The Tron Chain Tomato Coin Theft Case Revealed: How Hackers Used Curve and Uniswap to Launder Money

On September 25, 2020, social media reported that a user had 10,000 DAI stolen from tomatos.finance. The main method of the scam is to induce users to approve permissions through airdrops, and then directly transfer the tokens. The airdrop is a scam and the tokens have not been received yet. tomatos.fi is a liquidity mining project on the TRON chain by Justin Sun, and it is suspected to be from a Chinese team.

After verification with multiple security companies, as of press time, several users had their stablecoins stolen by tomatos.finance and suffered huge losses.

Wu Blockchain interviewed one of the users whose coins were stolen by the tomato.finance hacker (referred to as user A) and reviewed the whole incident:

A few days before the incident, user A logged into tomatos. Finance and authorized the use of the imtoken wallet. At about 23:00 on September 26, 2020, Beijing time, he logged into imtoken and deposited DAI. The hacker created the tomatos.finance contract and called the DAI contract. As long as the wallet had DAI deposited, it was transferred away by the hacker. It took about 10 minutes from the transfer of DAI into the wallet to the transfer away by the hacker. The background of the wallet was set to unlimited. User A lost nearly 1,350,000 DAI. .

After the incident, users found that the tomatos.finance website could not be opened, the Twitter account no longer existed, but the telegram was still open.

First expose the hacker's address:

0x917a417D938B9F9E6ae7F9e5253FB6DE410343e3

Looking back at the whole process, how do hackers use Defi to launder coins?

1. DAI is the only stablecoin that will not be blacklisted and cannot be frozen. The hacker transferred 700,000 DAI, 600,000 DAI and 5,000 DAI from user A’s wallet to the address: 0x917a417D938B9F9E6ae7F9e5253FB6DE410343e3

The hash records are as follows:

0xc16a25e3745c6025363b2b607e9cb0105bab85f1cee225a52bddd4fe6dd27621

0xa8aaf959d79805e19e4aebd0ba279cb2078b35b5ec3a38bf01549651f116b512

0x5221c09d7a15fb6329f4465464e0a715bbd4bd33214606791399eefae8c53bdb

2. The hacker transferred DAI to Uniswap, converted part of the DAI into 500,358.72 USDT, and then provided AMM liquidity for 494,057.53 DAI and 500,358.72 USDT through the Uniswap V2: DAI-USDT LP trading pair to earn fees.

3. The hacker exchanged all the stablecoins in his hands for ETH and laundered them through Tornado Cash.

After the incident, user A quickly obtained support from various parties in the industry, reported the incident to the police, and conducted follow-up work to identify the hacker portrait. Wu said that the blockchain will continue to track the progress of the tomatoes.fi incident and report it in detail as soon as possible.

On the 27th, the KuCoin thief also traded the altcoin for ETH through Uniswap. Centralized exchanges such as Matcha and Binance have frozen some of the thief's funds, so they seek to trade on decentralized exchanges, and the next step is to mix coins. Decentralized exchanges have no right to regulate such malicious behavior. There were rumors that the US SEC launched an investigation into Uniswap. Some people believe that the role of decentralized exchanges in this hacking incident may attract regulatory attention. (Author: 21 Research; Editor: Colin Wu)

▼ ▼ ▼