The evolution of hackers’ money laundering methods and countermeasures from the theft of Kucoin

In the eyes of many people, the most noteworthy aspect of digital currency is decentralization. On the one hand, decentralization can protect private property from being violated, but it is also the best tool for criminals. For example, money laundering is possible. At the same time, hacking incidents are frequently seen in the encryption circle. Every case of digital currency theft will cause many people to discuss the security and supervision of the industry in order to promote industry progress.

The theft of digital currency is a common occurrence in the cryptocurrency world. For example, in the first half of this year, funds from multiple DEFI contracts were stolen by hackers, and a few days ago, funds from the Kucoin exchange were transferred away by hackers. In fact, these challenges the level of security that every practitioner values, and they also remind the industry that security is very important.

This time, the Kucoin exchange was hacked. Up to now, most people are still concerned about how hackers can launder the funds they have obtained. Looking at the history of thefts of various cryptocurrency exchanges, we can actually summarize the existing methods of hackers to launder funds. Here we will review them one by one.

1. Use professional bleaching services

The coin laundering service is the process of gathering bitcoins from different sources together, breaking them up and distributing them to different addresses, and finally mixing them together after complex transfers.

Coin laundering service is an illegal service. In the early days, coin laundering services on some websites were quite popular, which attracted the attention of law enforcement agencies in various countries. Therefore, after a series of supervision and crackdowns, mainstream coin laundering websites have basically ceased operations. Now, there are almost no reliable coin laundering service websites.

Of course, this does not mean that professional coin laundering websites have disappeared. They are basically hidden in the dark web. In addition, there are some illegal fraud coin laundering websites taking advantage of the situation, making the coin laundering industry even more unsafe. For example, Babbitt once reported that some illegal elements wanted to launder digital currency through coin laundering services after fraud, but they ended up being cheated by other criminals. Therefore, this industry is actually very chaotic at present, so hackers basically will not choose it.

Therefore, when the safety of coin laundering cannot be guaranteed, hackers with generally higher technical capabilities may launder coins manually, which will take longer. Some may even spend two or three years laundering coins and still be detected, because now government departments will also specially hire corresponding blockchain data processing companies, and some clues can be found through on-chain transactions, thereby tracking down criminals.

Typical case: Mentougou hackers laundered coins. Of course, it took the hacker Alexander Vinnik a long time to launder coins, but he was eventually caught in 2017.

2. Extorting cryptocurrency by threatening exchanges

After stealing cryptocurrencies, some hackers may not perform complicated laundering operations, but instead use these cryptocurrencies to further threaten exchanges and force them to pay ransom. The idea of ​​hackers who do this is actually very simple. On the one hand, they want to quickly obtain funds, and on the other hand, they want to reduce their own risks and avoid other losses, such as forks.

Blackmailing exchanges is a good way for hackers. It simplifies possible complex problems in the future and avoids being tracked. The risk is much smaller than laundering, but it also reduces their profits. At the same time, for exchanges, it is actually a way to pay money, so in most cases, exchanges will choose to pay the ransom.

However, this method also has certain risks for exchanges, that is, whether hackers will keep their promises. For hackers, since they can steal coins, there is basically no trust in them. If hackers do not keep their promises, the ransom paid by the exchange may be taken away again. In this case, it is like throwing meat buns at a dog, which will never come back.

The most typical case here is the theft of Bter's FutureCoin. During the whole process, Bter bargained with the hacker and missed the best opportunity. This was because Bter did not trust the hacker. Of course, the hacker repeatedly broke his promise and only returned part of the FutureCoin.

Negotiations between Hackers and BitTorrent (Part 1)

If this happened now, it would be much easier to deal with. The hacker could cross-chain and exchange Bitcoin for Bitcoin tokens on other Ethereum chains, and then make an on-chain smart contract with BitTorrent, which would perfectly solve the entire extortion process. However, this incident happened in 2014, so we can only say that it was bad luck.

3. Raise the price of small currencies + sell at high prices to make a profit

This method is a new way for hackers to transfer assets. In recent years, most exchanges have paid more attention to security, so it is more difficult to steal the corresponding digital currency. Therefore, in most cases, even if hackers steal accounts to withdraw money, they will trigger risk control and cause the withdrawal to fail, especially the current three major exchanges, which are actually relatively safe.

However, even if the coins cannot be withdrawn, hackers can still use other methods to make profits. The simplest and most effective method here is to use the stolen account to pull the market + ambush high-level shipments or use the stolen account to dump the market and the hacker to short sell. The most typical case is the theft of Binance user accounts. The cause of this incident was that some large Binance users used API to trade, but were stolen. Then the hacker took control of the large account immediately. However, because withdrawing the coins would trigger risk control, the hacker did not withdraw the coins. Instead, he used a large fund account to buy an unknown small currency VIA, causing VIA to rise rapidly in a short period of time.

Before pushing up the price, the hacker ambushed VIA in advance, and then used the stolen account to push up the price, allowing his own account to sell at a high price. This completed the arbitrage process, and the hacker made a lot of money and was able to get away with it.

Of course, this is mainly caused by the fact that users do not keep their account passwords and other information properly, which gives hackers an opportunity to take advantage of it. This reminds us that we must always keep our accounts safe. Google verification codes, emails, and text messages are all necessary. At the same time, we must also pay attention to security, do not use software from unknown sources, and set passwords as securely as possible. Unless you are a professional user, try not to activate the API account function.

4. Forms of DEFI and DEX

Regarding the use of DeFi applications to launder dirty coins, we have also introduced an article, which mainly talked about the use of Uniswap to launder funds. Of course, a month later, hackers really began to use the Uniswap tool. This time, the hackers behind Kucoin are currently using this method.

After stealing a large amount of Ethereum and related tokens, the hacker first planned to transfer the coins to the exchange, but found that several exchanges were able to lock the funds and freeze the relevant accounts in the first time, so the hacker's first step failed. It was the long-term cooperation between exchanges that made it more difficult for the hacker to cash out.

Eventually, the hacker prepared to start exchanging other tokens for Ethereum in Uniswap. At present, several token project owners are preparing or have already upgraded their contracts, making it impossible to cash out the coins in the hacker's hands. This reduces the amount of losses this time and prevents the market from being adversely affected by the crash.

However, there are still some coins that have not been frozen, and hackers are still gradually exchanging the coins in Uniswap. In other words, using Uniswap in this way is still useful for hackers.

Of course, it is not just Uniswap. In many DeFi applications, there are unpredictable regulatory risks. These are beyond the scope of regulation and are not subject to legal constraints. Therefore, if an exchange is stolen in the future, DeFi applications, especially various swaps, may be necessary tools for hackers. Therefore, this leads to the risk of DeFi applications being exploited by criminals in the future, which is also something that future regulators need to consider.

Summarize

Any code may have security vulnerabilities, but most of us may not know about it at present. Every hacker theft is actually a blow to the digital currency industry. However, from the development history of hacker theft to laundering, the defense measures of exchanges are constantly upgraded, and the hackers' laundering methods are not far behind. This is a competitive process.

This time, the exchanges and project parties fully cooperated, freezing accounts and upgrading contracts, which gave us a glimmer of hope. Although this may not be a big deal for the large amount of stolen funds, it does represent a certain progress in the industry to some extent. As long as we cooperate, even if hackers steal coins in the future, they may be able to recover the funds through various means. This is also a way for the currency circle to make progress.