KuCoin hacker sent $5 million in Ethereum to Tornado Cash mixer

The KuCoin hacker used the Ethereum mixer Tornado Cash to obfuscate traces. The Block analyst Larry Cermak found that the attacker sent 11,520 ETH (~$4.8 million) to the service and, in batches of 100 ETH, mixed 2,800 ETH worth about $1.16 million.

The KuCoin hacker started to mix his Ethereum through 100 ETH batches on Tornado cash. He has about $4.8 million in the wallet. So far sent about 2800 ETH to Tornado but will likely keep going until it’s all in there. pic.twitter.com/U0MuNAgTPu

— Larry Cermak (@lawmaster) October 23, 2020

At the time of writing, that figure had risen to 3,000 ETH (~$1.25 million).

The analyst is confident that all of the sent coins are likely to face the same fate. After transferring part of the stolen funds to Tornado Cash, the hacker’s Ethereum address still holds 8,517 ETH (~$3.55 million).

Cermak notes that the hacker used Tornado Cash from a public address for the first time.

Ok, upon closer evaluation, this is not the first time the KuCoin hacker used Tornado cash. This is just the first time he did it from the public address and not from the side ones. Check here:

1. https://t.co/pCn2rpMGjT

2. https://t.co/mS6sh6Z92U

3. https://t.co/J5yqWNKU6C

— Larry Cermak (@lawmaster) October 23, 2020

Researchers laid out the hacker’s actions step by step:

• Steal ERC-20 tokens from KuCoin;
• Convert the tokens to ETH via Uniswap and Kyber Network;
• Disperse ETH across multiple addresses;
• Use Tornado Cash to mix them and then cash out into fiat.

What the hacker did:

1. steal all ERC-20 tokens from KuCoin

2. convert the permissionless ones to ETH using Uniswap (and sometimes Kyber)

3. Disperse the ETH to multiple addresses

4. Start using Tornado cash to mix the amounts and then likely cash-out

— Larry Cermak (@lawmaster) October 23, 2020

Developer Udi Wertheimer noted that the hacker’s share could eventually amount to a third of the total pool in the mixer.

Cermak says that, if the activity continues, the attacker would make law enforcement work easier. He called it a ‘horrific’ idea by the hacker.

Yep, very high likelihood of getting caught if he keeps going

— Larry Cermak (@lawmaster) October 23, 2020

If we look at the total amount of ETH in Tornado Cash pool, the KuCoin hacker could be as much as a third of all ETH there. Maybe already withdrew something but still. This is a terrible idea pic.twitter.com/eDxr43iqEp

— Larry Cermak (@lawmaster) October 23, 2020

In comments, users noted that Tornado Cash has a regulatory-compliance function. Some argued that such actions could lead to increased pressure on mixer services.

I was told by the torcash website that they have compliance

— Ajit Tripathi (@chainyoda) October 23, 2020

Regulators will now consider how to shut down, tornado cash front-end…

— Alpha Wolf (@Michaelklcp) October 23, 2020

In May, Chainalysis analysts questioned Tornado Cash’s privacy feature.

In October, the founder of the cryptocurrency-mixing service Helix and the CEO of Coin Ninja were fined $60 million at FinCEN’s request.

Follow ForkLog on news via Twitter!