The suspected actors behind the $6 million exploit of decentralized finance lending protocol Lendhub have just sent more than half of their ill-gotten gains from January into sanctioned crypto mixer Tornado Cash.
Blockchain security firms PeckShield and Beosin alerted their respective followers to the movement of funds on Feb. 27, noting that around 2,415 Ether (ETH), worth about $3.85 million, was sent to Tornado Cash from a wallet connected to the Jan. 12 exploit.
#PeckShieldAlert ~2,415.4 $ETH (~3.85M) into Tornado Cash from @LendHubDefi exploiters
LendHub was exploited, and $6M worth of cryptos was stolen from its protocol on Jan. 12.https://t.co/vDxHlTgR0o pic.twitter.com/8FZY3v2Fe3
— PeckShieldAlert (@PeckShieldAlert) February 27, 2023
PeckShield previously reported the LendHub exploit was the largest in January, with $6 million pilfered from the protocol.
On-chain intelligence firm Beosin tweeted that the latest movement means a total of 3,515.4 ETH, currently worth over $5.7 million, has been sent to Tornado Cash by the exploiter since Jan. 13.
The recent moves by the exploiter wallet sent funds to Tornado Cash in batches of 100 ETH, then moved on to smaller deposits. Source: Etherscan
Tornado Cash is a crypto mixing service that attempts to anonymize Ethereum transactions by combining vast amounts of Ether prior to depositing sums to other addresses.
The service was sanctioned on Aug. 8 by the United States Office of Foreign Assets Control (OFAC) for its alleged role in the laundering of crime proceeds.
Despite the sanctions and the website for the service being taken down, Tornado Cash is still able to run and be used, as it’s a smart contract housed on a decentralized blockchain.
A January report by blockchain analytics firm Chainalysis said that hacks and scams once contributed to around 34% of all inflows to the mixer and were at times inflows reached around $25 million per day, but that dropped by 68% in the 30 days following the sanctions.
Related: Crypto-related enforcement actions by US states rose sharply in 2022: Report
Bad actors in the space continue to frequent the service. Most recently, on Feb. 20, the exploiter behind an Arbitrum-based DeFi project transferred over $1.86 million in ill-gotten crypto to Tornado Cash.
The notorious North Korean hacker outfit Lazarus Group aloften sends significant sums to mixers such as Tornado Cash and Sinbad.
An early February Chainalysis report claimed that exploited funds from North Korean hackers “move to mixers at a much higher rate than funds stolen by other individuals or groups.”