From the theft of kucoin to see the evolution and countermeasures of hackers' coin laundering methods

In the eyes of many people, the most noteworthy thing about digital currency is decentralization. On the one hand, decentralization can protect private property from being violated, but it is also the best tool for criminals, such as money laundering. It is possible. At the same time, hacking incidents are also frequently seen in the encryption circle. Every case of digital currency theft will make many people discuss the security and supervision of the industry in order to promote the progress of the industry.

The theft of digital currency is a relatively common thing in the currency circle. For example, in the first half of this year, multiple DEFI contract funds were stolen by hackers, and the funds of the kucoin exchange were transferred by hackers a few days ago. In fact, it challenges every practitioner It also reminds the industry that safety is very important.

The kucoin exchange was stolen this time. Up to now, most people are still more concerned about how hackers can launder the funds in their hands. Looking at the history of the theft of various cryptocurrency exchanges, we can actually conclude that the existing Hacker whitewashing methods, here we review them one by one.

The coin laundering service is the process of gathering bitcoins from different sources together, and then distributing them to different addresses, and finally performing complex transfers and gradually mixing them together.

Chain games and Metaverse projects raised $1.2 billion in the third quarter: On October 24, Dappradar’s latest report showed that despite the current market downturn, the financing scale of Metaverse and Web3 game companies is still considerable. Chain games and metaverse projects have accumulated approximately US$7 billion in financing in 2022, and the financing amount in the third quarter reached US$1.2 billion.

Among the financing transactions in the third quarter, blockchain games and metaverse projects received the most funds, accounting for 38.5% of the total funds; infrastructure projects accounted for 33.5%, investment companies accounted for 22.9%, and media and NFT projects accounted for 5%.

Data shows that the industry never stops growing and new major players are joining the market. In September, Metaverse infrastructure developer Hadean completed a $30 million Series A round led by Molten Ventures, with participation from Epic Games, 2050 Capital, Alumni Ventures, Aster Capital, Entrepreneur First, and InQTel. [2022/10/24 16:36:46]

The coin laundering service is an illegal service. In the early days, the coin laundering service of some websites was more popular, which attracted the attention of law enforcement agencies in various countries. Therefore, after a series of supervision and crackdowns, the mainstream coin laundering websites have basically disappeared. Closed business, almost speaking now, there is no reliable money laundering service website.

Today's panic and greed index is 14, and the level is still extremely panic: May 22 news. Today's panic and greed index is 14 (13 yesterday), the degree of panic is slightly lower than yesterday, and the level is still extremely panic.

Note: The threshold of the panic index is 0-100, including indicators: volatility (25%) + market trading volume (25%) + social media popularity (15%) + market research (15%) + bitcoin in the entire market Proportion (10%) + Google hot word analysis (10%). [2022/5/22 3:33:51]

Of course, this does not mean that professional coin laundering websites have disappeared. They are basically hidden in the dark web. In addition, there are some illegal and fraudulent coin laundering websites that fish in troubled waters, which makes the coin laundering industry even more unsafe. For example, Babbitt once reported There have been criminals who wanted to launder digital currency through coin laundering services after defrauding, but they encountered a situation where black people eat black people. Therefore, the industry is actually very chaotic at present, so that hackers basically will not choose it.

Therefore, in the case where coin laundering cannot guarantee security, hackers with high technical skills may manually launder coins by themselves, which will take longer, and some even can be found out after two or three years of coin laundering. Because now government departments will also specially hire corresponding blockchain data processing companies, and some clues can also be found through on-chain transactions, so as to track down criminals.

Academic research institution IC3 receives Chainlink's second community grant: Jinse Finance News, Chainlink announced that the academic research institution The Initiative for Cryptocurrencies and Contracts (IC3) has received the second Chainlink research grant. The grant will support IC3's continued research into new approaches to high-performance systems for storing and processing high-value cryptocurrencies and confidential transactions to improve Chainlink infrastructure and the broader smart contract ecosystem.

IC3 is a smart contract technology cooperation research program based on the Jacobs Technion-Cornell Institute. It is composed of faculty members from Carnegie Mellon University, Cornell University, Cornell Technological University, etc. In addition to Chainlink, IC3 also received Supported by the Ethereum Foundation, Fidelity Center for Applied Technology, IBM, Intel, JP Morgan, Novi, and Protocol Labs. [2022/4/16 14:27:48]

Typical case: Mentougou hackers laundered coins. Of course, hacker Alexander Vinnik took a long time to launder coins, but he was finally caught in 2017.

The ApeCoin airdrop has been opened for collection at 20:30 today, and the Gas fee once rose to 297gwei: According to news on March 17, according to Etherscan data, since the ApeCoin airdrop has been open for collection at 20:30 today, due to the surge in the number of airdrop claims, Gas The fee once rose to 297gwei. As of press time, 54.67 ETH have been burned in this airdrop claim event. [2022/3/17 14:03:21]

After some hackers have stolen cryptocurrencies, they may not carry out complex bleaching operations, but use these cryptocurrencies to further threaten the exchange and make the exchange pay the ransom. The idea of ​​the hackers who do this is actually very simple. On the one hand, I want to obtain a sum of funds quickly, on the other hand, I want to reduce my own risk, and at the same time avoid other losses, such as forks.

