A blockchain security company called PeckShield recently released a report saying that an attacker was able to move 865.4 ETH, which was worth about $2.16 million at the time.
The first step in laundering was moving 2,179,859 DAI from the wallet that was used in the initial attack to a wallet marked “0X866…84d7” in two different transactions.
The attacker then used the decentralized market Uniswap to trade DAI for ETH. They then sent the money to Tornado Cash, a cryptocurrency mixer, in 26 separate transactions. At the time this was written, the exploiter had no money in either pocket.
Unizen’s Failed Recovery Efforts
This transfer of money happened 151 days after the first attack on March 9, when PeckShield found an “approve issue” on the platform that let $2.1 million worth of USDT, which was later changed into DAI, be stolen.
After the attack, the Unizen team tried to get in touch with the hacker on the blockchain by giving a 20% reward for the return of the stolen assets. But these attempts did not work out.
On March 11, Sean Noga, CEO of Unizen, announced a plan to reimburse users and pay for their salary himself. People who lost less than $750,000 were to be paid back in USDT and USDC. People who lost more than that amount would have their cases looked at individually.
Thieves often use cryptocurrency mixers, like Tornado Cash, to hide the assets they’ve stolen. On-chain investigator ZachXBT said last month that the people who hacked the DMM Bitcoin wallet and stole $308 million were moving their money through Huione Guarantee, an online market known for scams and related services.
In a separate recent event, the people responsible for the flash loan attack on the Binance Smart Chain-based DeFi protocol Pancake Bunny were seen buying Ethereum on August 5, when its price dropped significantly.
Attackers are always coming up with new and complex ways to hide stolen goods. This shows how hard it is for the bitcoin industry to keep everyone safe and accountable.
