Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Analysis » SudoRare Pulled the Rug for $820,000. How Will Kraken Respond?

SudoRare Pulled the Rug for $820,000. How Will Kraken Respond?

by

SudoRare pulled the rug on its community for $820,000 early Tuesday. On-chain data suggests that at least one of the attackers has interacted with Kraken in the past.

SudoRare Pulled the Rug for $820,000. How Will Kraken Respond?
Photo: David Paul Morris/Bloomberg

Key Takeaways

  • The team behind the decentralized NFT exchange SudoRare stole $820,000 from its community then deleted its online presence early Tuesday.
  • One of the wallets used in the attack was funded through Kraken, a regulated cryptocurrency exchange with mandatory KYC checks, on August 21.
  • Kraken now faces a decision on how to respond to the developments.

Share this article

As a U.S.-based regulated exchange, all Kraken customers are required to submit identification as part of mandatory “Know Your Customer” checks. 

SudoRare Attack Demands Answers 

The team behind the SudoRare NFT exchange stole $820,000 and vanished early Tuesday, but thanks to the public nature of the blockchain, the attackers left an on-chain paper trail of their transactions before they disappeared. 

As blockchain security firm PeckShield noted Tuesday, at least one of the assailants appears to have interacted with Kraken in the past. Etherscan data shows that an Ethereum wallet commencing 0x814 was funded through Kraken on August 21. That wallet transferred 0.28 ETH to 0xbb4 earlier today, hours before SudoRare withdrew $820,000 worth of WETH, XMON, and LOOKS and deleted its online channels. The 0xbb4 wallet was one of several addresses used during the attack, last seen transferring 173.1 ETH worth $283,000 at 06:37 UTC today. That suggests that the 0x814 Kraken-funded wallet may in fact belong to a member of the SudoRare team. 

Under U.S. regulations, cryptocurrency exchanges like Kraken are required to complete “Know Your Customer” checks on all customers. Every Kraken customer has to submit identification before they can start using the service, and the exchange keeps a record of their activity. In other words, if the 0x814 wallet belongs to a member of the SudoRare team, Kraken may have details on their real identity. 

This incident raises questions about how Kraken plans to respond. There are several possible scenarios that could play out. 

Kraken’s Move

If the exchange is confident that the user who funded the 0x814 wallet is responsible for the attack, they could choose to “doxx” themInternet speak for revealing the assailant’s identity. However, this seems somewhat unlikely; cryptocurrency exchanges have previously held details of people who used their services to fund wallets linked to scams and criminal activity but none of them have ever gone public to the community with information on their identities. Plus, while Kraken CEO Jesse Powell may be outspoken, he doesn’t seem like the type to greenlight a plan to doxx someone without a very good reason. 

The majority of the funds stolen in the attack are currently sitting on-chain in fresh wallets. However, if the owner of 0x814 has any other funds on Kraken, the exchange could also opt to freeze them. That also poses a question of how the exchange would use those funds—and whether it would consider reimbursing the SudoRare community. 

The third (and most likely) outcome involves Kraken passing the details for the 0x814 owner to law enforcement. When crypto exchanges are embroiled in incidents such as the SudoRare attack, they tend to make internal investigations before working with the authorities. It’s then up to the authorities themselves to pursue a criminal investigation. 

U.S. authorities have raised the stakes when it comes to dealing with crypto crime since activity in the space exploded over the past year, most recently highlighted by the Treasury Department’s unprecedented move to sanction Tornado Cash and its associated smart contracts. The Treasury’s Office of Foreign Assets Control cited its popularity among hacking syndicates like Lazarus Group as the reason for the blacklisting, prompting widespread criticism from a host of key industry figures. 

Kraken CEO Jesse Powell, a Libertarian-leaning Bitcoin pioneer who’s previously spoken out against overreaching government sanctions, told Bloomberg TV that he thought that the Tornado Cash ban was unfair as all individuals “have a right to financial privacy.” The SudoRare incident could now put that idea to the test.

Crypto Briefing reached out to Kraken’s press team for comment, but had not received a response at press time. 

Update: Kraken responded to Crypto Briefing‘s request for comment with the following statement:

“While Kraken can’t comment directly on any specific request, like all compliant crypto exchanges, we report suspicious activity and respond to law enforcement requests. We even publish a transparency report that describes our extensive work with law enforcement. Last year alone, Kraken responded to 2,453 information requests from law enforcement agencies in the US, UK, and Europe—up 130% from 2020. We take our role as the facilitator of a safe trading environment incredibly seriously and we will continue to work with our partners in the fight against fraud.”

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.