Lendhub protocol exploiters spotted shifting $3.85M into Tornado Cash

Ethereum

The suspected actors behind the $6 million exploit of decentralized finance (DeFi) lending protocol Lendhub have just sent more than half of their ill-gotten gains from January into sanctioned crypto mixer Tornado Cash.

Blockchain security firms PeckShield and Beosin alerted their respective followers to the movement of funds on Feb. 27, noting that around 2,415 Ether (ETH) worth around $3.85 million was sent to Tornado Cash from a wallet connected to the Jan. 12 exploit.

PeckShield previously reported the LendHub exploit was the largest in January with $6 million pilfered from the protocol.

On-chain intelligence firm Beosin tweeted that the latest movement means a total of 3,515.4 ETH, currently worth over $5.7 million, has been sent to Tornado Cash by the exploiter since Jan. 13.

Tornado Cash is a crypto mixing service that attempts to anonymize Ethereum transactions by combining vast amounts of Ether prior to depositing sums to other addresses.

The service was sanctioned on Aug. 8, 2022, by the United States Office of Foreign Assets Control (OFAC) for its alleged role in the laundering of crime proceeds.

Despite the sanctions and the website for the service being taken down, Tornado Cash is still able to run and be used as it’s a smart contract housed on a decentralized blockchain.

A January report by blockchain analytics firm Chainalysis said that hacks and scams once contributed to around 34% of all inflows to the mixer and were at times inflows reached around $25 million per day, but that dropped by 68% in the 30 days following the sanctions.

Related: ​​Crypto-related enforcement actions by US states rose sharply in 2022: Report

Bad actors in the space continue to frequent the service, recently the exploiter behind an Arbitrum-based DeFi project transferred over $1.86 million in ill-gotten cryptoto Tornado Cash on Feb. 20.

The notorious North Korean hacker outfit, Lazarus Group, often sends significant sums to mixers such as Tornado Cash and Sinbad.

An early February Chainalysis report claimed that exploited funds from North Korean hackers “move to mixers at a much higher rate than funds stolen by other individuals or groups.”