Hackers of Crypto Platform Lendhub Move $3.85 Million into Tornado Cash

As Web3 and crypto go mainstream, several decentralized finance (DeFi) platforms have fallen victim to hacking, losing millions of dollars in assets to criminals. As DeFi projects seek ways to avoid this threat, crypto platform LendHub has succumbed to the same fate, losing $6 million in digital assets to an exploit in January.

The latest reports revealed that OFAC-sanctioned crypto mixer Tornado Cash remains an escape route for bad actors looking to launder illicit funds. Blockchain security platforms, Beosin and PeckShield, reported that LendHub users have moved $3.85 million in ETH into Tornado Cash.

Both firms shared the update via Twitter, noting that the hack suspect sent around 2,415 ETH worth nearly $3.85 million to Tornado Cash.

LendHub beneficiaries moved $5.7 million to Tornado Cash

LendHub informed its users that it lost assets worth $6 million through a hack attack on January 12. According to LendHub, the exploit was possible due to a compromise in the platform, which caused a difference between old and new IBSV tokens.

This problem resulted in different Comptroller contracts with the same market price. The hackers exploited this vulnerability to loot millions of dollars from the protocol.

The firm contacted blockchain security experts to track down the thieves and recover the stolen money. And since then, security firms have been on the hackers’ tails trying to recover the money. They appeared to have a breakthrough, as PeckShield and Beosin spotted the suspects moving to launder the proceeds through Tornado Cash.

PeckShield tweeted that the hackers moved 2,415.4 ETH to the OFAC-sanctioned Tornado Cash mixer, while Beosin reported the movement of over $5.7 million in ETH.

According to Beosin’s tweet, a wallet linked to the exploit has moved 3,515.4 ETH ($5.7 million) into Tornado Cash since January 13. The report shows that the criminal sent the funds in groups of 100 ETH.

Tornado Cash, an escape route for crypto scammers and hackers

In an effort to make Ethereum transactions anonymous, Tornado Cash has provided the means for criminals to launder stolen funds. The currency mixer protects the user’s identity and hides transaction sources by combining large amounts of ETH into almost infinite transaction traces before depositing the sum into target addresses.

Due to the frequency of money laundering via the platform, the United States Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash on August 8, 2022. Following the sanction, authorities took down the Tornado Cash website. However, criminals can still launder money through the mixer since its smart contract is on a decentralized blockchain.

chain analysis January report noted that hacks and scams contributed to approximately 34% of all inflows into Tornado Cash. The report even said the mixer sometimes receives daily inflows of up to $25 million. However, 30 days after the sanction, Tornado Cash inflows dropped by 68%, suggesting that the effort was not in vain.

Ethereum price is trading at $1,659 on the l ETHUSDT chart on Tradingview.com

However, some criminals have not stopped using the mixer. On February 20, Hope Finance hacks transferred $1.86 millions of stolen crypto to Tornado Cash.

Also, the North Korean hacker Lazarus Group often uses Tornado Cash to launder its proceeds. The report by Chainalysis suggests that North Korean hackers use currency mixers to launder money more often than other hacking groups.

Featured image from Pexels and chart from Tradingview.com

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *