In-Depth Look At The $28M Deribit Exchange Wallet Exploit

In-Depth Look At The $28M Deribit Exchange Wallet Exploit

First few days of November 2022 hasn’t been very kind to the crypto exchange Deribit, as it suffered a hack of 28 Million $ in BTC and ETH as its hot wallet was compromised. However, Deribit has clarified that 99% of its funds are stored in cold wallets and the remaining in its hot wallet and the loss as such would be covered by its reserves.

Hence, not only my acquaintance’s trading account but several others were by blocked by Deribit and deposits or withdrawals were halted. Deribit is one of the biggest derivatives crypto exchanges operating out of Panama providing traders with the option of trading crypto futures and options.

In January 2020, as the EU 5th Anti Money Laundering Directive regulations kicked in requiring all crypto exchanges operating out of EU member states to get registered/seek license from their respective regulators, Deribit decided to shift operations from Netherlands to Panama to avoid strict KYC/AML/CTF regulations.

Prior to this, Deribit did not require traders on its exchange to provide any KYC and as such never conducted any due diligence checks on customers operating on its platform. Well, how convenient, completely anonymous, Right?

The hacker made 691 BTC and 9,111.59 ETH from the hack, with the USDC nabbed being quickly converted to Ethereum. The funds are now being held in two wallets across Bitcoin and Ethereum as you can see in the images below.

Cool! So, where does AMLBot figure in this? AMLBot decided to trace these transactions and look at the movement of funds after the hack happened.

At the time of writing this article the funds haven’t moved anywhere particularly not to any mixers or laundering services. As you will see in the figure below our risk score assesment reveals that these are “Stolen Funds”.

In the image below you’ll notice that the USDC was converted to ETH via a high risk P2P decentralized exchange called Uniswap.

In the investigative diagram below you will see stolen funds ETH and  USDC moving from Deribit hot wallet to the “Deribit Thief”. The USDC is then converted to ETH at the decentralized exchange Uniswap.

Uniswap being a decentralized exchange will probably not have relevant due diligence measures or KYC requirements in place. So, even if law enforcement authorities were to approach or issue a subpoena to Uniswap, the identity of the “Deribit Thief” will still be harder to reveal.

However, should the “Deribit Thief” try to cash out those funds through a centralized exchange such as Binance or Coinbase, they will require KYC or identity verification which can potentially lead to the thief. AMLBot will be tracking of the movement of funds on an ongoing basis.

CoinDesk - Unknown

Sid works as a financial crime compliance lawyer in the crypto space and has previously worked at Wirex and Digifinex.