43 minutes ago
6
Shiba Inu’s core development team is escalating its response to the Shibarium bridge exploit after a new on-chain investigation mapped the hacker’s Tornado Cash laundering trail to KuCoin deposit accounts. Reacting to on-chain sleuth Shima (@MRShimamoto) on X, core developer Kaal Dhairya wrote “Great work! This needs to be amplified. I will also ensure it’s sent to the FBI attached to the open investigation report and request Kucoin to cooperate.”
Shiba Inu Sleuth Exposes Shibarium Hacker
The Shibarium bridge was exploited in mid-September in an attack estimated at around $2.3–$2.4 million, after the perpetrator seized a super-majority of validator keys and withdrew assets including ETH, SHIB and KNINE. K9 Finance DAO, Shibarium’s liquid-staking partner, launched a bounty process that started at 5 ETH, later advanced to a 20 ETH smart-contract offer and ultimately to a final 25 ETH proposal endorsed directly by the Shiba Inu team. The exploiter never accepted, and K9 Finance has since confirmed that the unclaimed ETH in the bounty contract has been returned to contributors, with Shib.io receiving back 20 ETH.
In a detailed 1 December thread, Shima said the “Shibarium Bridge hacker foolishly chose not to accept the K9 bounty – it’s finally time to share the investigation we’ve been working on,” describing months of tracing that involved thousands of transactions and 111 wallets. His reconstruction shows 260 ETH flowing from exploit-linked wallets into Tornado Cash, with 232.49 ETH ultimately reaching KuCoin through 48 deposits into 45 unique KuCoin deposit addresses, which he believes are largely operated by money mules rather than the hacker directly.
According to his write-up and an accompanying MetaSleuth dashboard, the trail begins with the original exploit address and nine “dumping” wallets. Those wallets received the stolen tokens, liquidated them gradually for ETH over roughly a week, and sent a total of 260 ETH into Tornado Cash. Of that amount, 250 ETH entered the mixer’s 10-ETH pool and 10 ETH the 1-ETH pool in an attempt to break on-chain linkability between the hack and any later withdrawals.
The critical breakthrough, Shima says, came about forty days after the exploit. A wallet already tied to the hacker cluster sent exactly 0.0874 ETH to what was intended to be a clean Tornado withdrawal wallet. That minor top-up, he describes as “one stupid mistake” that “completely unravelled their Tornado Cash laundering,” because it established a direct on-chain connection between the exploit side of the graph and a supposedly anonymous post-mixer address. From that contaminated node he was able to work outward, clustering multiple Tornado withdrawal wallets, intermediaries and final KuCoin “funnel” wallets.
Shima reports that each funnel wallet typically routes funds to two KuCoin deposit addresses, creating a final cluster of 45 KuCoin endpoints and roughly two dozen depositors that he argues can be treated as money-mule cash-out accounts. He says the full address list, transaction graph and methodology were first shared privately with the Shibarium team so they could approach law enforcement and KuCoin while any funds remained within reach. However, he recounts that KuCoin’s fraud desk insisted on receiving a formal law-enforcement case number before acting on the evidence.
The official ShibariumNet X account has now publicly backed the research: “Thanks to @MRShimamoto for doing all the hard work here to compile this thread. We truly appreciate your diligence and methodical approach. Hopefully this investigation can continue with the help of the proper authorities. The communities need answers.”
At press time, Shiba Inu (SHIB) traded at $0.00000878
English (US) ·