x

Copied

Share articles to

Academy Industry Analysis Article
DeFi Uniswap DeFi Digest OKEx Insights Security

Hacked KuCoin funds largely laundered on Uniswap and Kyber Network

2020.10.04 Matthew Lam

OKEx Insights’ DeFi Digest is a weekly examination of the decentralized finance world.

DeFi market snapshot

The decentralized finance market continued its positive momentum this week as the total value locked in DeFi products rose from $9.4 billion to $11.1 billion. Uniswap maintained its position as the market leader this week with a 20% market share, according to USD value locked. The decentralized exchange also had the largest liquidity pool and dominated 54% of the trading volume across all DEXs.

In the decentralized lending sphere, Compound replaced Aave as the top lender, growing its market share to 48%.

Key metrics in the world of DeFi continued to experience positive growth this week, except the weekly average trading volume for DEXs. Sources: DeFi Pulse and DeBank

Decentralized exchange volume sets all-time high in September

September has been an explosive month for decentralized exchanges, with DEXs recording a whopping $22.57 billion in trading volume. This figure is up by almost 14x when compared to the volume for June.

The fever for liquidity mining has led to a surge in user demand for Uniswap, Curve and Balancer. Combined, these platforms have a market dominance of nearly 90% in September, compared to just 40% four months ago.

Uniswap’s market dominance among decentralized exchanges grew from May to September. Source: Dune Analytics, OKEx Insights

Stolen KuCoin funds difficult to launder on centralized exchanges

The lack of regulation inherent to decentralized exchanges took center stage following the hack of centralized digital asset exchange KuCoin, which lost an estimated $279 million in cryptocurrencies. Hackers stole a wide variety of different cryptocurrencies — 150 of which were ERC-20 tokens, such as SNX and Ethereum-based USDT. 

Laundering stolen cryptocurrencies proves difficult when trying to utilize centralized exchanges, with a number of CEXs having frozen withdrawals and blacklisted addresses. 

In addition, compared to truly decentralized cryptocurrencies like BTC, many ERC-20 tokens are not censorship-resistant. This means that the token can be frozen by the issuer at any time. In the case of the KuCoin hack, Tether had frozen 20 million USDT as a precautionary measure. Various other projects also paused or reverted their smart contracts — helping KuCoin retrieve some of its stolen assets.

Hackers turn to DEXs for laundering stolen tokens

Because laundering funds via centralized exchanges is difficult to achieve, the KuCoin hackers have since attempted to launder their stolen assets via decentralized exchanges, where they sold the stolen tokens in exchange for ETH. According to Whale Alert, hackers have transferred at least $1.2 million worth of SNX tokens to Uniswap through a series of four transactions.

Hackers transferred the stolen SNX tokens to Uniswap. Source: Whale Alert

Hackers exchanged their stolen funds for ETH for two reasons: Ether is censorship-resistant and it easily convertible to fiat currencies. As a censorship-resistant cryptocurrency, ETH does not have the risk of being frozen and can be traded via thousands of trading pairs across a multitude of cryptocurrency exchanges.

DEXs fall under FATF’s red flags

Decentralized exchanges are susceptible to money laundering activities identified by the Financial Action Task Force. The FATF recently published a report on red flag indicators for money laundering and terrorist financing. The report stated that the receipt of funds from addresses linked to stolen funds is a warning sign for money laundering.

While transactions conducted on DEXs are publicly visible on the blockchain, hackers find DEXs attractive for laundering their stolen funds because of the lack of identity verification. As of Sept. 30, $17 million in stolen tokens from KuCoin’s hack has been sold on DEXs and DEX aggregators. The stolen funds were mostly laundered via Uniswap ($9.4 million) and Kyber Network ($4.1 million).

As indicated by the FATF, making multiple high-value transactions in quick succession, such as within a 24-hour period, is another red flag for money laundering. Data in Etherscan shows that hackers laundered the stolen funds via Uniswap on Sept. 28. They then transferred almost 2,000 ETH.

Hackers laundered stolen funds on Uniswap and transferred massive amounts of ETH on Sept. 28. Source: Whale Alert, Etherscan, OKEx Insights

Despite the landmark EtherDelta ruling in 2018 — which found that the decentralized platform operated as an unregistered national securities exchange — there is a noticeable lack of regulation when it comes to DEXs. The mass laundering of funds via Uniswap and Kyber Network will undoubtedly draw the eye of regulators around the globe. What kind of retroactive actions will take place remains to be seen.


Disclaimer: This material should not be taken as the basis for making investment decisions, nor be construed as a recommendation to engage in investment transactions. Trading digital assets involve significant risk and can result in the loss of your invested capital. You should ensure that you fully understand the risk involved and take into consideration your level of experience, investment objectives and seek independent financial advice if necessary.


OKEx Insights presents market analyses, in-depth features, original research & curated news from crypto professionals.

Follow OKEx Insights on Twitter and Telegram.  

Disclaimer: This material should not be taken as the basis for making investment decisions, nor be construed as a recommendation to engage in investment transactions. Trading digital assets involve significant risk and can result in the loss of your invested capital. You should ensure that you fully understand the risk involved and take into consideration your level of experience, investment objectives and seek independent financial advice if necessary.

Recommended

industry-analysis-en

%d bloggers like this: