The harmony bridge hack by Lazarus group (north korean actor) is a good example:
The first address used is 0x0d043128146654c7683fbf30ac98d7b2285ded00
It's a bit harder to trace using public tools because they immediately start splitting off the various coins to other addresses, but looking at just the USDC:
They split it off into a single purpose address that is just responsible for converting it to ETH. They do this via private transactions utilizing uniswap v3 and a set amount just about every minute (they settled on ~2M). If you scan through them their slippage is very good here. If you wait a bit of time you let the arbitrage bots move funds from wherever is available so your slippage isn't so bad.
They again show good slippage and also show that they use 3 different exchanges
After they've converted everything to ETH with good slippage they then fan out to multiple accounts that then do a series of deposits into tornado cash at 100 ETH each.
They were done with the liquidation within 2 hours. This attacker is still liquidating as far as I can tell
In every market, a certain number of people are willing to buy at the bid and sell at the ask. When you are trying to get rid of more than the market is able to absorb, you will wipe out multiple levels of bids. Slippage then refers to the price difference between (say) the mid price of the bid and ask and the price that you finally got filled at.
Say I want to sell 100 pokemons as fast as possible. I will take whatever the market wants to pay me. This is a market order.
Before my order goes in, people are willing to buy 10 pokemons at $50 and willing to sell 10 at $52. The midpoint is 51.
I put in my order.
10 of my pokemons get sold at $50. My slippage is $1x10.
The next level down is $48 where people are willing to buy 25 pokemons. So I will get filled now at $48. My slippage is $3x25=($51-48)x25.
Could you or someone else explain why DeFi is integral to these hacks? The article mentions the decentralized exchange 1inch and you are mentioning Avalanche and Fantom. Is just that that DEX and P2P create levels of indirection that make it much harder to track the movements of the stolen assets?
Do bear in mind that I was answering a question about how to swap coins given such a low amount of time that this hacker (likely insider; opinion) had. I named decentralized exchanges because they don't give up the ownerships of their crypto AND they offer bridges/swapping services from one coin to another - which makes it not only harder to track the assets when you're trying to do this sort of process, but it also offers a more streamlined approach for doing the process in the first place - which is swapping a bunch of coins.
For sake of lucidity, I want to say that this doesn't necessarily make DeFi integral to these hacks, but it does make the process of liquidating from these hacks easier.
>"For sake of lucidity, I want to say that this doesn't necessarily make DeFi integral to these hacks, but it does make the process of liquidating from these hacks easier."
Yes sorry I didn't articulate that very well in my post. This is what in fact I was asking - why it was significant in the "process of liquidating from these hacks."
Could you explain what you mean by "they don't "give up the ownerships of their crypto"? This sounds like an important point but I'm unsure what you mean. Do they anonymize the transaction or something else?
