The attacker behind the Unizen hack has moved over $2 million of stolen assets to Tornado cash more than four months after the attack.
According to blockchain security firm PeckShield, the attacker laundered a total of 865.4 ETH (ETH), approximately $2.16 million at the time.
#PeckShieldAlert @unizen_io Exploiter-labeled address has transferred 865.4 $ETH (worth ~$2.16M) to #Tornadocash pic.twitter.com/ndJiSPcNeV
— PeckShieldAlert (@PeckShieldAlert) August 7, 2024
The routing of funds began with the attacker transferring 2,179,859 DAI (DAI)from the wallet used in the exploit to an unknown wallet identified by “0X866…84d7” in two separate transactions.
Attacker moves funds from wallet used in the exploit | Source: Etherscan
Subsequently, the hacker started swapping the DAI for ETH on Uniswap before transferring them to Tornado Cash via 26 different transactions.
Swapped ETH being transferred to Tornado cash | Source: Etherscan
At the time of writing, both the exploiter’s wallets had zero balances.
The funds were moved 151 days after the March 9 attack, when PeckSheild identified an “approve issue” with the platform. $2.1 million worth of USDT had been drained and later converted into DAI.
Hi @unizen_io you may want to a look. It looks like an approve issue with >2m loss already.If you have approved the following trade aggregator, please revoke ASAP: eth: 0xd3f64baa732061f8b3626ee44bab354f854877ac pic.twitter.com/Rq1AMxrrgs
— PeckShield Inc. (@peckshield) March 8, 2024
The Unizen team attempted to contact the hacker on-chain and offer a 20% bounty in return for the stolen assets but to no avail.
You might also like: Unizen to reimburse victims after $2.1 million defi breach
A reimbursement plan was announced on March 11, spearheaded by Unizen CEO Sean Noga, who used his personal funds to compensate users. The funds would be compensated in USDT and USDC for victims who lost less than $750,000, while the cases above the threshold would addressed individually.
Attackers employ various means to move stolen assets, with cryptocurrency mixers being the most common tool.
Last month, on-chain sleuth ZachXBT reported that the hackers behind the $308 million DMM Bitcoin (BTC) hack were laundering stolen assets via Huione Guarantee, an online marketplace that facilitates various scams and related services.
Meanwhile, attackers behind the flash loan attack on Binance Smart Chain-based defi protocol Pancake Bunny were seen buying the Ethereum dip on Aug. 5, when the second largest cryptocurrency recorded a double-digit drop.
Read more: Unizen Launches Trade Aggregator V1 Supporting 70 DEXes