Steadefi, the decentralized finance (DeFi) platform hit by a devastating exploit last week, has observed hackers laundering some of the stolen funds through privacy protocol TornadoCash. Blockchain security firm CertiK Alert revealed that an Ethereum account linked to the Steadefi hack deposited 100 ETH worth $185,000 into TornadoCash on August 9th.
This transaction was flagged as being connected to the attack that drained over $334,000 from Steadefi on August 7th. In total, the Steadefi hack impacted user funds totaling at least $1.14 million, making it one of the largest DeFi breaches this year.
Steadefi hackers turn to TornadoCash to launder stolen crypto
By sending the stolen Ethereum to TornadoCash, the Steadefi hackers are attempting to break the money trail and cash out their illicit proceeds. TornadoCash utilizes zk-SNARKs cryptography to obfuscate transaction details, making the laundered funds extremely difficult to trace.
This is a common tactic employed by cybercriminals following DeFi exploits and crypto heists. Steadefi’s observation of the laundering activity provides further confirmation that the hackers are moving swiftly to extract maximum value from the breach.
Steadefi had its protocol deployer wallet compromised last Monday, granting the attackers ownership of all lending vaults and enabling them to freely drain available funds. In an on-chain plea, Steadefi urged the hackers to return 90% of stolen crypto, promising no legal action if funds were returned by August 10th.
DeFi platform recovers $418K as hackers refuse bounty offer
The project also offered a public bounty if the hackers refused to comply. However, the criminals did not take the bounty deal before the deadline. As of August 8th, Steadefi announced it had recovered around $418,000 left in the hacked vaults but was working with authorities to track the attackers.
The movement of stolen Steadefi funds through TornadoCash suggests the hackers have no intention of returning the loot. This breach represents the latest DeFi platform exploit in 2022, a year that has already seen over $1 billion lost to hacks and security failures.
This latest scam again shows the urgent need for Steadefi and other DeFi projects to prioritize security and threat monitoring to protect user funds. The popularity of mixing services like TornadoCash also enables hackers to quickly launder proceeds and evade detection. Blockchain forensics firms continue working to track stolen crypto despite obfuscation techniques, but there seems to a significant lack of proactive security from DeFi projects.
