The attacker behind the Unizen hack has moved over $2 million of stolen assets to Tornado Cash more than four months after the attack. According to blockchain security firm PeckShield, the attacker laundered a total of 865.4 ETH, approximately $2.16 million at the time.
The routing of funds began with the attacker transferring 2,179,859 DAI from the wallet used in the exploit to an unknown wallet identified as β0X866β¦84d7β in two separate transactions. Subsequently, the hacker started swapping the DAI for ETH on Uniswap before transferring them to Tornado Cash via 26 different transactions. At the time of writing, both the exploiterβs wallets had zero balances.
The funds were moved 151 days after the March 9 attack, when PeckShield identified an βapprove issueβ with the platform. $2.1 million worth of USDT had been drained and later converted into DAI. The Unizen team attempted to contact the hacker on-chain and offer a 20% bounty in return for the stolen assets but to no avail.
A reimbursement plan was announced on March 11, led by Unizen CEO Sean Noga, who used his personal funds to compensate users. The funds would be compensated in USDT and USDC for victims who lost less than $750,000, while cases above the threshold would be addressed individually.
Practical Advice for Cryptocurrency Investors
To safeguard your assets, consider the following tips:
- Use Hardware Wallets: Store your cryptocurrencies in hardware wallets rather than online exchanges.
- Enable Two-Factor Authentication: Add an extra layer of security to your accounts.
- Regularly Update Software: Ensure that your wallets and other crypto-related software are up-to-date.
- Be Wary of Phishing Scams: Always verify the source before clicking on links or providing information.
Attackers employ various means to move stolen assets, with cryptocurrency mixers being a common tool. Last month, on-chain sleuth ZachXBT reported that the hackers behind the $308 million DMM Bitcoin hack were laundering stolen assets via various online marketplaces that facilitate scams and related services. Meanwhile, attackers behind the flash loan attack on Binance Smart Chain-based DeFi protocol Pancake Bunny were seen buying the Ethereum dip on Aug. 5, when the second-largest cryptocurrency recorded a double-digit drop.
Stay informed and vigilant to protect your investments in the ever-evolving world of cryptocurrencies.
For the latest news and updates on cryptocurrency, investing, and finance, explore more on Global Crypto News.