It has been reported that some of the funds stolen from cryptocurrency exchange Poloniex have been moved for the first time. Six months later, in November 2023, one of the accounts confirmed to have been sent exploit procedures transferred $3.5 million to a cryptocurrency mixer.
Stolen funds transferred for the first time
On Monday night, one of the addresses labeled as holding the stolen assets transferred the funds to the U.S.-banned Tornado Cash. This transfer is the first since the cryptocurrency heist, in which hackers moved part of the money for money laundering.
According to a report by Wu Blockchain, Poloniex hackers have accessed the address 0x3E… fDFd sent 100 ETH worth approximately $308,000 to the mixer. PeckShieldAlert later reported that the address had sent 1,100 ETH, worth nearly $3.5 million, to Tornado Cash.
#PeckShieldAlert #poloniex The address 0x3e94 was labeled by the hacker… 3fdfd sent 1.11k. $ETH (equivalent to ~$3.4 million) #TornadoCash pic.twitter.com/JIDG0pYfUH
— PeckShieldAlert (@PeckShieldAlert) May 7, 2024
In November 2023, Poloniex Exchange, led by Justin Sun, suffered a security breach that resulted in $125 million being stolen. At the time, blockchain security company PeckShield was notified of suspicious activity in the platform’s hot wallets. As a result, the Poloniex team froze the account “for maintenance purposes.”
However, it proved fruitless as hackers had already stolen millions of dollars worth of cryptocurrency assets from those addresses. According to the report, the exchange lost $56 million on Ethereum (ETH), $48 million on Tron (TRX), and $18 million on Bitcoin (BTC). Additionally, assets such as Pepe (PEPE) and Magic (MAGIC) were stolen.
Cryptocurrency hackers ignore warnings
Tron founder and exchange owner Justin Sun initially offered hackers a 5% white hat reward for the return of cryptocurrency assets. Sun later increased the offer from about $6 million to $10 million, reaching the industry standard of 10 percent.
Unfortunately, the attackers did not take up Sun’s offer, despite Sun’s clear message that the assets would be rendered useless. The Tron founder sent $0.10 worth of ETH to an already identified wallet where the stolen funds were sent.
In the message, Sun said the address had been marked as ineligible. He also warned investors that dealing with hackers could result in their accounts being frozen.
The Poloniex hack was attributed to the Lazarus Group, a North Korean hacker group known for high-profile attacks. According to CoinGecko data, the attack caused the centralized exchange to lose significant user trust, dropping its trust score to 5 out of 10.
The most recent transfer appears to confirm that the funds will never be returned and recovery is nearly impossible, as Wu Blockchain revealed. Despite not being able to send cryptocurrency assets directly to the exchange, the attackers used privacy tools to hide their funds.
It is worth noting that global regulators have misused these tools for criminal purposes under the pretext of cracking down and scrutinizing the privacy sector. Nonetheless, financial privacy continues to be important for user security, and using privacy tools can help protect investors.
Ultimately, the rise in cryptocurrency hacks remains a concern for the community. Over $500 million was stolen by malicious actors from cryptocurrency projects during the first quarter of 2024. Despite the sharp decline in April, experts continue to urge cryptocurrency investors to watch out for suspicious activity and strengthen security measures.
Total crypto market capitalization is at $2.27 trillion in the weekly chart. Source: TOTAL on TradingView
Featured image from Unsplash.com, chart from TradingView.com