Over the weekend, attacks were carried out both on a centralized exchange (CEX), KuCoin, and on a decentralized exchange (DEX), TrustSwap.
Or rather, in the latter case, it was not a real attack, but criminals used the platform to execute their exit scam.
Attacks exchanges: KuCoin loses $200 million
The attack on KuCoin involved a million dollar theft, slightly under $200 million, mostly in ETH and ERC-20 tokens, but also:
- 1008 bitcoin (BTC), worth over $10 million;
- 26 thousand Litecoin (LTC), worth over $1 million;
- 18 million Ripple (XRP), worth $4.5 million;
- 14 thousand Bitcoin SV (BSV), worth over $2 million;
- 9.5 million Stellar (XLM), worth about $700 thousand;
- 228 million Tron (TRX), worth over $6 million;
- USDT on EOS and OMNI for a value of about 14 million dollars.
These are impressive figures and show how many addresses of different blockchains have been attacked, suggesting that this attack has been prepared long ago and in detail, so not exploiting some last-minute mistake.
The funds have been partially frozen by several players in the sector. Bitfinex has frozen 13 million USDT on EOS, while Tether has frozen 20 million USDT on Ethereum, as explained by the CTO of Bitfinex, Paolo Ardoino.
PSA: re #KuCoin hack@bitfinex froze 13M Tether USDt on EOS as part of the hack@Tether_to just froze 20M Tether USDt sitting on this Ethereum address https://t.co/GYmESH44da as precautionary measure.
Stay safe everyone!
— Paolo Ardoino (@paoloardoino) September 26, 2020
So at least 16% of the funds have been blocked.
The good news is that KuCoin has an insurance fund that will cover users’ losses, so they will be able to reuse the platform within a week, as it is currently on hold to prevent criminals from continuing the attack.
The attack on the TrustSwap DEX
Turning instead to the sad episode involving the TrustSwap DEX yesterday, the problem was very serious because the HatchDAO team used the TrustSwap system in which the tokens of the HatchDAO team were blocked.
The announcement was made by the TrustSwap team itself.
But it wasn’t until the weekend that the retraction came, so the TrustSwap team did the right thing, but not HatchDAO which turned out to be a scam.
In this case, because we are talking about a decentralized exchange (DEX), in practice the criminals used the platform to create a pool with tokens, and they made the pool grow, until they withdrew the liquidity by taking all the tokens and leaving a virtually unusable pool.
As a result, the growth in this area of DeFi is starting to pull in criminals who very often duplicate famous protocols and then perform an exit scam.
In fact, one must always be alert to problems and keep in mind the negative aspects that liquidity pools have.