Liquid Hack: What We Know a Few Days After the Hack

Key takeaways:

  • On Aug. 19, Liquid exchange announced it had suffered a hack on its Twitter account.
  • The exchange reported several addresses linked to the hack and is investigating the funds’ movements.
  • The hacker is depositing the funds on several crypto platforms.

Liquid exchange hacked: what happened?

On August 19, Liquid, the Japanese crypto-fiat exchange platform announced on its Twitter account1 it has been hacked for over $90 million in BTC, TRX, XRP, ETH, and ERC-20 tokens. According to the announcement, the exchange’s hot wallets have been compromised and the Liquid team proceeded to move funds to cold storage.

The exchange also reported several crypto addresses linked to the hack and said it was investigating the funds’ movements. During the investigation process, deposits and withdrawals have been halted on the exchange platform.

The Japanese exchange worked with other crypto platforms to freeze and recover the funds. Kucoin’s CEO announced the exchange has blacklisted the hacker addresses2. Kucoin had also been targeted by a hack in late 2020.

This hack just followed the massive Poly Network hack that took place earlier this month, siphoning more than $600 million; the largest DeFi hack to date. However, all the funds have been sent back to Poly Network. (Read more: Poly Network hack: the largest DeFi hack to date. How to monitor the funds?).

Analysis of the hacker addresses

The first batch of addresses initially reported by Liquid included the following 4 crypto addresses:

  • BTC: 1Fx1bhbCwp5LU2gHxfRNiSHi1QSHwZLf7q (received 107 BTC);
  • ETH: 0x5578840aae68682a9779623fa9e8714802b59946 (received around $60 million in ETH and ERC-20);
  • XRP: rfapBqj7rUkGju7oHTwBwhEyXgwkEM4yby (received more than 11 million XRP)
  • TRX: TSpcue3bDfZNTP1CutrRrDxRPeEvWhuXbp

What’s interesting is that the hacker used centralized exchange platforms (CEXs) to deposit some of the stolen funds. The hacker could thus be identified if he/she passed KYC procedures when registering on the platforms.

For example, according to Liquid3, the hacker deposited the stolen XRP to centralized exchanges such as Huobi or Poloniex and then changed it to BTC sent on 2 identified addresses. For now, the funds are still sitting on the addresses:

  • 12PKkwoFkXp6JtN7roWRA2gSitE6nVDds4 (92 BTC); and
  • 1JW1tcBXp1vZ6KGEirFNSXb5RgZSaL63Av (100 BTC)

The hacker is also using a mixing service and sent more than 9,000 ETH from the address 0x5578840aae68682a9779623fa9e8714802b59946 to Tornado.cash mixer. Mixers are used to obfuscate the origin of funds and once coins reach a mixer, it is very difficult to trace them.

Besides, if we look at another Ethereum address reported by Liquid4 (0xff0f573bdf4c23e41ea3ecd82efa66828706b711), we can see that the hacker is using decentralized exchanges (DEXs) such as Uniswap to swap tokens to ETH as shown below.

Swap through Uniswap DEX on Scorechain Ethereum platform

Scorechain platform can read through DEX trades and identify if ill-gotten coins have been swapped for other coins. If so, the swapped coins remain tainted on the platform and the user can easily follow the funds flows. (Read more: Scorechain New Feature Can Trace Kucoin Hackers Funds Transfer via DEX)

Are crypto funds easy to launder?

Crypto funds related to hacks represent higher ML/TF risks. Hackers can use several methods to try to launder stolen crypto such as mixers or DEXs. However, it’s getting difficult to launder the proceeds of crypto crimes as a growing number of countries are implementing crypto AML/CFT regulations.

This shows the importance of having AML/CFT processes and blockchain analytics tools in place. Such tools allow companies operating with cryptocurrencies to monitor funds and identify risks. This is how these companies can ensure they remain compliant with the evolving crypto regulations worldwide.

Scorechain helps more than 100 companies to comply with regulations worldwide thanks to its holistic crypto AML and blockchain analytics software. You are a company operating with cryptocurrencies and you need to comply with crypto AML requirements? Discover how Scorechain can help you, don’t hesitate to contact us and try out the solution.

About Scorechain

Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance since 2015, the Luxembourgish company serves more than 100 customers in 37 countries, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets customers onboarding, audit and law firms and some LEAs.

Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger and Tezos. The software can de-anonymize the Blockchain data and connect with sanction lists to provide a risk scoring on digital assets transactions, addresses and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.


References:

  1. https://twitter.com/Liquid_Global/status/1428176357515612165
  2. https://twitter.com/lyu_johnny/status/1428194809575968769
  3. https://twitter.com/Liquid_Global/status/1428248815723819012?s=20
  4. https://blog.liquid.com/warm-wallet-incident