The hacker who on Friday stole about $200 million from cryptocurrency exchange KuCoin is now attempting to launder the money.
The hacker's stolen loot was made up of several hundred different cryptocurrencies, including Bitcoin, Ethereum, and XRP. Around 150 of these tokens were ERC-20 tokens—tokens based on the Ethereum blockchain—such as Synthetix (SNX). But to cash out, the crook must eventually trade that all in for fiat currencies, such as dollars.
Yesterday, the hacker sold off trace amounts of Synthetix, the token that powers the eponymous decentralized derivatives platform. But today, the hacker has finally gone for gold.
According to Whale Alert, a Twitter bot that tracks significant cryptocurrency transactions on the blockchain, the hacker moved $1.1 million Synthetix (SNX) to Uniswap, a decentralized exchange. Since Uniswap is decentralized—i.e. not run by a company—the hacker doesn’t have to confirm their identity, nor can anyone prevent the hacker from trading on there.
⚠ 68,395 #SNX (343,561 USD) of stolen funds transferred from Kucoin Hack 2020 to Uniswap
From Uniswap, the hacker can exchange those funds for EthereumEthereum or other Ethereum-based tokens. Since all of these transactions are indelibly recorded on the blockchainblockchain, the hacker must finish laundering the money. One obvious way would be to “mix” the stolen tokens by putting them in software designed to obscure the origins of transactions.
When cryptocurrency exchange KuCoin was hacked yesterday, reports circulated that hackers drained $150 million worth of cryptocurrency from its exchange. Today, KuCoin posted more “suspicious addresses.”
Should its hunches about those “suspicious addresses” check out, the damage so far is closer to $200 million. Here’s the breakdown:
$153 million of ETH and ERC-20 tokens.
1,008 Bitcoin ($10.8 million).
26,733 LTC (1.2 million).
18,495,798 XRP ($4.5 million).
14,713 BSV ($2.2 million).
9,588,383...
Breaking it down, the hacker’s moved about $1.1 million worth of SNX. The hacker has also moved huge several million of cryptocurrencies, much of it in Chainlink (LINK), according to Whale Alert, to unknown wallets.
Several smaller crypto projects, concerned that the hacker would dump these funds on the market and break their economies, invalidated or froze the hacker’s stolen funds. (This caused a ruckus among several crypto luminaries, who said that this undermined crypto’s principle of decentralization.)
If a "decentralized" project can invalidate stolen tokens then it can invalidate YOUR tokens.
Censorship resistance for all or censorship resistance for no one.
Decrypt reported yesterday that crypto projects froze or invalidated—or intend to freeze or invalidate—about $130 million of these tokens. Since then, crypto projects prevented the hacker from using another $10-15 million of the funds.
On Sep 25th, KuCoin Exchange was temporarily compromised and over $150M across various tokens were stolen. Included in this amount were 14M AMPL, accounting for about 10% of the circulating supply.
A contract upgrade was quickly deployed to disable transfers from the attacker.
KuCoin said that the hacker drained its funds by using a leaked key to access its hot walletswallets. Hot wallets are cryptocurrency wallets that are connected to the internet—as opposed to cold wallets, which are held offline. The hacker is still at large and KuCoin is offering bounties of up to $100,000 to anyone who provides “valid information” about the hack.
Though crypto projects stopped much of the hacker’s money in its tracks, that crypto won’t end up back up in KuCoin’s wallets. It is still out of pocket to the tune of about $200 million. But CEO Johnny Lyu said in a livestream on Saturday that the company hasenough money to cover the lossesand will reimburse anyone who lost money.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
U.S. payments company PayPal said Wednesday it plans to launch a new platform this fall that will link domestic digital wallets to its global network of billions of users.
Dubbed PayPal World, the system lets users of India’s UPI, China’s WeChat Pay, and Brazil’s Mercado Pago transact with PayPal or Venmo merchants abroad without opening new accounts or using cards.
“Moving money across borders is incredibly complex, and this platform is designed to make it simple for nearly two billion users,”...
MEI Pharma, a publicly traded pharmaceutical company, closed a $100 million private placement on Wednesday to refashion itself into a litecoin treasury firm.
MEI sold 29,239,767 shares of its common stock, raising roughly $100 million, Litecoin Foundation founder Charlie Lee told Decrypt. Under the agreement, the company sold its stock at $3.42 per share. Lee led the private placement alongside digital asset market maker GSR and will be joining MEI’s board of directors, according a statement fro...
A century-old Japanese textile company has become the latest financially battered firm to turn to Bitcoin as a treasury asset, announcing plans to purchase up to $5.4 million (800 million yen) in crypto to stabilize its bottom line after years of losses and muted cash flow.
Kitabo Co., Ltd., a Tokyo Stock Exchange-listed textile manufacturer that produces synthetic fibers and industrial materials, announced in a statement on Tuesday that it will begin gradually acquiring Bitcoin using dollar-cos...