A Poloniex hacker transferred $3.3 million in Ether from a $125 million Poloniex theft to Tornado Cash and still manages $181 million in assets.
TakeAway Points:
- A Poniex hacker sent 1,100 ETH, or roughly $3.3 million, of the $125 million that was stolen in November to Tornado Cash, the approved mixer.
- The $32 million worth of 501 BTC was moved to an anonymous wallet, leaving the hacker with control over $181 million in cryptocurrency.
- The U.S. Treasury sanctioned Tornado Cash in 2022 as a result of hackers, particularly North Korea’s Lazarus Group, using it for money laundering.
Update on Poloniex Hack
The hacker who stole $125 million in assets from Poloniex’s hot wallets in November has moved a sizable portion of those funds recently. Specifically, 1,100 ether (ETH), or around $3.3 million, was transferred to Tornado Cash, a coin mixer that has the US Treasury Department’s approval, in batches of 100 ETH.
The assets had lain dormant for 178 days prior to this activity. Furthermore, on April 30, the hacker moved 501 bitcoin (BTC), which is valued at around $32 million, to an undisclosed wallet. Despite these moves, Arkham data indicates that the hacker still has an estimated $181 million in cryptocurrency holdings dispersed over multiple blockchains.
Tornado Cash
In 2022, U.S. sanctions were placed on Tornado Cash, a cryptocurrency that was well-known for its capacity to mask the source of tokens by distributing them among multiple currencies.
The reason for this action was that the $625 million Axie Infinity exploit was attempted to be concealed using it by the North Korean hacking group Lazarus.
Elliptic, a blockchain security company, also disclosed in March that the Heco Bridge hack, which happened soon after the Poloniex theft, involved $12 million that Lazarus Group had stolen and was using Tornado Cash to launder.
Ethereum’s Wallet Innovation
Following these security concerns, Ethereum developers are concentrating on improving the usability of cryptocurrency wallets by introducing Ethereum Improvement Proposals (EIPs) for the upcoming Pectra hard fork. One such proposal, EIP-3074, seeks to greatly enhance the user experience by allowing smart contracts to authorise transactions for externally owned accounts (EOAs), potentially revolutionising wallet usability.
The CTO of Paradigm, Georgios Konstatonopolous, emphasised the significance of EIP-3074, claiming it could “10x” wallet UX. Additionally, the proposal incorporates features like batching transactions and third-party transaction fee sponsorship, addressing some of the current limitations and user concerns associated with EOAs.
About the Poloniex Hack
A hack involving compromised private keys occurred at the Poloniex cryptocurrency exchange in November 2023. An estimated $126 million was taken from the project’s hot wallets by the attackers, who are thought to be members of the notorious Lazarus Group.
An iconic illustration of a compromised hot wallet is the Poloniex exchange hack. The theft of a private key used to digitally sign transactions linked to a specific blockchain address is one of the many other blockchain technologies that have fallen victim to these kinds of assaults. Tokens can be sent from this private key to a wallet under the control of the attacker if they manage to obtain it.
This attack is thought to have been carried out by the Lazarus Group, just like many of the other recent ones. The North Korean government is connected to the cybercrime gang known as the Lazarus gang, which is well-known for its use of bespoke software and social engineering techniques.