The hackers who back in September stole an estimated $200 million from Singapore-based cryptocurrency exchange KuCoin have started moving stolen funds to a coin mixer, a service that hides the origins of funds.
Larry Cermak, Director of Research at The Block, spotted the move and wrote about it on microblogging platform Twitter. In batches of 100 ether ($41,600) the hacker sent a total of about 3,000 ether ($1.25 million) to TornadoCash, a coin mixer based on the Ethereum network.
Cermak then detailed that this wasn’t the first time the hacker moved the funds to TornadoCash, as they did the same thing before from other addresses, and not the public one the stolen funds were parked at.
The analyst recapped that the hacker stole millions in ether and ERC-20 tokens from KuCoin, and then proceeded to convert the permissionless ones to ETH using decentralized exchanges Uniswap and Kyber. The stolen ether was then dispersed to multiple addresses on the blockchain.
The move to TornadoCash shows the hacker is actively trying to “clean” the funds and mask their true origin, presumably in a bid to later move them to a cryptocurrency exchange and cash them out, without being identified.
Cermak added, however, that given the amount of funds on TornadoCash’s pool and the amount in the hacker’s wallets, there is a chance the hacker could make things easier for law enforcement and leave traces on the blockchain.
The hacker seems to have stopped moving funds to the coin mixing service after moving $1.25 million to it, and still has 8,517 ether in its wallet at press time, worth over $3.5 million. It’s worth noting the stolen funds are on other addresses as well.
After KuCoin was hacked, several small cryptocurrency projects have either frozen or invalidated the funds the hacker managed to steal from KuCoin in a bid to stop them from laundering the funds. Ocean Protocol, for example, revealed 21 million tokens worth over $8.6 million were stolen, and that as a first measure it paused the OCEAN contract.