HECO Chain exploiter anonymizes $145M of Ether on Tornado Cash in 8 days


A crypto wallet address linked to the HECO Chain exploiter transferred and anonymized nearly 40,392 Ether (ETH) on the crypto-mixing protocol Tornado Cash in eight days.

According to crypto investigator PeckShield, the HECO Chain exploiter made 19 outbound transfers to Tornado Cash addresses in an attempt to make approximately $145.7 million worth of stolen Ether nearly impossible to trace.

Source: PeckShield

The majority of the funds were sent to a single Tornado Cash address, while one transaction of 0.2 ETH worth $699 was sent separately to a different address in Tornado Cash.

In its largest transaction, the HECO Chain exploiter sent 11,300 ETH worth roughly $39.5 million in one transfer. Crypto hackers often resort to routing their loot through Tornado Cash to anonymize the ownership of the funds.

On March 21, an account linked to a $24 million Rocket Pool hack from September 2023 transferred 3,700 ETH to Tornado Cash with the same intention.

Hacker transferring funds to Tornado Cash. Source: Etherscan

According to crypto analytics firm Elliptic, hackers from North Korea’s Lazarus Group resumed using Tornado Cash to launder funds stolen from hacks on March 13.

Flow of funds from HTX/HECO hacks to Tornado Cash. Source: Elliptic

The Tornado Cash protocol was sanctioned in August 2022 by the United States Treasury Department for its alleged role in allowing the laundering of over $1 billion in illicit funds, including money linked to the Lazarus Group.

Related: Blockchain Association files support in suit to lift Tornado Cash sanctions

Roman Storm, the co-founder of Tornado Cash, pleaded not guilty before a judge in the U.S. District Court for the Southern District of New York in September 2023.

He, along with his alleged co-conspirator Roman Semenov, was charged with conspiracy to commit money laundering, conspiracy to commit sanctions violations and conspiracy to operate an unlicensed money-transmitting business.

On March 10, the Arbitrum DAO removed a proposal seeking to fund the legal defense costs of the Tornado Cash co-founders. According to an Arbitrum spokesperson, the proposal was later deleted at the author’s request:

“I can confirm that the forum was removed at the request of the author of the proposal.”

The reasons underlying this modification remain unclear. Cointelegraph contacted DK — a pseudonymous delegate leading the initiative — for further clarity but did not receive a response.

Magazine: Bitcoin ETFs make Coinbase a ‘honeypot’ for hackers and governments: Trezor CEO