Hackers Exploiting Centralized Exchanges

While CEX may block hackers’ funds, they might still feel slightly more secure by leaving a smaller footprint on the blockchain.

The proliferation of crypto hackers funding their attacks through centralized exchanges is a source of increasing concern.

Before perpetrators can finance the transaction fees required to execute attacks, they must fund their purses. Nevertheless, in light of the openness exhibited by a public ledger, they are compelled to contemplate methods to accomplish this without establishing a connection between themselves and criminal activity.

When concealing one’s activities, Tornado Cash was the prevailing method employed by both cybercriminals and privacy advocates.

Presently, it seems that hackers frequently circumvent the know-your-customer (KYC) procedures of exchanges to finance their accounts.

Methods of Funding: Hackers’ Evolving Tactics

Analysis of funding sources for recent attacks by blockchain monitoring firm Forta Network reveals that just under half of the examined breaches are now financed by the hacker’s preferred Tornado Cash, with centralized exchanges (CEXs) providing funds in one-third of the cases.

Additional funding sources comprised Railgun’s innovative privacy tool and the “middleware operations software” UnionChain, each contributing 6.7%. Furthermore, cross-chain exchanges facilitated by the Squid router accounted for 3.3%.

The dataset comprises addresses that were employed in thirty recent flash-loan attacks. Among these are the addresses utilized in a convoluted $48 million hack of decentralized exchange KyberSwap in November, consecutive assaults on Arbitrum projects Radiant Capital and Gamma Strategies, and a $1 million governance attack on NFT project Loot that was thwarted last month.

Even though Tornado Cash remains the primary funding source for on-chain breaches, the process of withdrawing funds has become more complicated for hackers since August 2022, when the US Treasury imposed sanctions on the cryptocurrency mixing service.

In the aftermath of the sanctions, exchanges typically identify addresses that have come into contact with ‘tainted’ funds originating from the mixer, rendering it an unsuitable option for converting illicit gains to fiat currency.

A recent article from 404 Media asserts that the author bypassed Know Your Customer (KYC) checks on OKX, the funding source of one of the attacks analyzed by Forta, using a $15 AI-generated false ID from the website OnlyFake.

Using these artificial intelligence (AI) tools, hackers don’t have to purchase compromised credentials or “fullz” on the darknet; instead, they can quickly create an entirely new user account and accompanying documentation.

The fact that such a large percentage of attacks are exchange-funded demonstrates how simple it has become to circumvent Know Your Customer (KYC) procedures; this trend is likely to continue as similar tools become more prevalent.

Although there is a possibility that the CEX will block the hackers’ funds, they may feel marginally more secure by leaving a smaller imprint on the blockchain.

Doing business in disguise as a KYC check may pose a challenge for the cryptocurrency sector due to the avarice of hackers. Still, the issue is specific enough to spread to numerous other industries.

Confoundingly, the future may hold the key to resolving such challenges through the pervasive implementation of cryptographic proofs, the underlying technology of cryptocurrencies.

Nevertheless, there are valid concerns regarding the extent to which exchanges genuinely assume responsibility and the true stringency of Know Your Customer (KYC) controls.