KuCoin Hacker Is Using DeFi Exchange Uniswap to Launder Funds

In brief

Someome stole about $200 million from crypto exchange KuCoin on Friday.
The hacker has just started laundering some of the money.
Crypto projects froze much of the hacker's haul, however.

The hacker who on Friday stole about $200 million from cryptocurrency exchange KuCoin is now attempting to launder the money.

The hacker's stolen loot was made up of several hundred different cryptocurrencies, including Bitcoin, Ethereum, and XRP. Around 150 of these tokens were ERC-20 tokens—tokens based on the Ethereum blockchain—such as Synthetix (SNX). But to cash out, the crook must eventually trade that all in for fiat currencies, such as dollars.

Yesterday, the hacker sold off trace amounts of Synthetix, the token that powers the eponymous decentralized derivatives platform. But today, the hacker has finally gone for gold.

According to Whale Alert, a Twitter bot that tracks significant cryptocurrency transactions on the blockchain, the hacker moved $1.1 million Synthetix (SNX) to Uniswap, a decentralized exchange. Since Uniswap is decentralized—i.e. not run by a company—the hacker doesn’t have to confirm their identity, nor can anyone prevent the hacker from trading on there.

⚠ 68,395 #SNX (343,561 USD) of stolen funds transferred from Kucoin Hack 2020 to Uniswap

Tx: https://t.co/4Y64DDb9DU

— Whale Alert (@whale_alert) September 28, 2020

From Uniswap, the hacker can exchange those funds for Ethereum or other Ethereum-based tokens. Since all of these transactions are indelibly recorded on the blockchain, the hacker must finish laundering the money. One obvious way would be to “mix” the stolen tokens by putting them in software designed to obscure the origins of transactions.

Breaking it down, the hacker’s moved about $1.1 million worth of SNX. The hacker has also moved huge several million of cryptocurrencies, much of it in Chainlink (LINK), according to Whale Alert, to unknown wallets.

Several smaller crypto projects, concerned that the hacker would dump these funds on the market and break their economies, invalidated or froze the hacker’s stolen funds. (This caused a ruckus among several crypto luminaries, who said that this undermined crypto’s principle of decentralization.)

If a "decentralized" project can invalidate stolen tokens then it can invalidate YOUR tokens.

Censorship resistance for all or censorship resistance for no one.

— Jameson Lopp (@lopp) September 27, 2020

Decrypt reported yesterday that crypto projects froze or invalidated—or intend to freeze or invalidate—about $130 million of these tokens. Since then, crypto projects prevented the hacker from using another $10-15 million of the funds.

On Sep 25th, KuCoin Exchange was temporarily compromised and over $150M across various tokens were stolen. Included in this amount were 14M AMPL, accounting for about 10% of the circulating supply.

A contract upgrade was quickly deployed to disable transfers from the attacker.

— Ampleforth #AMPL (@AmpleforthOrg) September 27, 2020

KuCoin said that the hacker drained its funds by using a leaked key to access its hot wallets. Hot wallets are cryptocurrency wallets that are connected to the internet—as opposed to cold wallets, which are held offline. The hacker is still at large and KuCoin is offering bounties of up to $100,000 to anyone who provides “valid information” about the hack.

Though crypto projects stopped much of the hacker’s money in its tracks, that crypto won’t end up back up in KuCoin’s wallets. It is still out of pocket to the tune of about $200 million. But CEO Johnny Lyu said in a livestream on Saturday that the company has enough money to cover the losses and will reimburse anyone who lost money.

KuCoin Hacker Is Using DeFi Exchange Uniswap to Launder Funds

The hacker moved about $1.1 million in Synthetix tokens to decentralized exchange Uniswap.

In brief