In one of the largest crypto hacks in recent times, Liquid, a Japanese crypto exchange, revealed it had been hacked losing tokens worth $90million. The hacker stole various tokens in the form of Bitcoin, Ethereum, XRP and various ERC20 tokens. A few days after the theft, it has been established the hacker is finding ways to cover their tracks.
Liquid has since disclosed through a tweet that it has found the various wallets in which the hacker deposited the stolen tokens. The exchange then went ahead to later explain they had stopped all withdrawals from the wallets and had reported the issue with the Monetary Authority of Singapore (MAS) as the country’s financial regulator.
Given that blockchain is public, anyone can view the details of the transactions on the various platforms. It doesn’t matter whether you are a sophisticated crypto analyst or a curious user, you can follow the movement of the token up to some point.
Many entities have been following the trail of transactions from the hacked wallet using Etherscan block explorer. One of these has established that the hacker transferred around 6,000ETH, currently worth over $19.7million, to Tornado.cash. This is a non-custodial mixer for ether and ERC20 tokens that helps users obscure their transduction details by combining their cryptos with those of others on the platform. Therefore, you cannot follow the trail anymore once it hits the platform.
How is tracking transactions helpful in the case of crypto exchange hacking?
The ability to track transactions on any blockchain network is one of its key security provisions. In case of exchange hacking, the platform can rely on the tracking options to understand where the stolen tokens are deposited.
In case the hacker transfers the tokens to a wallet within the exchange, they can promptly suspend it and stop all transactions. In the case of an external wallet, the platform can notify the used platform of which it will take an action. For example, in the case of the Liquid exchange, the hacker deposited some of the funds in a centralised crypto exchange (CEX) Huobi while the ERC20 tokens were transferred using Uniswap. Once notified, these platforms can block any further transactions from the wallets.
The tracking can also help identify the hacker. Generally, the tracking does not have personal details. It only provides the transaction details like the wallet address and amounts involved. Once there is information on the wallet, the transacting platform can find the transacting individual from the details given when opening an account. That explains why most regulatory provisions provide for Know-Your-Customer (KYC) protocols.
Is there a concern over the use of ETH mixers to hide funds?
In the earlier crypto days, there were concerns over the possibility of cryptos being used in illegal activities like money laundering and financing terrorists. However, most of these concerns were quelled over the transaction’s recordings on the ledger. There was always the hope that anyone can follow transactions and either stop them or find the ultimate beneficiary.
With the possibility of using mixers to hide funds comes another security for the crypto world. For now, the crypto exchanges and account holders must invest in security measures while the crypto industry looks for better solutions against the mixers.