Upbit exchange was hacked on November 27, 2019 resulted in ETH 342 000 being stolen. Since then, more than ETH 236 000 was laundered through various crypto exchanges during the months of December and January, the rest has been sitting idle on hackers’ wallets until recently.
Few days ago, Clain was alerted that the stolen funds started moving again, and by May 15 an additional amount of ETH 70 000 were channeled.
Using its proprietary compliance and investigation platform, Clain has looked into the case to detect specifically where the stolen funds were moving to.
Below is a funds flow chart of the hacker wallet comprised of thousands of ETH addresses used to launder:
We have detected that the most recent attempt to launder the stolen funds involved a number of prominent, well-known exchanges. Until now, over 85% of the funds are successfully defined by the Clain platform, to be flowing into exchanges such as Binance, Huobi and OKex.
In below graph you see the timeframe with cumulative ETH amounts rushing to major exchanges:
Analyzing further hacker-controlled wallets we have detected that it was trying to obfuscate stolen funds via Tokenlon wallet exchanging it to USDT and other stable coins but failed as it mixed laundered money with illicit sources.
Here is a complete view of the incoming and outgoing flows of Upbit Hacker wallet since May 1 to May 15:
The entire distribution of May launder funds along with the recipient names can be observed here:Influx of funds to top 4 Exchanges and Byex as a proxy to Huobi in May
Interesting fact though to note is that, as soon as the crypto exchanges became largely aware of the influx of Upbit tinted money, some have announced of freezing accounts to cease the launder. However, looking further into deposit addresses the hacker used to send money to, we noted that there is only a small fraction of newly created addresses, the majority is t...