Blockchain security firms PeckShield and Beosin have reported that suspected hackers who exploited Lendhub, a decentralized finance lending protocol, have moved more than half of their ill-gotten gains to Tornado Cash, a crypto mixer service. According to Beosin, around 2,415 Ether (ETH), worth about $3.85 million, was sent to Tornado Cash from a wallet connected to the Jan. 12 exploit. Beosin also reported that a total of 3,515.4 ETH, currently worth over $5.7 million, has been sent to Tornado Cash by the exploiter since Jan. 13.
Tornado Cash is a crypto mixing service that attempts to anonymize Ethereum transactions by combining vast amounts of Ether prior to depositing sums to other addresses. However, the service was sanctioned on Aug. 8 by the United States Office of Foreign Assets Control (OFAC) for its alleged role in the laundering of crime proceeds. Despite the sanctions and the website for the service being taken down, Tornado Cash is still able to run and be used, as it’s a smart contract housed on a decentralized blockchain.
A January report by blockchain analytics firm Chainalysis said that hacks and scams once contributed to around 34% of all inflows to the mixer and were at times inflows reached around $25 million per day, but that dropped by 68% in the 30 days following the sanctions. However, bad actors in the space continue to frequent the service. Most recently, on Feb. 20, the exploiter behind an Arbitrum-based DeFi project transferred over $1.86 million in ill-gotten crypto to Tornado Cash.
The notorious North Korean hacker outfit Lazarus Group is also known to send significant sums to mixers such as Tornado Cash and Sinbad. An early February Chainalysis report claimed that exploited funds from North Korean hackers “move to mixers at a much higher rate than funds stolen by other individuals or groups.”
The use of crypto mixers by hackers and other bad actors has long been a concern for authorities and regulators, who are attempting to clamp down on the use of such services for money laundering and other illicit activities. The continued use of Tornado Cash by suspected hackers and other bad actors suggests that more needs to be done to curb the use of such services.