Exploit radar: LCX Hot Wallet Hack
LCX, a Liechtenstein-based exchange announced late on January 8th that it had suffered a hack to one of its hot wallets. In an announcement released by LCX, the stolen funds were reportedly drained from this LCX hot wallet and transferred to a single address controlled by unknown hacker(s).
The hacker(s) struck January 8, 2022, swiping funds from LCX at 10:23 pm GMT. In under an hour, the hackers swept out LCX, USDC, SAND, LINK, QNT, ENJ, ETH, and MKR. The hackers then moved to convert stolen assets to ETH utilizing several popular DeFi services. For example, the $3.4+ million USDC stolen in the hack was converted to native ETH within 16 minutes. In total, all stolen funds were converted within 45 minutes of the first outbound transfer.
By 11:12 pm GMT, the hackers swiftly moved converted ETH to Tornado.Cash, a mixing service often used to anonymize stolen assets on the Ethereum blockchain. Interestingly, the hackers used the 100, 10, and 1 ETH contracts on Tornado, a move that was not necessarily required arithmetically. In total, the operation from theft to deposit at Tornado was complete within 1.5 hours of the initial hack, earning the hackers roughly $5.33 million per hour. TRM will continue to monitor the flow of funds to support fund recovery efforts where relevant.
About Tornado Cash
Tornado Cash is a decentralized, non-custodial privacy solution that is built on Ethereum, which allows users to send ETH and ERC-20 deposits through its smart contract service. As an Ethereum privacy solution, Tornado Cash uses Zero-Knowledge Proofs (ZKPs) which allows for verification that a payment transaction has occurred without revealing it. Tornado Cash provides the service of ‘mixing’ deposited funds to obfuscate the provenance, possession, and movement of cryptocurrencies.
About LCX
LCX Exchange was founded in 2018 as a centralized exchange, registered in Liechtenstein under LCX AG. LCX targets professional investors, however, it does not allow US investors to trade on its platform. The LCX blockchain ecosystem provides a crypto custody service called the LCX Vault, a crypto exchange, a DEX, Tiamonds, and its own ICOed LCX Token.
About TRM Labs
TRM Labs is the only blockchain intelligence tool with cross-chain analytics, which enables investigators to view cross-chain swaps and multiple flows within one graph. Investigators can move seamlessly across blockchains to trace the flow of funds, visualize multi-layer relationships and drastically reduce investigation time with our proprietary technology for automated tracing.
For more information, or to report leads, contact us at investigations@trmlabs.com. Subscribe to our weekly insights here.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.