The cybercriminals responsible for the estimated $200mln hack of cryptocurrency exchange KuCoin have begun selling some of the stolen funds.
Cryptocurrency analytics firm Elliptic released its latest report on the ongoing tracking of stolen funds from the exchange, having begun tracing the various cryptocurrency tokens that were looted by hackers.
The hack of KuCoin took place on 25 September and Elliptic’s analysis estimates that the worth of the digital assets stolen is in excess of $280mln. In the grand context of the biggest cryptocurrency exchange hacks and heists over the past decade, this ranks as the third highest in value in history.
A wide variety of cryptocurrency tokens were stolen in the cyberattack including Ether, Stellar, Bitcoin, TRON, XRP, various ERC-20 tokens, TRX, BSV, Litecoin, Tether and XLM. As the graph below from Elliptic shows, ERC-20 (Ethereum tokens) make up the bulk of the stolen tokens totalling around $150mln alone.
ETH-based tokens, frozen
Given that a large amount of the stolen funds were issued by organizations using Ethereum’s blockchain, these entities were able to freeze accounts and help recover some of the stolen cryptocurrency.
Ocean Protocol and Tether, the latter being USDT issued on the Ethereum blockchain, either froze the tokens that were stolen from the account or forcibly moved them in order to assist KuCoin in retrieving some of their lost assets.
The cybercriminals responsible for the hack also tried to sell some of the stolen cryptocurrency through a couple of major centralized exchanges but the organizations quickly moved to stop that capability.
This was in part due to the use of blockchain monitoring tools like Elliptic which enabled the exchanges to check whether funds being deposited into accounts on their platform had originated from the KuCoin hack.
Turning to DEXES
With a centralized route now blocked off, the hackers then turned to using decentralized exchanges in order to launder the stolen funds. Most decentralized exchanges allow users to interact with smart contracts that will essentially allow ‘tokens swaps’ without the user having to set up an account using verified identity.
The peer-to-peer nature of decentralized exchanges gives nefarious actors the ability to exchange various cryptocurrencies anonymously.
Elliptic’s report shows that the cybercriminals responsible for the KuCoin hack have begun selling some of their ill gotten tokens on decentralized exchanges for Ether – which can then be moved and sold without the ability of the ETH being frozen or moved by a third party.
The company estimates that the criminals have now sold over $17.1mln worth of cryptocurrency tokens for Ether at five different decentralized exchanges. The emergence and success of Decentralized Finance (DeFi) platforms has also seemingly helped here as the hackers have used a number of DeFi Automated Market Makers (AMMs) including Uniswap, Kyber Network, DEX.AG, 1inch.exchnage and Tokenlon.
