The hacker, who made his $25 million exploit with the Kronos research firm earlier in the year, started moving funds right from the day of the exploit, which is almost six months now.
Crypto laundering tactics
The hacker who bought the 1,314 Ether coins initiated the transaction with a hacker wallet. The hacker met the wallet with this address,0x8F5e4, and transferred 4 million dollars worth of ETH. Later, the ETH was transferred to a new address, 0x164A24b.
Source: PeckShield
The cybercriminal, in turn, finished with ten transfers from the last pool to the crypto-mixing service Tornado Cash. Tornado Cash is an open-source cryptocurrency mixer that operates on networks compatible with the Ethereum Virtual Machine. The mixer services, in turn, confuse the travel and make it impossible to trace the origin of the funds.
Source: Etherscan
Although these mixing services were created merely to hide the sender’s identity or privately move wealthy individuals’ assets, hackers frequently exploit these platforms to launder stolen funds and capitalize on them through decentralized exchange platforms.
The recent case of stealing funds from Tornado Cash, mainly used for money laundering, led to the U.S. government imposing sanctions on its usage in August 2022. In addition, the founders were found guilty 2023 of money laundering and sanctions violations.
Cryptocommunity members also differ in their opinions on embracing these privacy-enhancing methods. Yet, they unanimously support the case against the persecution of developers who have created applications or technologies to perform these functions.
Privacy tools misused
The crypto-analyzing company PeckShield issued a warning regarding funds transferred on X. It warned that the incoming transfer to Tornado Cash manifests that the hacker is trying to conceal the translated sums.
#PeckShieldAlert #KronosResearch Hacker 5: The labeled address has transferred 200 $ETH to #Tornadocash and approximately 1,314 $ETH (worth around $4 million) to a new address 0x164A…D5c4, and started laundering them via #Tornadocash#KronosResearch was hacked in mid-November… pic.twitter.com/7YOVuNpebd
— PeckShieldAlert (@PeckShieldAlert) May 7, 2024
Overall, exploiters prefer crypto-mixers over centralized exchanges since once they are identified, these exchanges block the wallets accordingly.
The Kronos Capital platform was exploited in November 2023, when the hackers got access to keys to the platform’s application programming interface, exploiting the key exposure vulnerability. The company initially refused damage done to the funds at the beginning of its existence.
Shortly afterward, investigator ZachXBT, operating on the chain, determined that at least 12,800 ETH from the total of those stolen and with the cost of almost $25 million were sent to six different crypto addresses. Kronos Capital shut down its trading services to conduct a thorough investigation.
