Bitrabo Editorial
Recent reports reveal that a portion of the stolen funds from the cryptocurrency exchange Poloniex has been transferred for the first time since the cyberattack. Around $3.5 million was moved to a crypto mixer from one of the identified accounts involved in the exploit activities dating back to November 2023.
First Transfer of Stolen Money
On a Monday evening, funds from one of the flagged addresses holding the pilfered assets were moved to Tornado Cash, a service banned in the US. This transfer signifies the initial movement of money by the hacker to launder it following the crypto heist.
According to a report by Wu Blockchain, the Poloniex hacker transferred 100 ETH, equivalent to approximately $308,000, from address 0x3E…fDFd to the mixing service. Subsequently, PeckShieldAlert revealed that the same address sent 1,100 ETH, worth almost $3.5 million, to Tornado Cash.
#PeckShieldAlert #Poloniex hacker-labeled address 0x3e94…3fdfd has transferred 1.11k $ETH (worth ~$3.4m) to #Tornadocash pic.twitter.com/JIDG0pYfUH
— PeckShieldAlert (@PeckShieldAlert) May 7, 2024
In November 2023, the Justin Sun-led Poloniex Exchange fell victim to a security breach resulting in the theft of $125 million. PeckShield, a blockchain security firm, raised concerns about suspicious activity in the exchange’s hot wallets. Consequently, Poloniex froze the affected accounts for “maintenance.”
Despite the freezing attempt, the hackers had already made off with millions in cryptocurrency from the compromised addresses. The breach led to losses of $56 million in Ether (ETH), $48 million in TRON (TRX), and $18 million in Bitcoin (BTC). Furthermore, assets like Pepe (PEPE) and Magic (MAGIC) were also taken.
Hacker Defies Warnings
Initially, Tron founder and exchange owner Justin Sun offered a 5% Whitehat reward to the hackers for returning the stolen assets. Subsequently, Sun increased the reward from roughly $6 million to $10 million, conforming to the industry standard of 10%.
Despite Sun’s entreaties and warning that the pilfered assets would lose their value, the hackers did not respond to the offer. Sun even attempted to mark the identified wallet addresses as ineligible by sending $0.10 worth of ETH to them and cautioned investors against engaging with the hackers to prevent their accounts from being frozen.
The Poloniex breach has been linked to the North Korean hacker group Lazarus Group known for its high-profile cyberattacks. Following the exploit, CoinGecko’s data reflected a significant decline in user trust in the centralized exchange, with its trust score plummeting to 5 out of 10 points.
The recent transfers strongly indicate that the stolen funds may never be recovered, as Wu Blockchain has indicated. The hacker used privacy tools to obscure the funds’ traces, making it challenging to directly deposit the crypto assets into exchanges.
Although global regulators have occasionally misused such privacy tools as grounds to crack down on the privacy sector, financial privacy remains crucial for user security. Utilizing privacy tools can support investors in safeguarding their assets.
Despite a reduction in crypto thefts in April after a surge in Q1 2024 where over half a billion dollars were stolen from crypto projects, experts continue to caution crypto investors to remain vigilant against suspicious activities and fortify their security protocols.