$10 Million Stolen in 2023 Laundered Through Tornado Cash
Reading Time: 2 minutes
- A hacker-linked address has been caught transferring $10 million to Tornado Cash
- The funds are part of the $24 million lost by a crypto whale in 2023
- The transfer comes days after the Lazarus hacking group used the same service to launder $12 million belonging to HTX
Blockchain sleuths have caught a hacker moving his ill-gotten wealth to crypto-mixing service Tornado Cash. The sleuths discovered that the funds were almost half of the $24 million lost by a crypto whale through a phishing scam in 2023. The hacker’s action comes a few days after the notorious North Korean hacking group Lazarus was seen laundering $12 million siphoned from the HTX crypto exchange through the same avenue, an indication that hackers are returning to use Tornado Cash despite the service being sanctioned by United States authorities.
A Major Phishing Incident
According to blockchain security firm CertiK, the malicious actor transferred 3,700 ETH into the crypto-mixing platform, adding that the funds “traces to a major phishing incident” that happened in September 2023.
We are seeing a deposit of 3700 ETH, which is worth over $10M, into Tornado Cash by EOA 0x8cFDAD729de89f09A188312839A0EC3b1522E107 on Ethereum.
The fund traces to a major phishing incident back in September 2023 where $24M (at the time) worth of assets were…
— CertiK Alert (@CertiKAlert) March 21, 2024
The 2023 phishing attack affected users on Rocket Pool, an Ethereum staking protocol, with a hacker draining users’ funds in two transactions. An in-depth analysis of the hack revealed that the victim signed malicious transactions that gave the attacker permission to spend their tokens.
Apart from the 3,700 ETH recently transferred to Tornado Cash, the hacker also transferred 1 ETH to the service shortly after siphoning the funds in September 2023. They also transferred some other stolen assets like DAI to the mixer and centralized exchanges like OKX.
Update: The phisher has transferred 1 $ETH to #TornadoCash pic.twitter.com/SAFcdw5DuJ
— PeckShieldAlert (@PeckShieldAlert) September 8, 2023
SEC, MicroStrategy and Trezor X Accounts Hacked
Recently, a hacker compromised Rocket Pool’s X account security and directed followers to a wallet drainer. The hacking of social media accounts of web3-focused and prominent entities is the new tactic used by malicious actors to steal funds from unsuspecting crypto users.
Some prominent X accounts recently hacked include that of the United States securities watchdog SEC, MicroStrategy and hardware crypto wallet maker Trezor.
🚨Update on our X account security incident🚨
Earlier this week, we experienced a breach of our X account due to a sophisticated phishing attack.
Immediate actions were taken to secure our account & no product security was compromised.
For more,
👉 https://t.co/ZZOHSNtI9u— Trezor (@Trezor) March 21, 2024
Although Tornado Cash increases the hacker’s anonymity, it’s likely that they can still be unmasked due to the advancement of surveillance technologies.