The surge in crypto hackers utilizing centralized exchanges as a financial hub for their illicit activities has raised significant alarm within the cybersecurity community.
To execute their attacks, crypto hackers must grapple with the challenge of funding their wallets while evading the watchful eye of a transparent public ledger. Tornado Cash, once hailed as the go-to tool for covering one’s digital tracks, has witnessed a decline in its dominance.
Recent analysis by blockchain monitoring firm Forta Network reveals a shifting landscape, with hackers increasingly circumventing exchanges’ stringent know-your-customer (KYC) protocols when fueling their accounts.
Crypto Hackers funding source
Tornado Cash, formerly the industry standard, now accounts for less than half of the attacks scrutinized by Forta. Surprisingly, funds sourced from centralized exchanges (CEXs) contribute to a third of the cases. The funding mosaic includes other avenues such as the privacy tool Railgun and middleware operations software UnionChain, each comprising 6.7%, along with 3.3% from cross-chain swaps via Squid router.
This analysis focuses on 30 recent flash-loan attacks, encompassing high-profile incidents like the $48 million heist on decentralized exchange KyberSwap, successive assaults on Arbitrum projects Radiant Capital and Gamma Strategies, and the thwarted $1 million governance attack on NFT project Loot.
While Tornado Cash remains a dominant force in on-chain hacks, complications arise for hackers seeking to cash out following the US Treasury’s sanctions on the crypto mixing service in August 2022. Exchanges now flag addresses associated with ‘tainted’ funds from the mixer, rendering it an impractical choice for converting ill-gotten gains into fiat currency.
In a peculiar turn of events, a recent report from 404 Media claims successful KYC checks on OKX, a funding source for one of Forta’s studied attacks, using a $15 AI-generated fake ID from a site named OnlyFake. This approach sidesteps the need for acquiring stolen credentials from the darknet, allowing crypto hackers to conjure a fictitious identity and accompanying documentation effortlessly.
The prevalence of exchange-funded attacks underscores the growing ease of evading KYC procedures, a trend likely to persist with the expanding use of similar AI tools. Although crypto hackers risk having their funds blocked by CEXs, the appeal lies in leaving a less conspicuous on-chain trail.
While evading authentic KYC checks presents a challenge for the crypto industry, the implications extend to other sectors. Ironically, the cryptographic proofs underpinning cryptocurrencies may ultimately provide a solution to these challenges.