Concern over the quantity of cryptocurrency hackers funding their attacks through centralized exchanges is growing.
Stay in the know on crypto by frequently visiting Crypto News Today
Hackers must first fund their wallets in order to pay the transaction fees required to launch attacks. But since a public ledger is transparent, they must carefully consider how to accomplish this without becoming associated with the crime.
Tornado Cash was once the go-to method for erasing evidence, utilized by both privacy advocates and hackers.
CryptoCaster Quick Check:
It now seems that hackers frequently choose to fund their accounts by avoiding the know-your-customer (KYC) processes of exchanges.
According to an analysis of funding sources for recent attacks conducted by blockchain monitoring company Forta Network, Tornado Cash—the hacker’s preferred method of payment—now accounts for just under half of the hacks that were examined, with centralized exchanges (CEXs) providing funds in a third of the cases.
Additional funding sources included the 3.3% share from cross-chain swaps via Squid router, the 6.7% share from “middleware operations software” UnionChain and the innovative privacy tool Railgun.
The addresses in the dataset were used in 30 recent flash-loan attacks, such as the complex $48 million hack of the decentralized exchange KyberSwap in November, the simultaneous attacks on the Arbitrum projects Gamma Strategies and Radiant Capital, and the successful $1 million governance attack on the NFT project Loot last month.
The US Treasury imposed sanctions on the cryptocurrency mixing service in August 2022, which made it more difficult for hackers to cash out even though Tornado Cash is still the main source of funding for on-chain hacks.
When converting any illicit gains to fiat currency, addresses that have come into contact with any “tainted” funds from the mixer are typically flagged by exchanges following the sanctions, making it a bad option.
According to a recent article from 404 Media, the author passed KYC checks on OKX, the funding source of one of the attacks Forta investigated, using a $15 AI-generated fake ID from the website OnlyFake.
With the help of these AI tools, hackers can create a completely new person along with all of their accompanying documentation without having to buy “fullz” or stolen credentials on the darknet.
The high percentage of exchange-funded attacks demonstrates how simple it has become to get around KYC, a trend that is probably going to continue as more people use tools of a similar nature.
The hackers may feel somewhat safer leaving less of a trail on-chain even though they still run the risk of the CEX blocking their funds.
Although evading legitimate KYC checks could be a challenge for the cryptocurrency sector in terms of on-ramping hackers, the issue is certain to impact numerous other industries as well. Paradoxically, the technology that underpins cryptocurrencies—cryptographic proofs—may be the answer to these kinds of problems down the road.
For the time being, there are valid questions regarding the degree to which exchanges take their responsibility and the effectiveness of their KYC procedures.
If this article brought you clarity, insight, or value—support the work that made it possible.
At CryptoCaster, we report on Web3, crypto markets, and institutional finance with no billionaire owners, no shareholders, and no hidden agenda. While mainstream media bends toward Elon Musk, BlackRock, and JPMorgan narratives, we stay focused on what matters: truth, transparency, and the public interest.
We don’t just cover the headlines—we investigate the power structures behind them. From FTX and Ripple to the quiet push for CBDCs, we bring fearless reporting that isn’t filtered by corporate interests.
CryptoCaster is 100% paywall-free. Always has been. To keep it that way, we depend on readers like you.
If you believe independent crypto journalism matters, please contribute—starting at just $1 in Bitcoin or Ether. Wallet addresses are below.
Your support keeps us free, bold, and accountable to no one but you.
Thank you,
Kristin Steinbeck
Editor, CryptoCaster
Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.
Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
CRYPTOCASTER HEATMAP
