About $63 million in Tornado Cash deposits has been linked to the January 10 compromise over a $282 million cryptocurrency portfolio.
Blockchain security company CertiK he said in X’s Monday post that its monitoring systems identified Tornado Cash interactions linked to the exploit.
The update expands post-theft money laundering mechanisms that occurred after the January 10 incident, which is being watched by many cryptocurrency investigators due to the amounts lost and the speed at which the funds were transferred.
The CertiK diagram maps the washing path
According to CertiK’s analysis, part of the stolen Bitcoin (BTC) was connected to Ethereum by a bridge, converted to Ether, and then distributed to several addresses.
CertiK discovered that at least 686 BTC were bridged to Ethereum via cross-chain exchange, resulting in 19,600 ETH being received on a single Ethereum address.
The funds were then distributed among multiple wallets, and several hundred ETH were sent from each address before entering Tornado Cash, a privacy-oriented mixing protocol.
The $63 million figure represents only part of the total amount lost. However, the fund’s movement shows how the attacker is trying to cover the initial cross-chain transfers during the exploit.
After entering the mixers, the chances of recovery drop to “close to zero”.
According to Marwan Hachem, CEO of blockchain security firm FearsOff, the fund movements seen in the wake of the January 10 compromise reflect the established money laundering playbook.
“This flow follows the classic large-scale laundering playbook quite closely, especially for cross-chain thefts involving BTC and LTC,” Hachem told Cointelegraph.
He said that using THORswap to convert Bitcoin to Ether and then splitting the funds into approximately 400 pieces of ETH before entering the mixer is “textbook” because they lend a hand reduce attention and make recovery after mixing much more tough.
“Tornado Cash is a major de-traceability breaker,” he said, adding that the chances of recovery “fell to almost zero” in most cases once the funds hit the mixer.
According to Hachem, options to mitigate the effects of mixer sludge are narrow and increasingly unreliable.
Related: Traveler? ‘Evil Twin’ Wi-Fi networks can steal cryptographic passwords
A social engineering attack turns into a compromise on seed phrases
As Cointelegraph previously reported, the January 10 theft was linked to a social engineering attack that tricked the victim into revealing a seed phrase.
Blockchain researcher ZachXBT said the attacker impersonated wallet staff, gaining full control over the victim’s assets. The attacked wallet contained approximately 1,459 BTC and over 2 million Litecoins (LTC).
Some of the stolen assets were also converted into privacy-enhancing digital assets.
Security firm ZeroShadow previously reported that approximately $700,000 of the stolen funds were marked and frozen early in the laundering process, although the enormous majority of the assets ended up out of reach.
Warehouse: Big Questions: Will Bitcoin Survive a 10-Year Power Outage?
