On October 2, Chainalysis released a report about the recent KuCoin hack, which resulted in $275 million worth of crypto being stolen from the exchange’s hot wallets. The platform shared detailed information about the illicit scheme of the perpetrators, revealing their plans to launder the acquired assets.
According to Chainalysis’ report, investigators have managed to track the whereabouts of the stolen funds, with an estimated 1,008 BTC being held in two separate addresses. Apart from Bitcoin, the hackers have stolen various other crypto assets, including:
- 11,543 ETH ($4,030,957.90)
- 19,834,042 USDT-ETH ($19,834,042.14)
- 18,495,798 XRP ($4,254,547.54)
- 26,733 LTC ($1,238,539.89)
- 999,160 USDT ($999,160)
- $147 million worth of ERC-20 tokens
- $87 million of Stellar tokens
Chainalysis refrained from disclosing the whereabouts of the cryptocurrency assets but shared information about some of the transactions that the hackers conducted after the attacks. According to the data provided, the 1,008 BTC stolen in the attack is split between two addresses, with one holding 201 BTC and the other 807 BTC. All 26,733 LTC stolen were deposited into exchanges.
Moreover, hackers have withdrawn around 875 BTC from decentralized exchanges using altcoins stolen in the hack, including Litecoin. From the 875 BTC, approximately 683 BTC has been sent to mixing services. 50,001 USDT-ETH of the 19,834,042 USDT-ETH stolen has been moved, with 20,000 going to Uniswap, 11,000 going to MXC, 1,000 to Poloniex, and 500 to FatBTC. Another 3,000 USDT has been sent to three separate addresses, with 15,400 remaining unspent in an intermediary wallet.
What is most notable about the KuCoin hack is the way perpetrators use DeFi protocols to launder the stolen ETH and ERC-20 tokens. According to Chainalysis, the hackers used platforms like Uniswap and Kyber, as well as other decentralized exchanges that allow users to buy, sell, and swap different tokens built on a specific blockchain directly between one another’s wallets for greater privacy and security.
Such platforms do not take custody of the funds deposited but rather facilitate direct transfers between users without the need to provide KYC (know-your-customer) information. However, Chainalysis is said to support many of the ERC-20 tokens in question, thus allowing investigators to trace most of the funds despite the complicating effects of DeFi.
Chainalysis stated that most of the transactions involved LINK, TIA, Old Ocean, COMP, and KardiaChain tokens, which were moved in a specific fashion. According to the report, the hackers first moved the tokens from their initial wallet to an intermediary, and from there sent it to DEXs to be traded for ETH. Chainalysis estimated that hackers managed to send 12,552 LINK to Uniswap through one of their addresses and received 360,60 ETH back to the same wallet. The criminals also carried out other similar transactions through DEXs using different types of tokens.
At present, at least $13 million worth of ERC-20 tokens has supposedly been sold before the majority of the stolen crypto assets were frozen by underlying smart contracts, while other transactions were reversed by forking.