Upbit hackers may be using Railgun to mix funds. Despite Mixer’s checks, the hacker’s address was not flagged and the transaction was allowed to proceed.
On-chain analysis revealed addresses linked to the Upbit hack using the Railgun mixer. The mixer performs a zero-knowledge check on the source of the funds. However, this time no check was made. block the funds From mixing.
Upbit has been hacked for a long time $36 millionSolana’s assets are over $30 million. Multi-chain attacks resulted in instant exchange and movement of funds between wallets.
The hackers sold most of their assets, especially Solana-based tokens, almost immediately. On-chain investigator @Detective It noted that the sell-off affected the volume of decentralized markets. The day after the hack, the exploiter’s wallet exchanged Solana tokens for SOL. SOL was then traded with USDC and the stablecoin was bridged to Ethereum for commingling.
In total, the hackers held more than 533 ETH, with a value of approximately $1.6 million, excluding fees. The migration to Ethereum and subsequent mixing is a pattern typically attributed to North Korean hackers.
Upbit also added new information about the hack. According to statement According to the exchange, this exploit may be due to a flaw in the exchange’s internal systems, which has been patched. Upbit said hackers could have guessed the private keys from publicly available hot wallets due to predictable key hashes and weak encryption.
Railgun lacked up-to-date information about hacker wallets
Railgun’s approach is to test each user’s wallet against a constantly updated database for malicious actors. In this case, the hacker’s complete list of addresses was very recent. Additionally, the exploit went through multiple direct DEX swaps, where some of the funds were transferred to a new wallet. Therefore, the data available to Railgun is old and the hacker’s latest wallet passed the test.
The last intercepted wallet laundered the sum 410 Ethereum. The new address was created just hours after the hack and was briefly used as an intermediary. Rapid changes in wallets also circumvented Railgun’s filters.
Railgun used for DeFi activities
Railguns have gained popularity amid a recent resurgence in privacy narratives. Railgun expands its asset pool and $95 million The increase in value signals increased interest as Mixer’s third-quarter fees reached $1.31 million.
The use of mixers has increased in the last year. Tornado Cash previously saw only baseline activity, but its value has increased pegged to a new peak. The mixer holds over 32,000 ETH after multiple high-profile exploits.
Tornado Cash has recorded a record number of ETH in reserves due to increased demand for privacy. |Source: Dune Analytics
The native RAIL token has also risen over 200% in the past three months, $3.26. Railgun mirrors the success of ZCash and other privacy tokens and is promoted by Vitalik Buterin.
Railgun is not the go-to tool for hackers and abusers. Rather, it was a general privacy tool for normal transactions. Cryptocurrency influencers and celebrities value privacy as even transaction data can lead to tracking and price fluctuations.
However, you can also track railgun usage. Additionally, hacker addresses can use tools to test which wallets are flagged by Railgun. This allows hackers to keep the proceeds of their exploits hidden, making most of them untraceable.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
