After a major hack at KuCoin cryptocurrency exchange, cybercriminals continue to move stolen crypto to decentralized exchanges, or DEXes.
According to data from crypto transaction tracking service Whale Alert, KuCoin hackers keep sending thousands of dollars worth of Synthetix Network Token (SNX) to Uniswap — the largest decentralized finance (DeFi) protocol by total value locked.
On Sept. 28, the hacker completed another batch of transactions moving stolen funds from KuCoin and to major DEX Uniswap. According to data from Whale Alert, the hackers sent at least $1.2 million worth of stolen SNX tokens to the DEX in a series of four transactions today.
Alongside using Uniswap to send stolen SNX tokens, KuCoin hackers also moved $5 million in Chainlink (LINK) and SNX to unknown wallets today, according to Whale Alert data. A spokesperson at Whale Alert elaborated to Cointelegraph that at least $4.2 million out of this amount have been actually converted into Ether (ETH) using Uniswap and Kyber.
Analysts at Whale Alert have been able to identify at least three ETH addresses containing dirty ETH coming from the KuCoin hack. “I don't think they realize how visible their tracks are,” a spokesperson at Whale Alert said.
Following the KuCoin hack on Sept. 26, a number of centralized exchanges have taken urgent measures to prevent hackers from withdrawing the stolen funds, freezing up to $129 million out of the estimated $200 million lost.
Dovey Wan, founding partner at blockchain-based investment company Primitive Ventures, believes that the KuCoin hackers were apparently “DeFi noobs” because they first tried to sell the stolen tokens on the world’s largest centralized exchange, Binance. “The hacker who hacked Kucoin apparently is a Defi noob, tried to sell on Binance and didn’t swap the tainted USDT on Curve,” Wan said.
Wan said that DeFi could be a handy tool for hackers because DeFi infrastructure is actually composed of natural cryptocurrency mixers — services that allow users to “mix” their coins with other users in order to preserve their privacy:
“All Defi infra are natural mixers with ultra low slippage [...] Hackers with normal IQ will soon figure out, this is not some alpha leak and Defi infra is designed to serve all purposes [...] If a hacker can hack a CEX, no point he/she has no idea how to successfully liquidate via DEX.”
Although Wan later clarified her point by adding that this would "not be the mixer mixer" and that Tornado Cash would also need to be employed, Curv Finance noted that "After an exchange at a DEX, tokens stay as tainted as they were before the exchange."