Deribit hackers move stolen ETH to this service because…
Barely a week after carrying out an exploit on Deribit‘s hot wallet, the perpetrators of this hack moved a portion of the stolen funds into Tornado Cash, the Ethereum mixer service.
Decoding the Deribit hack
Deribit, a Netherlands-based crypto-exchange, reported the exploit on its hot wallet on 2 November. The actual hack was carried out late on 1 November, where the hackers made away with $28 million in BTC, ETH, and USDC.
Deribit made it clear that only its hot wallet was affected by the hack, not the cold wallet. The exchange further offered to reimburse any losses faced by its customers.
Deribit hot wallet compromised, but client funds are safe and loss is covered by company reserves
Our hot wallet was hacked for USD 28m earlier this evening just before midnight UTC on 1 November 2022.
— Deribit (@DeribitExchange) November 2, 2022
Once the news of the hack rolled out, the platform immediately suspended all withdrawals. Through the tweet above, Deribit clarified that for their own safety, users should refrain from making any deposits or trades through the platform until the necessary security checks were completed.
The string of hacks and exploits continued into November, after several hundred million worth of cryptos were stolen last month.
$2.5 million moved to Tornado Cash
According to data from Etherscan, the perpetrators transferred 1610 ETH to the Ethereum mixer service. This transfer was spread across 17 different transactions, with all but one worth 100 ETH each.
At press time, the transferred ETH was worth $2.5 million.
At the time of writing, the hacker’s wallet had 7501 ETH left, which was worth $11.8 million. This wallet initially received 9080 ETH following the hack last week and the remaining amount was likely held in BTC.
Tornado Cash was sanctioned earlier this year in August by the U.S Department of Treasury’s Office of Foreign Assets Control (OFAC). Authorities cited the mixer’s role in aiding with the laundering of billions of virtual currencies with illicit origins.
However, the ban was widely criticized by the crypto-community for being unjust and infringing upon the user’s right to privacy.