Security firms PeckShield and Beosin have reported that a suspected group of actors behind the January exploit of the DeFi lending protocol Lendhub have transferred more than half of their proceeds, amounting to 2,415 Ether (worth approximately $3.85 million), into sanctioned crypto mixer Tornado Cash. The incident was revealed on February 27. The exploit was reported to have resulted in a loss of $6 million.
$5.7 million has been sent to Tornado Cash since January 13
PeckShield reported that the LendHub exploit had resulted in $6 million being stolen from the protocol. Beosin has tweeted that a total of 3,515.4 ETH worth $5.7 million has been sent to Tornado Cash since January 13 by the perpetrator. This is the largest reported exploit of the year so far.
Tornado Cash is still in operation
Tornado Cash, a crypto mixing service designed to anonymize Ethereum transactions by combining vast amounts of Ether before depositing sums to other addresses, was sanctioned on August 8 by the United States Office of Foreign Assets Control (OFAC) for its role in laundering crime proceeds. Despite this, Tornado Cash still operates as a decentralized smart contract on the blockchain.
According to a report by blockchain analytics firm Chainalysis, before the sanctions, approximately 34% of all inflows into the mixer were from hacks and scams, and there were days when inflows reached around $25 million. However, this figure has dropped by 68% in the 30 days since the imposition of the sanctions.
On February 20, a malicious actor behind an Arbitrum-based DeFi project transferred over $1.86 million in stolen crypto to Tornado Cash. This is the latest in a series of events indicative of bad actors using mixers such as Tornado Cash and Sinbad for nefarious purposes.
According to Chainalysis’ early February report, funds originating from North Korean hackers tend to move to mixers at an abnormally high rate, further demonstrating the service’s popularity with criminals. The notorious Lazarus Group is an example of these malicious actors, regularly sending significant sums through mixers. Nonetheless, bad actors will continue to frequent these services unless appropriate measures are taken.
