, out of the 342,000 ETH compromised, around 340,000 ETH have so far been split between four new Ethereum addresses, as the hacker tries to diversify the funds.

Even more, some of the funds have been sent to crypto exchanges Binance and Huobi. Chiachih Wu, cofounder of blockchain security company PeckShield—which is helping UPbit to track the funds—told Decrypt that less than one ETH had been sent to the exchanges. He added that the hacker was most likely testing the waters, to see if the exchanges would block the funds or let them cash out.


Binance CEO Changpeng Zhao has already said the exchange will block any funds that land at his exchange. He vowed to “work with UPbit and other industry players to ensure any hacked funds that may make their way to Binance are immediately frozen.”

It’s not just Pecksheild who is looking to track these funds. Decrypt reported yesterday that a number of people were sending messages and small amounts of ether to the hacker’s Ethereum wallet. It’s likely they’re doing so in order to track any further movement of the stolen funds—a technique known as a dusting attack.

When asked about this Wu said, “Lots of people sent dust. It might help but we have our own database and tool to track, we don’t need dust.”

The issue of moving the stolen money has caused a few worries in the crypto community. Zhao said he would be unable to stop the hacker cashing out on Binance’s decentralized exchange because there are no accounts. Similarly, some questioned whether the hacker might start using DeFi protocols to swap the illegally gained coins for others.

Maybe, in stopping the movement of these funds, centralized exchanges have their uses and don’t need to burn in hell after all.


Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.