In August 2021, DAO Maker suffered a hack of USD 7 million worth of stablecoins as the cybercriminals took advantage of ambiguities. Cybercriminals also used Tornado Cash in a recycling scheme to steal USD 15 million in Ether.
Leading security firm PeckShield discovered on Twitter that USD 500,000 in funds stolen from the DAO Maker exploit were moving.
They said an address associated with a DAO Maker exploit in 2021 laundered 500,000 DAI through Tornado Cash. It used fake browser plugins to control the stolen funds.
PeckShield stated that they saw a move of USD 500,000 DAI to @TornadoCash from EOA 0x0B789. The address directly relates to the DAO Maker criminal who stole funds from @TheDaoMaker.
Illicit cash flows have allegedly happened through Tornado Cash on other occasions in North Korea.
Cybercriminals Use Popular Platforms to Conduct their Attacks
Security companies have reported that hackers have become aware of various popular platforms they can use for their crimes. In December 2021, PeckShield identified an address that exploited Grim Finance and transferred USD 3.3 million to Tornado Cash. Likewise, the finances of Monox recently suffered a theft of USD 2.1 million through Tornado Cash.
In August 2021, DAO Maker suffered a hack as the cybercriminals took advantage of its ambiguities. That allowed them to steal USD 7 million worth of stablecoins, which they broke down into different addresses. They used an address identified as Etherscan, which they used to transfer USD 500,000 in DAI.
Tornado Cash Might Have Participated in the 2021 DAO Maker Crypto Hack
According to PeckShield, USD 500,000 worth of DAI moved through crypto mixer Tornado Cash. That suggests it may be the source of tokens stolen from a DeFi protocol.
In other words, crypto mixers make it harder to track where tokens go. In August 2021, cryptocurrency fundraising platform Maker DAO, unrelated to MakerDAO, suffered an attack. It lost USD 7 million worth of stablecoins and Ether (ETH), which went to two wallets according to on-chain data.
A wallet transferred to Tornado Cash around 3,800 ETH, equivalent to USD 6.2 million. According to the collected data, the remaining balance has remained dormant in the other address.
Before this incident, cybercriminals also used Tornado Cash in a recycling scheme in which they stole USD 15 million worth of Ether from Singapore-based Crypto.com.
The alleged money laundering of Tornado Cash and the stolen funds have led to a discussion about whether it contributes to money laundering. The creator of the crypto mixer said no entity governs the system, adding it did not aim to support illegal activities.
Regulators have targeted Tornado Cash since the Office of Foreign Assets Control (OFAC) of the Treasury Department sanctioned it on August 8th. The crypto mixer allegedly sponsored the laundering of USD 7 billion in money flows. The North Korean hacker group Lazarus might have used it to launder stolen funds amounting to USD 455 million.
The measure against Tornado Cash by the United States sheds light on the debate over whether crypto mixers benefit the ecosystem. In addition, they may add an extra privacy layer for users and facilitate the laundering of money.
By Alexander Salazar
