As we all know, after hackers obtain large profits by attacking smart contracts, most of them will choose to deposit money into Tornado Cash for currency mixing. By severing the link between deposit addresses and withdrawal addresses, hackers can launder the money and exchange virtual currency for cash in the future. For Tornado Cash users, the liquidity in the mixed currency pool determines whether the user can hide the whereabouts of funds well, especially when the amount of funds is very large. With the sanction of Tornado Cash and the arrest of its founder Alexey in August 2022, the liquidity in the Tornado Cash contract has dropped sharply. At the same time, we have observed a significant increase in the flow of some other currency mixing channels on Ethereum, such as FixedFloat KYC-free flash exchange.
first level title
What is No KYC Flash Exchange
KYC-free flash exchange is a cryptocurrency exchange that allows users to conduct instant cryptocurrency exchanges without providing personal information (Know Your Customer, KYC). Although they essentially exist to serve traders on the chain, some of their characteristics lead to these exchanges being often used as tools for currency mixing:
Anonymity:Trading through these exchanges does not require users to provide any personal information, and users only need to have addresses on the chain to conduct transactions directly.
Cross-chain transactions:Users can conduct asset transactions on multiple chains, making it difficult to track the flow of funds, especially when the platform supports privacy token transactions such as Monero/Zcash.
Less stringent compliance review:FixedFloat rarely freezes transaction funds, because transactions are completed in a short period of time, unless the stolen funds come from very well-known projects, such asCurve。
Flash transaction:first level title
transaction mechanism
The trading experience of these exchanges is between CEX and DEX. Unlike CEX, users do not need to deposit funds into the wallet controlled by the exchange and then complete the transaction through the order book, but trade with the KYC-free exchange as the counterparty, eliminating the process of depositing and withdrawing funds. Unlike DEX, transactions are not executed through smart contracts, but through the backend of the exchange.
Here we take the transaction process of FixedFloat as an example to introduce:
On the home page, users select the type of cryptocurrency pair to trade and the amount to exchange. There is an upper limit on the amount of a single exchange, which depends on the liquidity of the token on the platform, but a single address can conduct unlimited transactions
The user specifies the receiving address and order type. FixedFloat offers two types of orders: fixed rate orders and floating rate orders. If the user chooses a fixed interest rate order, he needs to pay a fixed 1% handling fee + network fee, but the user can avoid small-scale currency price fluctuations in the next period of time; if the user chooses a floating interest rate order, he needs to pay a 0.5% handling fee fees + network fees, but may actually bear more fees due to currency price fluctuations.
After the transaction is initiated, FixedFloat will designate a newly generated deposit wallet, and the trader needs to remit the funds to the designated address within the specified time. After several blocks are confirmed, the platform will remit the funds from the hot wallet to the receiving address specified by the user. payment address, complete the transaction
As mentioned above, a user’s single transaction has an exchange limit, which depends on the hard limit of the platform and the liquidity in the platform’s hot wallet. When the liquidity of a certain token in the hot wallet of the platform is insufficient, some centralized exchanges are usually used to supplement the liquidity, such as Binance.
first level title
On-chain data analysis
We analyzed the characteristics of the data on the chain for FixedFloat, ChangeNow, and SideShift, three frequently used KYC-free flash exchanges, and compared them with Tornado Cash.
first level title
secondary title
1. Directly as a currency mixing channel
secondary title
2. As a source of attack funding
secondary title
3. Use in series with other currency mixing channels
first level title
Fund tracking for KYC-free flash exchanges
Judging from the data on the chain, the trading behavior of KYC-free exchanges is very similar to that of CEX: they all specify a deposit address, and there will be one or more hot wallets for subsequent receipt of user funds. For example, the hot wallet address of FixedFloat on Ethereum is 0x4e5b2e1dc63f6b91cb6cd759936495434c7e972f.
first level title
about Us
At Eocene Research, we provide the insights of intentions and security behind everything you know or don't know of blockchain, and empower every individual and organization to answer complex questions we hadn't even dreamed of back then.
