Kucoin’s $281 mln Hack Linked to North Korea, Chainalysis Says Tracking Cybercimes on DeFi Difficult
While it wasn’t sure who was behind the attack at the time, the Democratic People’s Republic of Korea (DPRK) has now been accused by UN monitors of stealing $281 million worth of assets from a cryptocurrency exchange – supposedly Kucoin – to circumvent sanctions to continue its nuclear and ballistic missile programs.
North Korea has been subjected to U.N. sanctions since its first nuclear test in 2006.
The preliminary UN inquiry into the theft of last September “strongly suggests” links to North Korea, the report says. Though it did not name Kucoin as the victim of the attack, the exchange reported $281 million stolen in bitcoin and various other tokens on Sept. 25 and a subsequent one last October in which $23 million was stolen.
“According to sources familiar with both hacks, the attackers exploited ‘defi’ protocols — i.e., smart contracts that facilitate automated transactions,” the U.N. report states. It adds that according to one member state, the DPRK’s total theft of virtual assets, from 2019 to November 2020 was approximately $316.4 million.
“Preliminary analysis, based on the attack vectors and subsequent efforts to launder the illicit proceeds, strongly suggests links to the DPRK,” the monitors wrote, noting that North Korea has generated an estimated $2 billion through cyberattacks – which unverified claims by some experts have estimated is a main criminal activity that the the country relies on for up to 15% of its income – to steal from banks and cryptocurrency exchanges, the monitors reported in 2019.
Cryptocurrency investigation firm Chainalysis, which still has all addresses identified so far as belonging to the hackers of all funds stolen labelled, shows that 1,008 BTC ($10,758,404.86), 11,543 ETH ($4,030,957.90), 19,834,042 USDT-ETH ($19,834,042.14) and 18,495,798 XRP ($4,254,547.54) were among the stolen assets.
However, as the firm tries to show how the KuCoin hackers have thus far attempted to move and launder stolen ETH and ERC-20 tokens, it found that the “case study shows the difficulties that arise for investigators when cybercriminals use DeFi platforms.”
As global interest in decentralized finance (DeFi) peaks, with over $1bn USD value locked in related blockchain projects, so are their security vulnerabilities increased. Like in April 2020 when five DeFi security incidents happened, several questions have been asked about to what could be done to protect DeFi assets.
Chainalysis faced a related challenge as it explains that how the hackers sought to use DeFi protocols to launder their stolen ETH and ERC-20 tokens. They used platforms like Uniswap and Kyber, as decentralized exchanges which don’t take custody of funds, to exchange the tokens for greater privacy and security without having to provide KYC (know-your-customer) information or the trades being recorded in an order book.
“By using DEXs, the hackers were able to swap their stolen funds into new types of cryptocurrency without having to go through regulated exchanges who had flagged their addresses and would have required them to submit KYC information. It’s estimated that the hackers sold at least $13 million worth of ERC-20 tokens before the majority was frozen by the underlying smart contracts. In addition, some transactions were reversed via forking.”
The investigation firm promises to provide further updates on the stolen funds as they become available.