Blockchain security firm CertiK posted an alert citing the exploiter of Solana DeFi protocol Raydium sent 1,774.5 Ethereum (ETH) to Tornado Cash, a decentralized, noncustodial privacy platform.
On December 16, Raydium was hacked for more than $2 million including $1.6 million worth of Solana (SOL). As per reports, the hacker likely had access to Raydium’s private keys that managed project pools, allowing them to drain the tokens. As per crypto sleuth, ZachXBT, the attacker had since transferred the stolen funds to an Ethereum wallet. Some of that money was then sent to crypto mixing service Tornado Cash.
An exploit on Raydium is being investigated that affected liquidity pools. Details to follow as more is known
⁰Initial understanding is owner authority was overtaken by attacker, but authority has been halted on AMM & farm programs for now
— Raydium (@RaydiumProtocol) December 16, 2022
However, Raydium revealed the hacker drained the crypto loot by exploiting a vulnerability in the DEX’s smart contracts that allowed entire liquidity pools to be withdrawn by admins, despite existing protections being to prevent such behavior. Raydium had also proposed a plan to compensate the victims of the hacks, using the decentralized autonomous organization treasury to buy missing tokens and repaying those affected by the exploit.
A Warning Regarding Tornado Cash
We are seeing ~1,774.5 ETH (~$2.7M) being deposited into @TornadoCash from the Raydium exploiter 0xb98ac as labeled on https://t.co/lb2v6r8c4s.
Stay vigilant! pic.twitter.com/JVqWAw9MVO
— CertiK Alert (@CertiKAlert) January 19, 2023
On January 19, CertiK took to Twitter to warn that the exploiter sent 1,774.5 Ether amounting to nearly $2.7 million to the sanctioned cryptocurrency mixer Tornado Cash. On August 8th, Tornado Cash was sanctioned by the U.S. Treasury’s Office of Foreign Assets Control (OFAC) for its role in laundering over $455 million worth of cryptocurrency stolen by the North Korean-linked hacking organization Lazarus Group. As per blockchain analysis firm Chainalysis, almost 30% of the funds sent through the mixer have been tied to illicit actors.
Since the US Treasury Department banned Tornado Cash, funds of many users got stuck within the platform. Hence, the US Treasury Department has issued a guide last year for US citizens to help them in withdrawing funds from the mixer.
Tornado Triggers Drastic Actions
Soon after the sanctions, several web3 platforms such as Alchemy and Infura blocked access to the Ethereum-based crypto mixing service. Github went on to delete accounts of Tornado’s contributors immediately after the privacy tool was added to the Treasury’s sanctions list. Stablecoin issuer Circle also froze USDC funds held within Tornado Cash’s smart contracts.
In August, Dutch authorities arrested a 29-year-old developer in Amsterdam who was suspected to have been involved in laundering money through Tornado Cash. In June 2022, the Dutch government’s Financial Advanced Cyber Team (FACT) initiated a criminal investigation against Tornado Cash claiming the mixer may have been used to hide large-scale criminal money flows, including from crypto heists and scams.