- KuCoin hackers were identified and investigated.
- Out of nearly $300m, $204m has been retrieved safely since October 1.
- Ethereum-based tokens comprise the majority of the stolen funds.
- Elliptic data shows that DEX platforms sold almost $20 million worth of tokens.
A week after crypto exchange KuCoin reported its security incident, suspects behind the malicious attack have now been identified and are under investigation by the authorities.
Alongside this, the KuCoin hack is the first major case that involved decentralized exchanges (DEXs) for money laundering. Now, high risks for these DeFi-powered applications have been identified.
KuCoin exchange hackers tracked down
KuCoin CEO Johnny Lyu shared the latest update regarding the breach experienced by its digital asset platform. As per Lyu, they found the suspects responsible for the event. More so, law enforcement is now involved to settle things legally.
He elaborated by stating:
A quick update since my last livestream on Sep 30.
After a thorough investigation, we have found the suspects of the 9.26 #KuCoin Security Incident with substantial proof at hand. Law enforcement officials and police are officially involved to take action.
— lyu_johnny (@lyu_johnny) October 3, 2020
Overall, KuCoin lost millions of dollars in customer funds as the exchange’s hot wallets were compromised and numerous transactions were done across anonymous accounts. Lyu noted that $204 million have been retrieved safely since October 1.
With the help of Elliptic’s real-time blockchain monitoring tools, deposited crypto assets from the hack, and any frozen accounts receiving such funds were traced. Suffering the third-largest crypto exchange hack in history, $281 million in cryptocurrencies were stolen from KuCoin.
To avoid further casualties, the Tether team had successfully frozen a total of 22 million USDT stablecoins. While those from the Ocean Protocol side have also frozen more than 21 million OCEAN utility tokens, roughly worth $7.8 million.
The positive direction following the arrest of KuCoin’s violation will result in the exchange “coming back to full functionality”. “My team and I will continue to do our best to offset the impact of the incident,” said Lyu.
DEX platforms and ERC20 projects criticized
CipherTrace’s Chief Financial Analyst John Jefferies pointed out that the majority of the stolen funds were ERC20 tokens. As a result, these can be easily laundered through DeFi protocols. For this reason, perpetrators transferred thousands of Synthetix Network (SNX) tokens to the leading Uniswap DEX.
This is the first time that DEXs have been leveraged for suspicious crypto activities this huge. In a series of tweets on September 27, crypto tracker Whale Alert disclosed that KuCoin hackers had moved about 540,000 SNX, worth nearly $2.7 million, in several transactions to unknown wallets.
Elliptic data shows that DEX platforms sold almost $20 million worth of tokens. These specifically include Uniswap and Kyber Network. With their huge trading volumes and lack of know-your-customer (KYC) process, DEXs seem to be an ideal preference for money laundering in crypto.
In addition, many ERC20 projects received criticism for lack of decentralization. This is due to their decisions of restarting, freezing, or pausing their protocols.
CASA Co-founder and CTO Jameson Lopp emphasized that:
If a “decentralized” project can invalidate stolen tokens then it can invalidate YOUR tokens.
Censorship resistance for all or censorship resistance for no one.
— Jameson Lopp (@lopp) September 27, 2020
Other token projects that helped KuCoin defuse its situation include Kardiachain, VIDT Datalink, Velo Labs, Orion Protocol, and Aleph token, among others. Even centralized exchanges like Binance and Bitfinex have taken urgent measures to prevent hackers from withdrawing the stolen funds.