More than half of the $100 million worth of Ether involved in the infamous Poloniex hack that occurred in November 2023 was siphoned off via privacy protocol Tornado Cash.
On November 10, 2023, a large-scale unauthorized leak was recorded from a wallet belonging to the cryptocurrency exchange Poloniex. A subsequent investigation determined that $100 million worth of Ether (ETH) was lost as a result of the hack.
Poloniex claimed to have identified the hacker weeks later and offered a $10 million reward, but the stolen funds were never returned to the exchange. According to blockchain security company CertiK, the incident is likely a ‘private key compromise.’
In response to the suspected leak, the exchange temporarily disabled the compromised wallet.
Six months later, it became clear that the Poloniex hackers had no intention of returning the stolen funds. Blockchain research firm PeckShield found that more than half of the loot was siphoned off through Tornado Cash, a protocol used to anonymize assets.
As shown in the flowchart above, the hacker moved more than 17,800 ETH from six different wallets to a single Tornado Cash address. The value of the tokens at the time of transfer was approximately $53.3 million.
Related: In the second incident in three days, Pike Finance was exploited for $1.6 million.
Poloniex soon resumed operations despite a $100 million setback, allowing investors to deposit and withdraw cryptocurrencies at will.
The exchange has appointed a “top-tier security audit firm” to strengthen the security of Poloniex’s funds and prevent such hacks in the future. at that time. The company said:
“They are currently in the final stages of the security audit and verification process for Poloniex. Once the audit is complete, we will immediately resume deposit and withdrawal services on our platform.”
Poloniex owner Justin Sun, who acquired the exchange in 2019, insisted that Poloniex “maintains a sound financial position” and is seeking cooperation with other exchanges to recover lost funds, while reimbursing users affected by the breach in full. I promised I would.
magazine: What do cryptocurrency market makers actually do? liquidity or manipulation