Unizen Hacker Moves Stolen $2.1 Million to Tornado Cash

The attacker used a decentralized mixer that makes it hard to trace the origin of cryptocurrency transactions.

Following the March 9 attack orchestrated by a malicious actor on Unizen, a decentralized finance (DeFi) protocol, which resulted in the loss of around $2.1 million, it has now been revealed that the hacker behind the attack has moved the stolen assets to Tornado Cash.

In a post by blockchain security firm PeckShield, it was revealed that the hacker moved 2,179,859 DAI from the wallet used in the attack to an unknown wallet on August 7. They then changed the DAI into 865.4 Ether (ETH) and sent it to Tornado Cash in 26 separate transactions. This will be the first time the stolen Unizen funds have been moved since the attack 151 days ago.

After the March exploitation, the Unizens said they would return the stolen funds to users. The plan was led by the CEO Sean Noga, who released personal money to the company to pay back users who lost less than $750,000. For people who lost more, the company said they would look at each case separately.

More so, days after the attack, Unizen chief technology officer, Martin Granström, stated that the company is working with security experts and law enforcement agencies to track down the hacker’s identity. He noted that they gathered various evidence and can now proceed with the post-mortem.

In the same post, he assured users that the firm would invest more in improving its security with every new upgrade as they owed it to their community. However, despite the firm’s effort to catch the bad actor, it does not seem like they have made any headway, as the hacker now has zero balance in their wallet.

Crypto Hacking: A Growing Concern in the Industry

The attacker used a decentralized mixer that makes it hard to trace the origin of cryptocurrency transactions. Bad actors often deploy this tactic to hide stolen money.

Similar scenarios have occurred in other major hacks, such as the $308 million hack of the DMM Bitcoin system. In that case, the hackers used Huione Guarantee, an online marketplace that lets people do scams and other shady things, to launder the stolen assets.

Recently, another DeFi protocol Nexera was hacked, and a sum of $1.5M was exploited, which resulted in the company warning its users to stop trading the NXRA token. It was also revealed that the bad actor has already started selling the token for ETH and has already bridged some to the BNB chain.

The bad actor’s address behind the Nexera attack was said to be connected to recent private key compromise cases, such as Concentric Finance, OKX DEX, and Serenity Shield.

The continuous cyber attacks in the crypto space show the need for further industry security improvement. Many investors have lost a lot of funds because bad actors are becoming more rampant. The attack on WazirX last month, which resulted in the loss of over $230 million, further testifies why a quick solution needs to be found to mitigate the act.

Cybersecurity News, News, Technology News

07.08.2024
views: 211

You may have missed