The Solana ecosystem stands out for its deep liquidity and robust infrastructure, making it both a potential target for exploits and an attractive venue for laundering stolen funds. 

After a hack, it's a race against time for good actors to trace and freeze the funds. The recent $1.5 billion Bybit hack shows how sophisticated bad actors have become in their laundering operation - using over 20,000 wallets, dozens of assets, protocols and bridges to launder their stolen funds. 

They even used deBridge to bring in some of the stolen funds into Solana to launder them before good actors froze the funds. That got us thinking - how else could you use the Solana ecosystem to launder funds? 

Generally speaking, a web3 exploit has four steps:

1. Funding - Acquiring initial capital for an attack

2. Preparation - Deploying malicious code or infrastructure

3. Execution - The actual exploitation a protocol to extract funds

4. Exfiltration / Money Laundering - Moving and cashing out stolen assets

This bounty focuses on Step 4: Exfiltration – the process of laundering stolen funds off the Solana blockchain while avoiding detection or asset freeze efforts.

The end goal of this bounty is to ensure we have mapped out all the common (and novel) routes a bad actor may take to launder stolen funds out of or through the Solana ecosystem.

Scenario

You're part of an elite black hat group that has just exploited a Solana-based protocol, securing $1M in protocol X tokens. Your first move? Swap out the X tokens to an asset in the Solana blockchain that does not have freeze authority like SOL.

With your $1M in liquid tokens, your next challenge is exfiltrating funds off Solana. It's a race against time to move and cash out the assets before onchain intelligence firms like Range track the stolen funds.

Note: Your group is highly skilled at identity spoofing and KYC evasion, meaning that centralized and custodial venues can still be viable options – if you act fast.

Possible exfiltration methods could include:

1. Centralized exchanges e.g. Coinbase, Kraken, eXch, and others

2. Custodial / non-custodial swappers e.g. Changelly, Shapeshift

3. OTC Desks e.g. Wintermute

4. Retail Fintech apps e.g. Revolut, Robinhood, Public, etc

5. P2P Exchanges e.g. Binance P2P

6. Off-ramps e.g. Sphere, MoonPay, and others

7. Bridges e.g. Wormhole, deBridge, LayerZero, Maya, CCTP, LiFi, etc
   

The Challenge

Your task is to create a comprehensive report of all the methods you could use to exfiltrate funds off Solana and label as many wallets as possible related to those methods.

Remember to be as precise and comprehensive as possible when labeling the accounts and wallets of the different exfiltration routes. Use Range, Arkham, and your favorite Solana block explorers (go beyond public labels you find on those platforms).

Also consider what other non-freezable assets on Solana have high liquidity and can be used for laundering, not just SOL.

For each of your exfiltration routes, classify the exfiltration methods by the amount of liquidity you could launder via them (e.g. $100k, <$1M, <$5M, <$25M, etc).

💡 Precision is key - the more detailed and well-researched your submission, the better. Get creative, be thorough, and map the hidden pathways of illicit crypto flows.

Deliverables:

We are expecting:

• A document detailing your methodology, approach and results [text doc or public blog]

• A list of $SOL and Non-$SOL non-freezable assets that bad actors may use, their current liquidity and venues [CSV file or Google Sheet]

• List of addresses relating to exfiltration routes, the amount of liquidity you could launder through it, the entity they belong to, and your suggested labels for each. [CSV file or Google Sheet]
  

Judging Criteria:

Submissions will be evaluated based on the following key factors:

• Data Accuracy – How precise and verifiable is your data?

• Data Completeness – Are all potential exfiltration routes accounted for?

• Data Volume – The more unique addresses and routes you submit, the better.

• Deduplication – Submitted addresses must not already be labeled on the Range Platform (instructions below).

• Brownie points for tweeting about the bounty and tagging @RangeSecurity
  

Submission Requirements:

• Your submission must be in English and not plagiarized 

• All submissions must be made via Superteam Earn, but you may include external links (e.g., Google Sheets). Ensure viewing permissions are set appropriately.

• The data you submit must be accurate and not plagiarized. You may use publicly available lists as part of your submission, but they should not constitute the entirety of your work. Clearly credit any such third-party contributions.

• Submissions must have a minimum of 50 addresses not already labeled on Range, but the more address labels and routes provided the better your chances to win

• The exfiltration routes you submit must be verifiable, onchain and public – that is, anyone should be able to use them.

• You agree that any content you submit as part of this hackathon may be used by Range and/or its affiliates as they see fit, including but not limited to open-sourcing the work and releasing it for public consumption.
  

Prize Details:

We have a total of $15,000 USDC in prizes for the Range track, which will be distributed at the judges’ discretion based on the Judging Criteria above. 

Awards will be distributed as:

🥇1st Place - $11,000 USDC

🥈2nd Place - $3,000 USDC

🥉3rd Place - $1,000 USDC

Checking for Labels on Range

To check if an address is labeled on Range already, simply search for the address on the Range Platform.

For your convenience, below is an example of a labeled vs unlabeled address.

Unlabeled Address

Labeled Address

About Range

Range is a leading blockchain intelligence and monitoring platform for the Ethereum, Solana and Cosmos ecosystems.

Range brings extensive experience in Rust development, as well as deep proficiency in L1 and cross-chain integrations. Our clients and trusted partners include the Solana Foundation, Circle, dYdX, Celestia, Squads, Osmosis, Noble, Cosmos Hub, and more. 

Our products are natively cross-chain. To solve the frustration of tracking cross-chain transfers, we launched the first Cross-Chain Explorer - consolidating data from 50+ major ecosystems and 4 leading interoperability protocols, offering real-time insights into cross-chain transactions, all in one place. Developers and Product Teams can then leverage our API to integrate real-time transaction tracking and build custom analytics directly into their applications.

We provide critical infrastructure across the risk and security lifecycle to help organizations and users build and use cutting-edge financial applications safely:

• The Range Platform, with its advanced explorer, Risk APIs, real-time monitoring and alerts, helps secure over $19.5 billion in assets.

• Range Trail, our cross-chain forensic wallet monitoring tool, is used by multiple teams to respond to incidents and identify stolen funds in security hacks. 

• Our USDC Explorer is the primary explorer for Circle's CCTP protocol. It helps users track cross-chain stablecoin transfers daily across Ethereum, Solana, Base, Arbitrum, Polygon, Cosmos and many other ecosystems.

• Our IBC Rate Limit contracts secure every transaction across Cosmos’s Osmosis and Neutron chains, limiting the potential damage caused by a hack. 

• Our Risk APIs form the backbone of the new Solana Transaction Security Standard, which Squads Protocol adopted to secure its users, who have over $10 billion in combined assets.
  

Learn more about us at range.org or x.com/RangeSecurity. Or dive into our app, Github or API documentation.