An ethereum dapp that describes itself as “the decentralized Ocean data sharing network” turns out to not be very decentralized.
“On Sep 25/26, over $150M worth of tokens were stolen from KuCoin exchange, and as part of the theft, over 21M Ocean, worth over $8.6M, were taken,” they say, further adding:
“Since yesterday, we have been working to find a solution and ongoingly consulting with KuCoin.
As a first action to protect Ocean token holders, we have paused the OCEAN contract. We will update the community with more information in the coming hours.”
The hot wallet of the Asian exchange Kucoin was hacked in still unclear circumstances. Following it, Tether froze some $20 million USDt residing in the hacker’s known address.
Online commentary wondered why the hackers had not shifted through Uniswap. That’s what they did, selling chunks of 10,000 Ocean tokens on Uniswap.
That reduced the price by about 10% even though it was just 200,000 tokens out of some 20 million. So the project has now taken the unprecedented step of just freezing the contract.
The problem is there’s significant liquidity in the Uniswap market, much of it from ordinary users, with it unclear what happens to them now as the token has been frozen.
Uniswap as you might know is all on the blockchain, so the hacker can exchange assets, but all can see what he is doing and where these assets are going.
Presumably however his aim for now is to not be frozen out rather than to cash out undetected.
His address shows he has some Ampleforth, a bit of Synthetix, a small amount of Compound, as well as many other obscure tokens and twitter bannable tokens.
He might try and turn these into eth which doesn’t have a backdoor like this Ocean contract, but still can freeze his address if the entire network upgrades.
Such freeze would just deny him the assets. It wouldn’t bring them back to the rightful owners. So this is more a case for competent authorities to follow this guy and catch him after he slips somewhere. Then the assets can be returned.
Kucoin is incorporated in Seychelles, but they’re a South Korean exchange with it unclear whether South Korea’s authorities have developed the capabilities.
If this was a European exchange, Europol would probably have taken over by now and you’d think would have wanted to show its worth.
In America there would be an alphabet of agencies which do generally have the capabilities, but by comparison South Korea is small with it unclear whether they’ve had the resources to have some of their boys specialize in this sort of thing. So they might need some help.