According to reports by blockchain security platforms, Beosin and PeckShield on February 27th, the perpetrators of the $6 million hack on Lendhub, a DeFi lending platform, have transferred about 50% of their stolen funds into Tornado Cash.

The firms disclosed that a wallet associated with the January 12th exploit had sent approximately 2,415 Ether, equivalent to around $3.85 million, to Tornado Cash.

Lendhub Hacker Moves 3,515.4 ETH 

In January, PeckShield reported that the LendHub exploit was the most significant of the month, resulting in the theft of $6 million from the protocol. According to a tweet by Beosin, an on-chain intelligence company, the hacker has moved about 3,515.4 ETH (approximately $5.7 million) to Tornado Cash since January 13th.

According to Etherscan, the wallet moved 100 ETH batch by batch to Tornado Cash before moving on to smaller deposits. Meanwhile, Tornado Cash is a service that employs crypto-mixing techniques to enhance the anonymity of Ethereum transactions by combining large quantities of Ether before transferring funds to other addresses.

On August 8th, the United States Office of Foreign Assets Control (OFAC) imposed sanctions on Tornado Cash, accusing the service of helping criminals launder stolen funds. However, despite the website’s supposed shutting down, Tornado Cash is still operational and accessible since it is a smart contract and runs on a decentralized blockchain.

In a report released in January, Chainalysis, a blockchain analytics firm, revealed that scams and hacks had accounted for roughly 34% of all inflows to Tornado Cash, with inflows sometimes reaching as high as $25 million per day. However, in the 30 days following the implementation of sanctions, this figure decreased by 68%.

Hackers Still Using Crypto Mixers

Despite US sanctions on Tornado Cash, fraudsters in the crypto space continue to use its services. A recent example occurred on February 20th, when the exploiter of a DeFi project built on Arbitrum moved stolen crypto worth about $1.86 million to Tornado Cash.

In addition, the well-known Lazarus Group from North Korea frequently transfers large sums to mixers such as Sinbad and Tornado Cash. Meanwhile, a Chainalysis report released in early February stated that funds stolen by North Korean hackers are moved to mixers at a significantly higher rate than funds stolen by other groups or individuals.

The report further reveals that in 2022, North Korean hackers were responsible for stealing over $1.7 billion worth of cryptocurrency. Thus, 2022 was the worst year on record for cryptocurrency attacks. Chainalysis noted that in 2020, North Korea’s total export value was only $142 million.

“Therefore, it is reasonable to say that cryptocurrency hacking constitutes a considerable portion of North Korea’s economic activity,” Chainalysis added.

George Ward

By George Ward

George Ward is a crypto journalist and market analyst at Herald Sheets, known for his engaging articles on the latest digital currency trends. With a background in finance and journalism, he presents complex topics accessibly. George holds a degree in Business and Finance from the University of Cambridge.