Polygon arrives in Breadcrumbs + AscendEX hack tracing
Breadcrumbs App has been providing blockchain analytics tools accessible to everyone. Initially supporting the Ethereum blockchain, it has grown to support Bitcoin and ERC20 token transactions upon the recommendation of the crypto community. And to serve the community’s needs better, Breadcrumbs has just added support for a network that is rapidly scaling and growing in popularity: Polygon (MATIC).
Polygon is a leading Layer 2 scaling solution for the Ethereum blockchain. The main advantages of building on Polygon are superior speeds and lower fees, payable with MATIC, its native token. Developers can build there a lot of Ethereum-compatible apps, including Non-Fungible Tokens (NFTs), games, and Decentralized Finance (DeFi) platforms.
Since its launch in 2017, some notable crypto entities have supported and built on this network such as Decentraland, The Sandbox, Aave, and Compound. MATIC, its native token, has reached over $13 billion in total market capitalization.
One of the main goals of Breadcrumbs as a blockchain analytics tool is to make blockchain data accessible to everyone, helping them make informed decisions around the technology. And with the rapid scaling and growing popularity of Polygon, we prioritized supporting the network to help the Polygon community trace and track Polygon addresses, transactions, and assets.
This support for the Polygon Network is made possible by a grant we have received from them and we would like to profusely thank them for the assistance.
The Breadcrumbs’ Investigation Tool is still catching up to date with the last Polygon transactions. But that doesn’t mean we can’t investigate already. You can also suggest a new label for an address here! Let’s start now with the more recent hack related to Polygon: the one against AscendEX, a Singaporean crypto exchange.
AscendEX hack: tracing of funds
AscendEX (also known as BitMax) is a Singaporean crypto trading platform and exchange. Some of the crypto assets they support are based on Ethereum (ETH), Binance Smart Chain (BSC), and, of course, Polygon (MATIC). On December 11, 2021, it was hacked and the exchange lost an estimated total of $77,7 million from assets stolen in ETH, BSC, and Polygon.
The exchange didn’t disclose the total stolen amount. However, according to the security firm Peckshield, it’s estimated at around $77,7 million in various cryptocurrencies. Majority of the stolen funds were stolen on the Ethereum blockchain ($60 million)but the hacker also stole around $9.2 million from BSC and $8.5 million from Polygon.
Where are the funds now?
In this section, we will trace the flow of the stolen funds in three different blockchains.
Fund flow analysis on the Polygon Network
AscendEX shared its exploited address, and also the one belonging to the hacker.
0x986a2fca9eda0e06fbf7839b89bfc006ee2a23dd (AscendEX MATIC, BSC, and ETH hot wallet)
0x2c6900b24221de2b4a45c8c89482fff96ffb7e55 (AscendEX Hacker 1 — Polygon)
Now, we will trace the stolen funds on the Polygon network by following the fund flows of the MATIC hot wallet to the hacker wallet. On the Investigation Tool for Polygon, we can see that the hacker stole 3,749,300 MATIC (around $7.8 million by the time of hack) from the AscendEX hot wallet and sent it to their own address (AscendEX Hacker 1) in December 11, 2021.
Ascendex Hacker 1 didn’t have any transactions prior to the hack and it appears to be created to instigate the theft. Ascendex Hacker 1 swept the stolen funds to the address 0x9eee6862b78fb6f9627d7d5a908d2114814fcecd (labeled as AscendEX Hacker 2) on December 12, 2021. On December 13, 2021, Asecendex Hacker 2 sent the stolend funds to address 0x70dcf33ca09bd87bb2a301280331406ebd32c8a0 (AscendEX Hacker 3).
Stolen funds are currently onchain and sitting in this address. You can follow these addreseses in the Monitoring Tool.
Fund flow analysis on Ethereum
Most of the stolen funds from Ascendex occurred on the Ethereum blockchain and the pattern of obfuscating the stolen funds is more complex than the Polygon network case. The hacker not only stole ETH but also numerous ERC20 tokens such as AAVE, AXS, BAT, COMP, SHIB, UNI, USDC, USDT, and WBTC, among others. After ETH, the largest amount of stolen funds were in Ultra Token (UOS), amounting to over $3.4 million in December 11, 2021.
A total of 92 transactions were done to steal around $59 million, in the first place.
Similar to the pattern of the Polygon Network theft, the stolen funds were sent to Ascendex Hacker 1. Ascendex Hacker 1 moved all the funds to address 0x9eee6862b78fb6f9627d7d5a908d2114814fcecd (labeled as AscendEX Hacker 2) on December 13, 2021.
From this point, the funds started a long process of splitting to many different addresses. We can say that the hacker is trying to mix and cash out the funds. Apart from unknown addresses, we can also see that some of the funds ended up in several crypto exchanges (centralized and decentralized).
Those exchanges include Bitfinex ($360,000), 0xProtocol ($233,679), Kraken ($827), ParaSwap ($3 million), and Binance ($424,754). The rest of the funds are, probably, still on-chain.
Curiously enough, one of the hacker’s transactions was for AscendEX again. They sent them back 0.6 ETH (around $2,482) to the initially hacked address. It’s not clear why they’d do that, and there are no notes in the transaction.
BSC stolen funds
On December 11, the hacker transferred 1,568.105 BNB (around $894,964) from the AscendEX hot wallet to AscendEX Hacker 1. Additionally, they transferred to the same address different amounts in seven BEP20 tokens: BEM, AVAX, FINE, JULD, C98, CAKE, NEAR, and FMN. The total stolen amount in BEP20 sums over $8,214,677.
On December 12, the hacker emptied their first wallet and sent the stolen funds to AscendEX Hacker 2. This time, the hacker also gave back a small part of the stolen BNB (5 BNB / $2,628) to the AscendEX hot wallet.
As for the tokens, they ended up in different DEXs and in AscendEX Hacker 4. The last address still holds over 1,570 BNB ($825,547) and almost the exact amount in the stolen tokens ($10.4 million with some price appreciation since the hack). Therefore, the BSC stolen funds are still on-chain.
Finally, we can mention that AscendEX declared that they traced some of the funds to the crypto exchanges Bitfinex, OKEx, and Binance. Also, according to them, all the possible victims will have a 100% reimbursement.
