To exchange stolen tokens, the attacker uses decentralized platforms, including Uniswap. At the same time, some community members believe that the damage from the actions of the criminal could be significantly higher than previously announced.
The hacker who hacked the KuCoin cryptocurrency exchange began to exchange stolen ERC-20 tokens using decentralized exchange services, including Uniswap. This was noticed by the Whale Alert service, which tracks large transactions on the blockchain.
Whale Alert recorded several such transactions at once with DeFi tokens of the Synthetix project (SNX), Altcoins Chainlink (LINK), and tokens of the Ocean Protocol blockchain platform (OCEAN). The hacker has already transferred LINK worth more than $ 530,000, SNX worth more than $ 6.7 million, as well as $ 76,000 in OCEAN tokens. Analysts point out that the criminal is quite scrupulous about liquidating assets: he uses test transactions, TWAP orders (based on the time-weighted average price of an asset), and so on.
As a reminder, KuCoin reported the hack on September 26th. Bitcoin, ethereum, and other tokens of the ERC-20 format, the value of which is estimated at more than $ 150 million, were withdrawn from the exchange’s hot wallets. The exchange promised to reimburse the affected users at the expense of its reserve fund.
However, some believe that the hacker could have caused much more damage to the exchange. For example, Larry Cermak, an analyst at The Block, writes on his Twitter page that he estimates the value of the stolen assets at almost $ 280 million.
According to Chermak’s calculations, only in ERC-20 tokens, the hacker withdrew from the exchange about $ 147 million. The analyst stressed that some of the tokens were frozen, and some of the addresses used by the criminal were blacklisted. However, in his opinion, KuCoin is unlikely to be able to resolve the situation with the help of the reserve fund alone.
It is worth noting that cryptocurrency exchanges and various blockchain projects have done quite extensive work to freeze some of the stolen assets and minimize damage from the actions of an attacker. Thus, the cryptocurrency company Tether, which is the issuer of the eponymous stablecoin, froze assets worth $ 22 million.
Blockchain company Velo Labs, in turn, announced that it will revoke all 122 million VELO tokens that were stolen as a result of the hack. The value of these assets is estimated at $ 76 million.
Several other companies such as SilentNotary and V-ID made similar statements. The Ocean Protocol developers suspended their smart contract altogether and carried out a hard fork to eliminate the consequences of the hack. According to the Decrypt portal, in general, cryptocurrency companies managed to freeze $ 130 million in assets.