Chainalysis Reveals how KuCoin Hackers Used DeFi Platforms Uniswap, KyberSwap to Move $275+ Million in Stolen Cryptocurrency

Fibo Quantum

Chainalysis, a leading blockchain analysis and security firm, has provided an update regarding the recent KuCoin exchange hack, which led to around $280 million in digital assets being stolen (according to estimates confirmed by many industry participants).

Chainalysis noted that on September 25, 2020, hackers stole over $275 million in virtual currency from KuCoin. It’s one of the largest ever crypto exchange hacks, the blockchain analysis company confirmed.

According to Chainalysis’ investigation, the funds stolen included:

  • 1,008 BTC ($10,758,404.86)
  • 11,543 ETH ($4,030,957.90)
  • 19,834,042 USDT-ETH ($19,834,042.14)
  • 18,495,798 XRP ($4,254,547.54)
  • 26,733 LTC ($1,238,539.89)
  • 999,160 USDT ($999,160)
  • $147M worth of ERC-20 tokens
  • $87M of Stellar tokens

Chainalysis also mentioned in a blog post that, at present, the research firm cannot share the whereabouts of all of the digital currency they’ve managed to track (which was stolen in the KuCoin hack). But Chainalysis did reveal that, as of 10:00 AM ET on Friday, October 2:

“The 1,008 BTC stolen in the attack is split between two addresses, with one holding 201 BTC and the other holding 807 BTC. The hackers have purchased and withdrawn roughly 875 BTC from centralized exchanges using altcoins stolen in the hack, including but not limited to Litecoin. Of that newly-purchased 875 BTC, roughly 683 BTC has been sent to mixing services.”

Mixing services are used to hide the origin of funds in a cryptocurrency transfer. For instance, a mixer may be used to combine a digital currency transaction with others so that it becomes difficult or nearly impossible to determine who the sender and the recipients might be.

(Note: for a more detailed report of other currencies being moved by the hackers, check here.)

Chainalysis further noted:

“What’s especially notable about this hack is how the perpetrators have used DeFi protocols to launder the stolen ETH and ERC-20 tokens. [These so-called] decentralized apps (dApps) … can fulfill specific financial functions governed by underlying smart contracts, meaning they can execute transactions — trades, loans, etc. — automatically when specific conditions are met. Without the need for centralized infrastructure or human governance, dApps can theoretically enable users to execute financial transactions at lower fees than other fintech applications or financial institutions.”

Chainalysis revealed that the KuCoin hackers actually used platforms such as Uniswap and Kyber, which are both a type of dApp referred to as a non-custodial or decentralized exchange (DEX).

DEXs let users purchase, sell, and exchange various crypto tokens developed on blockchain-based networks like Ethereum (mostly). Transactions on DEXes take place directly between two parties’ wallets, which allows for more privacy and potentially greater security.

Chainalysis also pointed out that since DEXes don’t take custody of user funds, the transactions are performed without completing KYC (know-your-customer) checks. The trades made are not logged in an order book (like on most centralized exchanges).

Chainalysis’ report and related case study aim to show the challenges that arise for law enforcement agencies when hackers or other cybercriminals use DeFi platforms.

The blockchain analysis team stated:

“By continuing to support more and more ERC-20 tokens, we can equip law enforcement and compliance professionals with the tools they need to continue tracing funds even when they move to DeFi protocols. Our training and professional services teams stand by ready to help investigators master new techniques to follow these types of transactions.”