SudoRare Pulled The Rug For $820,000. How Will Kraken Respond?

Key Takeaways

• The team behind the decentralized NFT exchange SudoRare stole $820,000 from its community and then deleted its online presence early Tuesday.
• One of the wallets used in the attack was funded through Kraken, a regulated cryptocurrency exchange with mandatory KYC checks, on Aug. 21.
• Kraken now faces a decision on how to respond to the developments.

As a U.S.-based regulated exchange, all Kraken customers must submit identification as part of mandatory “Know Your Customer” checks.

SudoRare Attack Demands Answers

The team behind the SudoRare NFT exchange stole $820,000 and vanished early Tuesday, but thanks to the public nature of the blockchain, the attackers left an on-chain paper trail of their transactions before they disappeared.

As blockchain security firm PeckShield noted Tuesday, at least one of the assailants appears to have interacted with Kraken in the past. Etherscan data shows that Kraken funded an Ethereum wallet commencing 0x814 on Aug. 21.

That wallet transferred 0.28 ETH to 0xbb4 earlier today, hours before SudoRare withdrew $820,000 worth of WETH, XMON, and LOOKS and deleted its online channels. The 0xbb4 wallet was one of several addresses used during the attack, last seen transferring 173.1 ETH worth $283,000 at 06:37 UTC today. That suggests that the 0x814 Kraken-funded wallet may belong to a member of the SudoRare team.

Under U.S. regulations, cryptocurrency exchanges like Kraken must complete “Know Your Customer” checks on all customers. Every Kraken customer must submit identification before they can use the service, and the exchange keeps a record of their activity. In other words, if the 0x814 wallet belongs to a member of the SudoRare team, Kraken may have details on their real identity.

This incident raises questions about how Kraken plans to respond. Several possible scenarios could play out.

Kraken’s Move

If the exchange is confident that the user who funded the 0x814 wallet is responsible for the attack, they could choose to “doxx” them—Internet speak for revealing the assailant’s identity. However, this seems somewhat unlikely; cryptocurrency exchanges have previously held details of people who used their services to fund wallets linked to scams and criminal activity. However, none of them have ever gone public to the community with information on their identities.

Plus, while Kraken CEO Jesse Powell may be outspoken, he doesn’t seem like the type to greenlight a plan to doxx someone without a very good reason.

Most of the funds stolen in the attack are currently sitting on chain in fresh wallets. However, if the owner of 0x814 has any other funds on Kraken, the exchange could also opt to freeze them. That also poses a question of how the exchange would use those funds—and whether it would consider reimbursing the SudoRare community.

The third (and most likely) outcome involves Kraken passing the details for the 0x814 owner to law enforcement. When crypto exchanges are embroiled in incidents such as the SudoRare attack, they tend to make internal investigations before working with the authorities. It’s then up to the authorities themselves to pursue a criminal investigation.

U.S. authorities have raised the stakes in dealing with crypto crime since activity in the space exploded over the past year, most recently highlighted by the Treasury Department’s unprecedented move to sanction Tornado Cash and its associated smart contracts. The Treasury’s Office of Foreign Assets Control cited its popularity among hacking syndicates like Lazarus Group as the reason for the blacklisting, prompting widespread criticism from several key industry figures.

Kraken CEO Jesse Powell, a Libertarian-leaning Bitcoin pioneer who’s previously spoken out against overreaching government sanctions, told Bloomberg TV that he thought that the Tornado Cash ban was unfair as all individuals “have a right to financial privacy.” The SudoRare incident could now put that idea to the test.

Original Post