Hacker drops control over Tornado Cash as they use it to wash stolen funds
A hacker who recently took over the cryptocurrency mixer Tornado Cash has given up control while still using the protocol to launder the digital tokens stolen in the attack.
Hacker uses Tornado Cash to wash stolen tokens
In the incident, the attacker obtained 483,000 TORN coins, the protocol’s native currency, and later converted a sizable amount of the loot into ETH.
This was due to exploitation of a weakness in the Tornado Cash governance system, which is generally run by the crypto community.
The user has also reportedly used the same cryptocurrency mixer, where funds were removed during the attack, to launder about 472 ETH, worth about $900,000.
The hacker exploited the protocol to hide the money they withdrew during the attack.
This comes after the attacker’s original fraudulent proposal on May 21, which gave them full control over Tornado Cash’s decentralized crypto mixer.
On May 26, the attacker effectively took over the protocol but strangely later got in touch with the Tornado Cash community with a fresh offer, indicating they were willing to give up control.
The attack significantly impacted the value of the TORN token, causing the token’s price to crash from nearly $7 to less than $4. According to CoinGecko, the coin has since recovered to about $4.30.
Tornado Cash under fire over ties to hackers
Tornado Cash, a service that enables users to conceal their cryptocurrency transactions for better privacy, has come under fire due to exploitation by criminals and North Korean hackers.
The platform has developed an infamous reputation as the go-to tool for hackers and criminals looking to launder money received illegally.
Over $8 billion has passed through Tornado Cash since its launch in 2019, according to data from Dune Analytics, highlighting the scope of unlawful operations the site has allowed.
Tornado Cash has previously been subject to penalties from the U.S. Treasury Department because it participated in money-laundering schemes run by North Korean hackers.
In particular, it was discovered that, as claimed by a U.S. Treasury official last year, the North Korean Lazarus Group had laundered some $450 million through the Tornado Cash service.
As a result, the site is now under U.S. sanctions. However, privacy advocates in the cryptocurrency industry contend that Tornado Cash offers useful privacy protections to legal users.
The cryptocurrency industry continues to grapple with its reputation as a breeding ground for illicit activities.
While the pace of hacks has decreased from the tumultuous year of 2022, during which a staggering $3.8 billion was stolen, incidents such as the Tornado Cash hack serve as reminders of the persistent vulnerabilities within the crypto space.