$10 Million Stolen in 2023 Laundered Through Tornado Cash

Reading Time: 2 minutes
  • A hacker-linked address has been caught transferring $10 million to Tornado Cash
  • The funds are part of the $24 million lost by a crypto whale in 2023
  • The transfer comes days after the Lazarus hacking group used the same service to launder $12 million belonging to HTX

Blockchain sleuths have caught a hacker moving his ill-gotten wealth to crypto-mixing service Tornado Cash. The sleuths discovered that the funds were almost half of the $24 million lost by a crypto whale through a phishing scam in 2023. The hacker’s action comes a few days after the notorious North Korean hacking group Lazarus was seen laundering $12 million siphoned from the HTX crypto exchange through the same avenue, an indication that hackers are returning to use Tornado Cash despite the service being sanctioned by United States authorities.

A Major Phishing Incident

According to blockchain security firm CertiK, the malicious actor transferred 3,700 ETH into the crypto-mixing platform, adding that the funds “traces to a major phishing incident” that happened in September 2023.

The 2023 phishing attack affected users on Rocket Pool, an Ethereum staking protocol, with a hacker draining users’ funds in two transactions. An in-depth analysis of the hack revealed that the victim signed malicious transactions that gave the attacker permission to spend their tokens.

Apart from the 3,700 ETH recently transferred to Tornado Cash, the hacker also transferred 1 ETH to the service shortly after siphoning the funds in September 2023. They also transferred some other stolen assets like DAI to the mixer and centralized exchanges like OKX.

SEC, MicroStrategy and Trezor X Accounts Hacked

Recently, a hacker compromised Rocket Pool’s X account security and directed followers to a wallet drainer. The hacking of social media accounts of web3-focused and prominent entities is the new tactic used by malicious actors to steal funds from unsuspecting crypto users.

Some prominent X accounts recently hacked include that of the United States securities watchdog SEC, MicroStrategy and hardware crypto wallet maker Trezor.

Although Tornado Cash increases the hacker’s anonymity, it’s likely that they can still be unmasked due to the advancement of surveillance technologies.