SudoRare Pulled the Rug for $820,000. How Will Kraken Respond?
SudoRare pulled the rug on its community for $820,000 early Tuesday. On-chain data suggests that at least one of the attackers has interacted with Kraken in the past.
- The team behind the decentralized NFT exchange SudoRare stole $820,000 from its community then deleted its online presence early Tuesday.
- One of the wallets used in the attack was funded through Kraken, a regulated cryptocurrency exchange with mandatory KYC checks, on August 21.
- Kraken now faces a decision on how to respond to the developments.
Share this article
As a U.S.-based regulated exchange, all Kraken customers are required to submit identification as part of mandatory “Know Your Customer” checks.
SudoRare Attack Demands Answers
The team behind the SudoRare NFT exchange stole $820,000 and vanished early Tuesday, but thanks to the public nature of the blockchain, the attackers left an on-chain paper trail of their transactions before they disappeared.
As blockchain security firm PeckShield noted Tuesday, at least one of the assailants appears to have interacted with Kraken in the past. Etherscan data shows that an Ethereum wallet commencing 0x814 was funded through Kraken on August 21. That wallet transferred 0.28 ETH to 0xbb4 earlier today, hours before SudoRare withdrew $820,000 worth of WETH, XMON, and LOOKS and deleted its online channels. The 0xbb4 wallet was one of several addresses used during the attack, last seen transferring 173.1 ETH worth $283,000 at 06:37 UTC today. That suggests that the 0x814 Kraken-funded wallet may in fact belong to a member of the SudoRare team.
Under U.S. regulations, cryptocurrency exchanges like Kraken are required to complete “Know Your Customer” checks on all customers. Every Kraken customer has to submit identification before they can start using the service, and the exchange keeps a record of their activity. In other words, if the 0x814 wallet belongs to a member of the SudoRare team, Kraken may have details on their real identity.
This incident raises questions about how Kraken plans to respond. There are several possible scenarios that could play out.
If the exchange is confident that the user who funded the 0x814 wallet is responsible for the attack, they could choose to “doxx” them—Internet speak for revealing the assailant’s identity. However, this seems somewhat unlikely; cryptocurrency exchanges have previously held details of people who used their services to fund wallets linked to scams and criminal activity but none of them have ever gone public to the community with information on their identities. Plus, while Kraken CEO Jesse Powell may be outspoken, he doesn’t seem like the type to greenlight a plan to doxx someone without a very good reason.
The majority of the funds stolen in the attack are currently sitting on-chain in fresh wallets. However, if the owner of 0x814 has any other funds on Kraken, the exchange could also opt to freeze them. That also poses a question of how the exchange would use those funds—and whether it would consider reimbursing the SudoRare community.
The third (and most likely) outcome involves Kraken passing the details for the 0x814 owner to law enforcement. When crypto exchanges are embroiled in incidents such as the SudoRare attack, they tend to make internal investigations before working with the authorities. It’s then up to the authorities themselves to pursue a criminal investigation.
U.S. authorities have raised the stakes when it comes to dealing with crypto crime since activity in the space exploded over the past year, most recently highlighted by the Treasury Department’s unprecedented move to sanction Tornado Cash and its associated smart contracts. The Treasury’s Office of Foreign Assets Control cited its popularity among hacking syndicates like Lazarus Group as the reason for the blacklisting, prompting widespread criticism from a host of key industry figures.
Kraken CEO Jesse Powell, a Libertarian-leaning Bitcoin pioneer who’s previously spoken out against overreaching government sanctions, told Bloomberg TV that he thought that the Tornado Cash ban was unfair as all individuals “have a right to financial privacy.” The SudoRare incident could now put that idea to the test.
Crypto Briefing reached out to Kraken’s press team for comment, but had not received a response at press time.
Update: Kraken responded to Crypto Briefing‘s request for comment with the following statement:
“While Kraken can’t comment directly on any specific request, like all compliant crypto exchanges, we report suspicious activity and respond to law enforcement requests. We even publish a transparency report that describes our extensive work with law enforcement. Last year alone, Kraken responded to 2,453 information requests from law enforcement agencies in the US, UK, and Europe—up 130% from 2020. We take our role as the facilitator of a safe trading environment incredibly seriously and we will continue to work with our partners in the fight against fraud.”
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.