The hackers who ran away with approximately $550 million worth of NEM stolen from Coincheck are almost done laundering them. Despite the efforts of Japanese police officers, cybersecurity firms and the NEM foundation the culprits managed to get super rich in just over two months. But we already knew that this was going to happen. After all, isn’t it decentralization what we praise the most in cryptos?
How did it happen?
The trick is, we can record and monitor transactions but we do not know who is setting behind them. This made it easier for the cybercriminals to transfer the embezzled tokens to multiple wallets several times until everyone loses their tracks. As simple as that. Moreover, those behind the attack utilized numerous dark web channels, further obscuring themselves with uncertainty. This, of course, works in their favor and against the investigators.
According to the Asian media outlet Nikkei, the dark web marketplace where the stolen NEM tokens were sold is already drained. L Plus, a Tokyo cybersecurity firm has confirmed this information. For the uninitiated, this specific marketplace was created with the sole purpose to launder tokens. Smart move, I would say. The NEM foundation did its best to catch the thieves but ultimately failed despite tagging the stolen funds.
“The decentralized NEM protocol’s flexibility allows transactions to be traced in real-time, which aids exchanges to identify wallets attached to malicious activity. This helps make stolen XEM tokens effectively unusable because they cannot be deposited without being flagged by NEM, “ the foundation said in February but wait, it never helped. Perhaps because for some reason the tagging system was turned off a while ago.
This move from the NEM foundation raises one question, is it involved in the crime? I mean, this is a lot of money and insider trading is not something we haven’t seen. Even if so, it doesn’t matter anymore. Because the moral of the story is – never store your cryptocurrency in online exchanges. Try some hardware wallets instead.