A crypto wallet address associated with the HECO Chain exploiter has transferred and anonymized nearly 40,392 Ether on the crypto-mixing protocol Tornado Cash in just eight days. This move comes as part of an effort to make approximately $145.7 million worth of stolen Ether nearly impossible to trace.
Transactions and Methods
The majority of the funds, including the largest transaction of 11,300 ETH worth roughly $39.5 million, were sent to a single Tornado Cash address. The exploiter made 19 outbound transfers to Tornado Cash addresses in total, with one transaction of 0.2 ETH worth $699 sent separately to a different address within Tornado Cash.
Anonymization of Funds
Crypto hackers often use Tornado Cash to anonymize the ownership of their stolen funds. This tactic allows them to obscure the origins of the funds, making it challenging for authorities to track and recover the stolen assets.
Previous Instances of Tornado Cash Use
On March 21, an account linked to a $24 million Rocket Pool hack from September 2023 also transferred 3,700 ETH to Tornado Cash for similar purposes. Additionally, hackers from North Korea’s Lazarus Group resumed using Tornado Cash on March 13 to launder funds stolen from hacks.
Legal Issues Surrounding Tornado Cash
The use of Tornado Cash has raised legal concerns, particularly in August 2022 when the United States Treasury Department sanctioned the protocol for allegedly allowing the laundering of over $1 billion in illicit funds, including money tied to the Lazarus Group.
Legal Defense and Recent Developments
Roman Storm, the co-founder of Tornado Cash, pleaded not guilty to charges of conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money-transmitting business. In a related development, the Arbitrum DAO removed a proposal seeking to fund the legal defense costs of Tornado Cash co-founders.