The hacker who on Friday stole about $200 million from cryptocurrency exchange KuCoin is now attempting to launder the money.
The hacker's stolen loot was made up of several hundred different cryptocurrencies, including Bitcoin, Ethereum, and XRP. Around 150 of these tokens were ERC-20 tokens—tokens based on the Ethereum blockchain—such as Synthetix (SNX). But to cash out, the crook must eventually trade that all in for fiat currencies, such as dollars.
Yesterday, the hacker sold off trace amounts of Synthetix, the token that powers the eponymous decentralized derivatives platform. But today, the hacker has finally gone for gold.
According to Whale Alert, a Twitter bot that tracks significant cryptocurrency transactions on the blockchain, the hacker moved $1.1 million Synthetix (SNX) to Uniswap, a decentralized exchange. Since Uniswap is decentralized—i.e. not run by a company—the hacker doesn’t have to confirm their identity, nor can anyone prevent the hacker from trading on there.
⚠ 68,395 #SNX (343,561 USD) of stolen funds transferred from Kucoin Hack 2020 to Uniswap
From Uniswap, the hacker can exchange those funds for EthereumEthereum or other Ethereum-based tokens. Since all of these transactions are indelibly recorded on the blockchainblockchain, the hacker must finish laundering the money. One obvious way would be to “mix” the stolen tokens by putting them in software designed to obscure the origins of transactions.
When cryptocurrency exchange KuCoin was hacked yesterday, reports circulated that hackers drained $150 million worth of cryptocurrency from its exchange. Today, KuCoin posted more “suspicious addresses.”
Should its hunches about those “suspicious addresses” check out, the damage so far is closer to $200 million. Here’s the breakdown:
$153 million of ETH and ERC-20 tokens.
1,008 Bitcoin ($10.8 million).
26,733 LTC (1.2 million).
18,495,798 XRP ($4.5 million).
14,713 BSV ($2.2 million).
9,588,383...
Breaking it down, the hacker’s moved about $1.1 million worth of SNX. The hacker has also moved huge several million of cryptocurrencies, much of it in Chainlink (LINK), according to Whale Alert, to unknown wallets.
Several smaller crypto projects, concerned that the hacker would dump these funds on the market and break their economies, invalidated or froze the hacker’s stolen funds. (This caused a ruckus among several crypto luminaries, who said that this undermined crypto’s principle of decentralization.)
If a "decentralized" project can invalidate stolen tokens then it can invalidate YOUR tokens.
Censorship resistance for all or censorship resistance for no one.
Decrypt reported yesterday that crypto projects froze or invalidated—or intend to freeze or invalidate—about $130 million of these tokens. Since then, crypto projects prevented the hacker from using another $10-15 million of the funds.
On Sep 25th, KuCoin Exchange was temporarily compromised and over $150M across various tokens were stolen. Included in this amount were 14M AMPL, accounting for about 10% of the circulating supply.
A contract upgrade was quickly deployed to disable transfers from the attacker.
KuCoin said that the hacker drained its funds by using a leaked key to access its hot walletswallets. Hot wallets are cryptocurrency wallets that are connected to the internet—as opposed to cold wallets, which are held offline. The hacker is still at large and KuCoin is offering bounties of up to $100,000 to anyone who provides “valid information” about the hack.
Though crypto projects stopped much of the hacker’s money in its tracks, that crypto won’t end up back up in KuCoin’s wallets. It is still out of pocket to the tune of about $200 million. But CEO Johnny Lyu said in a livestream on Saturday that the company hasenough money to cover the lossesand will reimburse anyone who lost money.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Public Keys is a weekly roundup from Decrypt that tracks the key publicly traded crypto companies.
This week:
Worrying details from Coinbase
The data breach Coinbase told users and investors about last week has gotten a little more worrying.
It’s not that more data has been stolen. But the company filed a disclosure with the Maine Attorney General that included a few key details that were missing from its SEC filing and blog post about the exploit.
The breach occurred on December 26, 2024, and w...
The Russian Ministry of Energy is considering offering its now strictly regulated Bitcoin mining industry incentives to move to the north of the country.
The move follows Russia slapping a Bitcoin mining ban on ten regions (mainly in the south) in January of this year: Dagestan, Ingushetia, Kabardino-Balkaria, Karachay-Cherkessia, North Ossetia, Chechnya, Donetsk, Lugansk, Zaporizhzhia, and Kherson.
Russia to Ban Crypto Mining 'In Some Regions' Due to Electricity Shortages
The ban is set to rema...
Kraken will soon offer overseas customers the ability to trade U.S.-listed stocks through the crypto exchange’s platform, the company said in a press release on Thursday.
The offering, which covers more than 50 U.S.-listed stocks and exchange-traded funds, will be facilitated through a partnership with Backed, a firm specializing in tokenized securities, using the Solana blockchain to offer so-called xStocks, the company said.
Tokenization refers to the process of taking real-world assets, wheth...
