In the aftermath of the $28 million Deribit hack, the unknown exploiter is moving stolen funds using the decentralized cryptocurrency mixer, Tornado Cash.
The funds were transferred in 17 transactions, with the first outgoing transaction occurring on Nov. 5 —just a few days after Deribit suffered the hack.
The amount of funds moved to Tornado Cash is just a fraction of all stolen ETH on the hacker’s address, as its balance amounts to 7,501 ETH ($11.8 million) at the time of writing. The hacker initially sent 9,080 ETH to the address on Nov. 2.
The blockchain analytics platform PeckShield initially reported on the outgoing Tornado Cash transactions on Nov. 5. At the time, the amount of funds leaving the hacker’s ETH wallet was just about $350,000.
Deribit officially announced that its platform suffered a hot wallet hack on Nov. 2, losing a total of $28 million in several cryptocurrencies, including Bitcoin (BTC), ETH and USD Coin (USDC). The exchange had to halt all withdrawals in order to ensure proper security in the aftermath of the hack, promising to cover all the losses.
The platform subsequently resumed regular withdrawals for BTC, ETH and USDC on Nov. 2, migrating all hot wallets to the digital asset security platform Fireblocks. Deribit stressed that users should not send funds to their previous BTC, ETH and USDC addresses and use new Fireblocks deposit addresses instead.
The news comes amid the ongoing uncertainty over Tornado Cash and other cryptocurrency mixers after authorities in the United States restricted the mixer. The Office of Foreign Assets Control of the U.S. Department of the Treasury blacklisted Tornado Cash in August 2022, making it illegal for citizens, residents and companies to receive or send money through the service.
In October, the crypto advocacy group Coin Center filed a complaint against OFAC, Treasury Secretary Janet Yellen and OFAC Director Andrea Gacki, alleging that sanctioning Tornado Cash was “unprecedented and unlawful.”