TLDR
- On-chain investigator Shima uncovered the full laundering route of Shiba Inu funds stolen in the Shibarium hack.
- The attacker made a crucial mistake that allowed Shima to trace the stolen assets through various wallets and Tornado Cash.
- Shima linked 48 KuCoin deposit addresses to the stolen Shiba Inu funds, suggesting money mules were involved in the cash-out process.
- Shiba Inu assets were sold for ETH and moved through multiple intermediary wallets before reaching KuCoin.
- Shima shared his findings with the Shibarium team to help law enforcement act on the stolen funds, after KuCoin declined to act without a case number.
Almost three months after the Shibarium bridge hack, on-chain investigator Shima has uncovered the full path of stolen funds. Through careful analysis, Shima discovered an error made by the attacker that exposed the entire laundering process. His findings offer crucial insights into the stolen Shiba Inu assets and their journey through various wallets.
Shiba Inu Funds Trace Reveals Laundering Path
Shima’s investigation began with the hacker’s initial transaction, which was linked to the Shibarium bridge exploit. The attacker used several wallets to move stolen assets, including Shiba Inu tokens. After these transactions, the funds were funneled through Tornado Cash, a tool often used for money laundering.
Shibarium Bridge hacker foolishly chose not to accept the K9 bounty – it’s finally time to share the investigation we’ve been working on…🔎 this is juicy 🤤
The hacker made one stupid mistake and it completely unravelled their Tornado Cash laundering. 💰🌪️💵
That one mistake… pic.twitter.com/itxsXbbGSm
— Shima 島。 (@MRShimamoto) December 1, 2025
Shima’s breakthrough came when he spotted a small transaction that linked the funds to a secret withdrawal wallet. This transaction connected multiple wallets and allowed him to trace the stolen assets. “This small mistake revealed the entire laundering operation,” Shima stated.
Through his analysis, Shima identified 48 deposits, all linked to the KuCoin exchange. The stolen Shiba Inu tokens, along with other assets, moved through several intermediary wallets before reaching the exchange. Shima believes the attacker avoided completing KYC at KuCoin, relying instead on money mules to cash out the stolen funds.
Shiba Inu and KuCoin Involvement
Shima’s analysis pointed to KuCoin as a key player in the laundering operation. The stolen funds, including Shiba Inu tokens, made their way to 45 unique deposit addresses. The attacker used multiple small transactions to further obscure the funds’ origin, with one reused deposit address linking to a previous exploit.
Shima was able to connect the dots between the Shibarium hack and the KuCoin deposits, despite the exchange’s reluctance to act without law enforcement involvement. He shared his findings with the Shibarium team to ensure law enforcement could take appropriate action. “We had to go public with the full analysis when progress stalled,” he explained.
The stolen Shiba Inu tokens were sold for ETH before being laundered through Tornado Cash. Shima’s work uncovered the entire laundering trail, which began with the hack and ended in KuCoin deposits.
Shima’s investigation revealed how easily stolen Shiba Inu assets can be moved across different platforms, making it crucial for exchanges to strengthen their security measures.
