KuCoin hackers keep moving stolen tokens to the largest DeFi exchange

Published at: Sept. 28, 2020

After a major hack at KuCoin cryptocurrency exchange, cybercriminals continue to move stolen crypto to decentralized exchanges, or DEXes.

According to data from crypto transaction tracking service Whale Alert, KuCoin hackers keep sending thousands of dollars worth of Synthetix Network Token (SNX) to Uniswap — the largest decentralized finance (DeFi) protocol by total value locked.

On Sept. 28, the hacker completed another batch of transactions moving stolen funds from KuCoin and to major DEX Uniswap. According to data from Whale Alert, the hackers sent at least $1.2 million worth of stolen SNX tokens to the DEX in a series of four transactions today.

Alongside using Uniswap to send stolen SNX tokens, KuCoin hackers also moved $5 million in Chainlink (LINK) and SNX to unknown wallets today, according to Whale Alert data. A spokesperson at Whale Alert elaborated to Cointelegraph that at least $4.2 million out of this amount have been actually converted into Ether (ETH) using Uniswap and Kyber.

Analysts at Whale Alert have been able to identify at least three ETH addresses containing dirty ETH coming from the KuCoin hack. “I don't think they realize how visible their tracks are,” a spokesperson at Whale Alert said.

Following the KuCoin hack on Sept. 26, a number of centralized exchanges have taken urgent measures to prevent hackers from withdrawing the stolen funds, freezing up to $129 million out of the estimated $200 million lost.

Dovey Wan, founding partner at blockchain-based investment company Primitive Ventures, believes that the KuCoin hackers were apparently “DeFi noobs” because they first tried to sell the stolen tokens on the world’s largest centralized exchange, Binance. “The hacker who hacked Kucoin apparently is a Defi noob, tried to sell on Binance and didn’t swap the tainted USDT on Curve,” Wan said.

Wan said that DeFi could be a handy tool for hackers because DeFi infrastructure is actually composed of natural cryptocurrency mixers — services that allow users to “mix” their coins with other users in order to preserve their privacy:

“All Defi infra are natural mixers with ultra low slippage [...] Hackers with normal IQ will soon figure out, this is not some alpha leak and Defi infra is designed to serve all purposes [...] If a hacker can hack a CEX, no point he/she has no idea how to successfully liquidate via DEX.”

Although Wan later clarified her point by adding that this would "not be the mixer mixer" and that Tornado Cash would also need to be employed, Curv Finance noted that "After an exchange at a DEX, tokens stay as tainted as they were before the exchange."

Tags
Related Posts
Harvest Finance puts $100K bounty on alleged hacker
Harvest Finance, a major decentralized finance protocol, has seemingly issued a $100,000 bounty in the aftermath of a $24 millon attack targeting its liquidity pools. In an Oct. 26 tweet, Harvest Finance said that there is enough data so far to identify the attacker, “who is well-known in the crypto community.” In addition to the BTC addresses which hold the funds, there is now a significant amount of personally identifiable information on the attacker, who is well-known in the crypto community. We are putting out a 100k bounty for the first person or team to reach out to the attacker …
Technology / Oct. 26, 2020
Report: Blockchain-related hacks have declined in 2020
The amount of cryptocurrency and blockchain-related hacks has been decreasing over the course of 2020, a new report claims. According to data analyzed by VPN provider Atlas VPN, the number of hacks in the first half of 2020 dropped more than three times compared to the same period in 2019. The data is part of a report released by Atlas VPN on Oct. 28. According to Atlas VPN, 2019 was a record-breaking year for blockchain hackers that exploited 94 successful attacks in the first half of the year, while in H1 2020 there were 31. Per the report, 2019 as …
Technology / Nov. 2, 2020
Binance Smart Chain Adds Chainlink Oracles for Better DeFi
Binance Smart Chain — a dual-chain architecture from major crypto exchange Binance — is now integrating Chainlink (LINK) data oracles. Binance Smart Chain adds smart contracts to the exchange's original chain, Binance Chain, and is currently in testnet. Chainlink co-founder Sergey Nazarov told Cointelegraph that in his opinion, this integration will save time and effort for developers who are building decentralized apps on the blockchain: “With the Chainlink integration, Binance Smart Chain developers no longer need to dedicate months of engineering time to set up their own oracle infrastructure. Now, they can simply use Chainlink as an abstraction layer to …
Technology / July 23, 2020
The aftermath of Axie Infinity’s $650M Ronin Bridge hack
In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million. The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game: There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP — Ronin (@Ronin_Network) March 29, 2022 The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator …
Blockchain / April 12, 2022
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023