The mastermind behind the $25 million attack on Kronos Research, a quantitative trading firm, took action approximately six months after the initial exploit. The hacker began by transferring 1,314 Ether (ETH) worth $4 million to a new address that started with 0x8F5e4. Subsequently, all of the ETH was moved to another address beginning with 0x164A24b.
Source: PeckShield
To further obfuscate the source of the funds, the hacker made ten transactions of 100 ETH from the final wallet and sent them to Tornado Cash, an open-source cryptocurrency mixer. Tornado Cash operates on networks compatible with the Ethereum Virtual Machine and is known for its ability to obscure the path of crypto transactions, making it difficult to trace the origin of the funds.
Although initially developed as a privacy tool, hackers often exploit mixing services like Tornado Cash to launder stolen funds through decentralized exchange platforms. This extensive use of Tornado Cash for illicit transfers led to the imposition of sanctions by the United States government in August 2022. As a result, the founders of Tornado Cash faced charges of money laundering and sanctions violations in 2023.
Related:
Five US enforcement agencies come together to establish a new task force targeting digital currency-related crimes
While opinions within the crypto community differ on the adoption of privacy tools, there is widespread agreement that developers should not be persecuted by governments for creating such applications.
In response to the transfer of funds, crypto analytics firm PeckShield issued an alert, suggesting that the hacker was attempting to launder the stolen funds by utilizing Tornado Cash.
In recent years, exploiters have increasingly turned to crypto-mixing services instead of centralized exchanges, as these exchanges tend to block identified addresses once they are flagged.
Kronos Capital fell victim to the exploit in November 2023 when the attackers gained access to the firm’s application programming interface keys. Initially, Kronos Capital denied any loss of funds, but later investigation by on-chain investigator ZachXBT revealed that approximately 12,800 ETH worth $25 million had been stolen and transferred to six different crypto wallet addresses. Kronos Capital temporarily suspended its trading services to conduct a thorough investigation into the incident.
Magazine:
Breaking into Liberland: Evading guards using inner-tubes, decoys, and diplomats