Funneling of Funds
On September 26th 2020, members of the crypto-community begun noticing that a very large amount of crypto was being transferred from the KuCoin hot wallet into an unknown Ethereum address. KuCoin, the exchange in question, did not release any sort of statement which naturally worried users, because if this was a change in addresses for security reasons it must have been announced beforehand.
After hours of quietness, KuCoin finally came out with a statement acknowledging the situation and stating that their CEO Johnny Lyu will be making a full transparent update via a livestream. The livestream’s summary was that KuCoin was indeed hacked and that the exchange will be making users whole with the help oof their insurance fund. The amount in question however is very large ($150M), whether this takes place is yet to be seen.
USDT being issued by a central authority keeps all transactions under the purview of Tether. Paolo Ardoino, CTO of Tether, tweeted that they have frozen funds (USDT) stolen by the hacker:
- 20M USDT on Ethereum
- 13M USDT on EOS
- 1M USDT on Omni
- 1M USDT on Tron
A total of $35M would have never been recovered if it wasn’t for the centralisation of Tether.
After obtaining a large amount of different coins and tokens, of which $35M (USDT) was taken back, the hacker decided to exchange all ERC20 for ETH. The medium used was the decentralised exchange Uniswap and the first asset to take a hit was OCEAN. The token dumps were separated by time intervals (TWAP) to maximise the amount of ETH the hacker would obtain as the hits taken by the market was large. OCEAN took a hit larger than -10% on that day and SNX was the second asset to take such a hit, which very quickly recovered.