Poloniex Hacker Transfers $3.3M ETH, Still Controls $181M Crypto

A Poloniex hacker transferred $3.3 million worth of Ether from a $125 million Poloniex heist to Tornado Cash and still controls $181 million in assets.

TakeAway points:

  • A Poniex hacker sent 1,100 ETH, or about $3.3 million, of the $125 million stolen in November to Tornado Cash, the approved mixer.
  • The $32 million worth of 501 BTC was moved to an anonymous wallet, giving the hacker control of $181 million worth of cryptocurrency.
  • The US Treasury Department sanctioned Tornado Cash in 2022 because hackers, specifically North Korea’s Lazarus Group, used it for money laundering.

Update on Poloniex hack

The hacker who stole $125 million in assets The hot wallets from Poloniex in November recently moved a significant portion of these funds. Specifically, 1,100 ether (ETH), or approximately $3.3 million, was transferred to Tornado Cash, a coin mixer that has the approval of the US Treasury, in batches of 100 ETH.

The assets had been idle for 178 days prior to this activity. Additionally, on April 30, the hacker moved 501 bitcoin (BTC), worth approximately $32 million, to an undisclosed wallet. Despite these steps, Arkham’s data indicates that the hacker still owns an estimated $181 million worth of cryptocurrency across multiple blockchains.

Tornado money

In 2022, US sanctions were imposed on Tornado Cash, a cryptocurrency known for its ability to mask the source of tokens by distributing them across multiple currencies.

The reason for this action was that the North Korean hacking group Lazarus was trying to hide the $625 million Axie Infinity exploit.

Elliptic, a blockchain security company, also announced in March that the Heco Bridge hack, which occurred shortly after the Poloniex theft, involved $12 million that Lazarus Group stole and Tornado Cash used to launder.

Ethereum’s Wallet Innovation

In response to these security concerns, Ethereum developers are focusing on improving the usability of cryptocurrency wallets by introducing Ethereum Improvement Proposals (EIPs) for the upcoming Pectra hard fork. One such proposal, EIP-3074, aims to significantly improve the user experience by allowing smart contracts to authorize transactions for external accounts (EOAs), which could revolutionize the usability of wallets.

Paradigm CTO, Georgios Konstatonopolous, emphasized the importance of EIP-3074, claiming that it could wallet UX “10x.” Additionally, the proposal includes features such as batch transactions and third-party transaction fee sponsorship, which address some of the current limitations and user concerns associated with EOAs.

Meanwhile, in order to promote safety protection, KuCoin introduced a $1 million bug bounty program last year – the largest bounty payout on HackenProof.

To protect user assets and strengthen the security of the platform, security researchers are compensated through the Bug Bounty program for finding and responsibly reporting vulnerabilities on the KuCoin platform.

KuCoin will receive help from HackenProof, a renowned cybersecurity consultancy, to evaluate researchers’ submissions and award reward points ranging from $50 to $1,000,000 for each bug. The most serious vulnerabilities receive the most awards.

About the Poloniex hack

A hack involving compromised private keys occurred on the cryptocurrency exchange Poloniex in November 2023. An estimated $126 million was taken from the project’s hot wallets by the attackers, who are believed to be members of the infamous Lazarus Group.

An iconic example of a compromised hot wallet is the Poloniex exchange hack. The theft of a private key used to digitally sign transactions tied to a specific blockchain address is one of many other blockchain technologies that have fallen victim to these types of attacks. Tokens can be sent from this private key to a wallet under the attacker’s control, if he manages to obtain it.