The flow of funds indicates that $22.4 million worth of crypto stolen from liquidity provider Kronos Research originated from Binance.
Posted November 21, 2023 at 1:19 am EST.
Kronos Research, a liquidity provider and market maker for the WOO crypto exchange, fell victim to a hack over the weekend where it lost an estimated $25 million worth of crypto.
In a tweet late on Sunday, the Kronos team said it had paused all trading due to a security breach which compromised its API keys. Blockchain sleuth ZachXBT traced the activity to find that around 12,800 ETH worth $25 million was stolen by the hacker.
Looks possibly like $20.3M+ (12800+ ETH)
0x2b0502FDab4e221dcD492c058255D2073d50A3ae pic.twitter.com/sLnFA0VXhk
— ZachXBT (@zachxbt) November 18, 2023
The attack significantly impacted WOO, the exchange incorporated by the Kronos incubator and relies on Kronos almost exclusively for market making activities.
After briefly disabling certain trading pairs, WOO has now resumed all services, according to a tweet from a member of WOO’s team, who assured users that the network’s capital was not affected and all funds remained intact.
what a morning…
all services back now after WOO got DDOS attacked following one of our main MMs pausing trading due to a security event. liquidity to normalize for spot first then perps
user funds not affected, woo network capital not effected
withdraws are open but…
— jt (@bitManna) November 19, 2023
Blockchain research firm X-explore analysed the flow of funds on Monday and found that $22 million of the funds that were stolen from Kronos came from major crypto exchange Binance.
Kronos Research’s stolen funds mainly came from exchanges, with over $22 million withdrawn from Binance. Hacker’s funds flow is CEX -> Kronos Research -> Hacker. The reason why hackers did not directly withdraw funds to their own addresses may be due to the exchange’s withdrawal… pic.twitter.com/dfwvhJcmOD
— X-explore (@x_explore_eth) November 20, 2023
“The reason why hackers did not directly withdraw funds to their own addresses may be due to the exchange’s withdrawal whitelist mechanism, and the hackers happen to have control over these three addresses on the whitelist,” said X-explore in a tweet.
At the time of writing, the native token of the WOO network was trading at $0.23, down around 4% over the last 24 hours.