The hacker behind the $25 million exploit of quantitative trading firm Kronos Research in mid-November 2023 started moving funds nearly six months after the exploit.
The hacker wallet first transferred 1,314 Ether worth $4 million to a new address, starting with 0x8F5e4 and later transferred all the ETH to another address starting with 0x164A24b.
Tornado Cash is an open-source cryptocurrency mixer that operates on networks compatible with the Ethereum Virtual Machine. The mixing services obscure the path of the crypto transactions and make it extremely difficult to trace the source of the funds.
Although created as a privacy tool, hackers often use mixing services to launder stolen funds via decentralized exchange platforms.
The significant usage of Tornado Cash for transferring illicit funds prompted the United States government to impose sanctions on its use in August 2022. Subsequently, its founders were charged with money laundering and sanctions violations in 2023.
While opinions within the crypto community vary regarding adopting privacy tools, there is a consensus against state persecution of developers for creating an application.
The crypto analytics firm PeckShield raised an alert regarding the transfer of funds on X. It cautioned that the transfer to Tornado Cash suggests that the hacker is attempting to launder the stolen funds.
Over the years, exploiters have chosen crypto-mixing services over centralized exchanges, as once they are identified, exchanges block addresses.
Kronos Capital was exploited in November 2023 after the exploiters managed to gain access to the firm’s application programming interface keys. The firm first denied any loss of funds during its early announcement.
Later, on-chain investigator ZachXBT revealed that roughly 12,800 ETH worth $25 million was stolen and transferred into six unique crypto wallet addresses. Kronos Capital halted its trading services to investigate the loss.