The hacker responsible for the $125 million Poloniex hack in November has sent 1,100 ether (ETH), worth approximately $3.3 million, to the sanctioned coin mixer Tornado Cash.
The transaction, which occurred on Tuesday, saw the hacker send the ether in 11 batches of 100 ETH over a two-hour period, after the funds had been dormant for 178 days.
TLDR
- The hacker responsible for the $125 million Poloniex hack in November sent 1,100 ether ($3.3 million) to the sanctioned coin mixer Tornado Cash.
- The hacker sent the ether in 11 batches of 100 ETH over a two-hour period, after the funds had been dormant for 178 days.
- The Poloniex hacker also sent 501 bitcoin ($32 million) to an unlabeled wallet on April 30 and still holds a total of $181 million worth of crypto across various blockchains.
- Tornado Cash, a protocol that allows users to obfuscate crypto tokens, was sanctioned by the U.S. Treasury Department in 2022 after it was used by North Korean hacking group Lazarus to launder funds from the Axie Infinity exploit.
- The Poloniex hack is believed to be the work of the Lazarus Group, and the use of Tornado Cash highlights the sophisticated means hackers employ to launder stolen funds.
The Poloniex hack, which occurred on November 10, 2023, resulted in a staggering $114 million multi-crypto theft.
An Ethereum wallet linked to the “Poloniex hacker” orchestrated a series of 357 transactions, ferrying tokens from the exchange. Simultaneously, a Tron blockchain wallet associated with the incident siphoned around $42 million to various addresses.
Today, Poloniex Hacker: 0x3E…fDFd transferred 100 ETH (about $308,000) to Tornado Cash. This is the first time that the Poloniex hacker has transferred money to Tornado Cash for money laundering. Currently, the Poloniex hacker also has $182 million in crypto assets, including…
— Wu Blockchain (@WuBlockchain) May 7, 2024
Investigators believe that the individual responsible for the Poloniex hack is a member of the infamous Lazarus Group, a North Korean-based hacking organization known for targeting financial institutions and cryptocurrency platforms to finance the regime. The Lazarus Group has been involved in mass-scale cyber-crimes amounting to billions of dollars.
In addition to the recent ether transaction, the Poloniex hacker also sent 501 bitcoin (BTC), worth approximately $32 million, to an unlabeled wallet on April 30.
According to data from blockchain analytics firm Arkham, the hacker still holds a total of $181 million worth of crypto across various blockchains, including 25,563 ETH ($79 million), 305,042 TRX ($36 million), 626 BTC ($32 million), and 364,292 BTCT ($23.3 million).
The use of Tornado Cash, a decentralized mixer protocol that jumbles up transfers to make it difficult for authorities to track funds, highlights the sophisticated means hackers employ to launder stolen cryptocurrency.
The protocol was sanctioned by the U.S. Treasury Department in 2022, shortly after it was used by the Lazarus Group to launder $12 million from the Heco Bridge hack, which occurred shortly after the Poloniex hack.
The Heco Bridge hack, along with an attack on Justin Sun-owned crypto exchange HTX, resulted in the loss of more than $97 million in various tokens.
The attackers exploited a private key vulnerability to transfer tokens using private keys from users’ wallets to their accounts on the Ethereum network.
In a previous on-chain message, Poloniex offered the attacker a 5% bounty, approximately $5 million, to return the remaining 95% of the stolen funds.
However, the recent transactions involving Tornado Cash suggest that the hacker has no intention of cooperating with the exchange or returning the stolen funds.