Blackmailing exchanges is a good way for hackers, which simplifies possible complex problems in the future, and at the same time avoids being tracked. The risk is much smaller than bleaching, but it also simplifies your own Earnings compression is very low. At the same time, for the exchange, it is actually a way to pay a sum of money, so in most cases, the exchange will choose to pay the ransom.

ZTE Commercial: It has established contact with banks qualified to carry out digital currency business and maintained close communication: According to news on February 11, ZTE Commercial stated on the interactive platform that the company continues to accelerate the process of digitization, and through the "Zhongxing Building +" applet, online Online live broadcast, etc., to achieve the integration of online and offline omni-channels, and has opened a variety of mobile payment and digital payment methods such as WeChat, Alipay, UnionPay, and Cloud QuickPass. Digital renminbi is one of the forms of digital payment. The company’s stores have not yet carried out related businesses, but they have established contact with banks that are qualified to carry out digital currency business and maintained close communication. Under the conditions permitted by local policies, they will actively promote the promotion and application of digital renminbi , to give consumers a better payment experience. (Financial Associated Press) [2022/2/11 9:45:26]

However, this method also has certain risks for the exchange, that is, whether the hacker keeps his promise. For the hacker, since he can steal coins, there is basically no trust at all. If the hacker does not keep his promise, the ransom paid by the exchange may If they are all taken away again, then this is equivalent to beating a dog with a meat bun, and there will be no return.

The most typical case here is the theft of Biter’s future currency. During the whole incident, Biter bargained with the hacker and missed the best opportunity. This is because Biter did not trust the hacker. Repeatedly broke his promise, and finally only returned a part of Future Coin.

Negotiations between Hackers and Bitters (Part)

If this matter is put into the present, it will be much easier to handle. Hackers can exchange bitcoins for bitcoin tokens on other Ethereum chains across the chain, and then make an on-chain smart contract with Biter, so that Perfectly solved the whole extortion process, but this incident happened in 2014, so it can only be said that the luck was bad.

This method is an emerging method for hackers to transfer assets, because in recent years, most exchanges have paid more attention to security, so it is more difficult to steal corresponding digital currency, so in most cases, even if hackers steal accounts When withdrawing coins, the risk control will also be triggered, resulting in the failure of withdrawing coins, especially the current three major exchanges, which are relatively safe in themselves.

But even if the coins cannot be withdrawn, hackers can also use other methods to make profits. The simplest and most effective method here is the method of pulling the stolen account + selling at a high price by ambush or smashing the stolen account, and the hacker goes short. The most typical case is that Binance user accounts were stolen. The reason for this incident is that some big accounts of Binance used API to conduct transactions, and the result was stolen. Then the hacker immediately took control of the account of the big account, but because the risk control would be triggered if the coin was withdrawn, the hacker did not withdraw the coin. Instead, he used a large capital account to buy an unknown small currency VIA, which made VIA explode in a short period of time.

But before the pull, the hacker ambushed VIA in advance, and then used the stolen account to pull the pull, so that his account could be shipped at a high level, thus completing the arbitrage process, the hacker made a lot of money, and he was able to sell the whole body. retreat.

Of course, this is mainly caused by the fact that users do not keep their account passwords and other information properly, so hackers have an opportunity, so this reminds us that we must keep our accounts well, such as Google verification code, email, and SMS Not less, but also pay attention to safety, do not use software from unknown sources, and set passwords as safe as possible. Unless you are a professional user, try not to open the API account function.

Regarding the behavior of using defi applications to bleach dirty coins, we have also introduced an article, which mainly described the behavior of bleaching funds in this form of uniswap. Of course, after a month, hackers started to use uniswap as a tool. This time The hackers behind kucoin are currently taking advantage of this.

After the hacker stole a large amount of Ethereum and related tokens, he first planned to transfer the coins to the exchange, but found that several exchanges could lock the funds and freeze the relevant accounts in the first place, so the hacker The first step failed, which is the cooperation between exchanges for a long time, making it more difficult for hackers to cash out.

In the end, hackers are going to start exchanging other tokens for Ethereum in uniswap. At present, there are several token projects that have prepared or have upgraded their contracts, making it impossible to cash out the coins in the hands of hackers, which narrows this time. Loss amount, prevent smashing the market from causing bad influence on the market.

However, there are still some coins that have not been frozen, and hackers are still gradually exchanging coins in uniswap. That is to say, this method of using uniswap is still useful to hackers.

Of course, it is not only uniswap, but there are possibly unpredictable regulatory risks in many applications of defi. These are outside the scope of supervision and are not subject to legal constraints. Any kind of swap may be a necessary tool for hackers. Therefore, this leads to the risk that defi applications will be used by criminals in the future, which is also something future regulators need to consider.

Any code may have security loopholes, but most of us may not know it at present. Every incident of hacking and stealing coins is actually a blow to the digital currency industry, but from hacking and stealing coins to bleaching From the perspective of development history, in fact, the defense measures of exchanges are constantly upgrading, and hackers are not far behind in bleaching methods. This is a process of mutual competition.

This time, the exchange and the project party have fully cooperated, freezing accounts for freezing accounts, upgrading contracts for upgrading contracts, let us see a glimmer of hope, although this may not be a big deal for a large amount of stolen funds, but in a certain To this extent, it actually means that the industry has made some progress. As long as they cooperate, even if hackers steal coins in the future, they may recover the funds through various methods. This is also a way for the progress of the currency circle.

Tags：

UNI