Kucoin, a well-known cryptocurrency exchange, was recently hacked. It lost more than 150 million USD worth of funds. The perpetrator used Tornado Cash, a noncustodial mixer, to anonymise some of the stolen proceeds. Unfortunately for the hacker, an analysis of on-chain activity reveals information that could lead to their identification. In this post, I will describe how the hacker deposited a large amount of ETH into Tornado Cash. I will then present an analysis of Tornado Cash withdrawals to identify a number of addresses which the hacker probably owns. This information may help to bring them to justice.

Image for post
Image for post
Source: Pixabay

The hacker’s deposits

On 26 September 2020, a hacker moved large amounts of ETH, ERC20 tokens, and other cryptocurrencies of Kucoin’s hot wallets. Subsequently, the hacker swapped many ERC20 tokens for ETH using Uniswap and deposited the ETH into Tornado Cash’s 100 ETH and 10 ETH contracts. …

In early March 2020, I announced a series of computational steps that would create a random value which we would use to start phase 2 of the multi-party setup ceremony for the Semaphore zk-SNARK circuit (read this blog post to learn more about it). …

Image for post
Image for post
A train signal. Source: Wikimedia

We are excited to announce that Semaphore, a generic privacy layer for Ethereum applications based on zk-SNARKs, has been fully audited and is now available for developers to build upon. This open-source library allows any user to signal their endorsement of an arbitrary string, revealing only that they have been previously approved to do so, and not their specific identity. Developers can use it to build distributed applications such as mixers, anonymous voting, and whistleblowing platforms (read more here). Semaphore can also be applied off-chain for anonymous authentication and rate-limiting spam prevention.

As Semaphore is open source and generic, developers can save time otherwise spent on writing and auditing code to produce zero-knowledge proofs, which require deep expertise. Additionally, Semaphore saves teams the trouble of performing their own zk-SNARK trusted setup, as the Semaphore team will soon complete a multi-party trusted setup and make all required files freely available. …


Koh Wei Jie

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store