SudoRare Pulled the Rug for $820,000. How Will Kraken Respond?
SudoRare pulled the rug on its community for $820,000 early Tuesday. On-chain data suggests that at least one of the attackers has interacted with Kraken in the past.
Photo: David Paul Morris/Bloomberg
As a U.S.-based regulated exchange, all Kraken customers are required to submit identification as part of mandatory “Know Your Customer” checks.
SudoRare Attack Demands Answers
The team behind the SudoRare NFT exchange stole $820,000 and vanished early Tuesday, but thanks to the public nature of the blockchain, the attackers left an on-chain paper trail of their transactions before they disappeared.
As blockchain security firm PeckShield noted Tuesday, at least one of the assailants appears to have interacted with Kraken in the past. Etherscan data shows that an Ethereum wallet commencing 0x814 was funded by Kraken on August 21. That wallet transferred 0.28 ETH to 0xbb4 earlier today, hours before SudoRare withdrew $820,000 worth of WETH, XMON, and LOOKS and deleted its online channels. The 0xbb4 wallet was one of several addresses used during the attack, last seen transferring 173.1 ETH worth $283,000 at 06:37 UTC today. That suggests that the 0x814 Kraken-funded wallet may in fact belong to a member of the SudoRare team.
Under U.S. regulations, cryptocurrency exchanges like Kraken are required to complete “Know Your Customer” checks on all customers. Every Kraken customer has to submit identification before they can start using the service, and the exchange keeps a record of their activity. In other words, if the 0x814 wallet belongs to a member of the SudoRare team, Kraken may have details on their real identity.
This incident raises questions about how Kraken plans to respond. There are several possible scenarios that could play out.
If the exchange is confident that the user who funded the 0x814 wallet is responsible for the attack, they could choose to “doxx” them—Internet speak for revealing the assailant’s identity. However, this seems somewhat unlikely; cryptocurrency exchanges have previously held details of people who used their services to fund wallets linked to scams and criminal activity but none of them have ever gone public to the community with information on their identities. Plus, while Kraken CEO Jesse Powell may be outspoken, he doesn’t seem like the type to greenlight a plan to doxx someone without a very good reason.
The majority of the funds stolen in the attack are currently sitting on-chain in fresh wallets. However, if the owner of 0x814 has any other funds on Kraken, the exchange could also opt to freeze them. That also poses a question of how the exchange would use those funds—and whether it would consider reimbursing the SudoRare community.
The third (and most likely) outcome involves Kraken passing the details for the 0x814 owner to law enforcement. When crypto exchanges are embroiled in incidents such as the SudoRare attack, they tend to make internal investigations before working with the authorities. It’s then up to the authorities themselves to pursue a criminal investigation.
U.S. authorities have raised the stakes when it comes to dealing with crypto crime since activity in the space exploded over the past year, most recently highlighted by the Treasury Department’s unprecedented move to sanction Tornado Cash and its associated smart contracts. The Treasury’s Office of Foreign Assets Control cited its popularity among hacking syndicates like Lazarus Group as the reason for the blacklisting, prompting widespread criticism from a host of key industry figures.
Kraken CEO Jesse Powell, a Libertarian-leaning Bitcoin pioneer who’s previously spoken out against overreaching government sanctions, told Bloomberg TV that he thought that the Tornado Cash ban was unfair as all individuals “have a right to financial privacy.” The SudoRare incident could now put that idea to the test.
Crypto Briefing reached out to Kraken’s press team for comment, but had not received a response at press time.
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.