The attacker behind the Unizen attack transferred more than $2 million in stolen assets to Tornado Cash more than four months after the attack.
According to blockchain security firm PeckShield, the attacker laundered a total of 865.4 ETH (ETH), or approximately $2.16 million.
The diversion began when the attacker transferred 2,179,859 DAI (DAI) from the exploited wallet to an unknown wallet identified as “0X866…84d7” in two separate transactions.
Attacker moves funds from exploited wallet | Source: Etherscan
The hacker then began swapping DAI for ETH on Uniswap and then transferred them to Tornado Cash in 26 different transactions.
Transfer of exchanged ETH to Tornado cash | Source: Etherscan
At the time of writing, neither abuser had any money in their wallets.
The funds were moved 151 days after the March 9 attack after PeckSheild detected a “confirmation issue” on the platform. $2.1 million worth of USDT was drained and later converted to DAI.
HELLO @unizen_io You might want to take a look. Looks like a validation issue with >2m loss anyway.
If you have approved the following transaction aggregator, please cancel it as soon as possible:
meat: 0xd3f64baa732061f8b3626ee44bab354f854877ac pic.twitter.com/Rq1AMxrrgs
— PeckShield Inc. (@peckshield) March 8, 2024
The Unizen team attempted to contact the hacker on-chain and offer a 20% bounty for the stolen assets, but were unsuccessful.
On March 11, a refund plan was announced, spearheaded by Unizen CEO Sean Noga, that would use his personal funds to compensate users. Funds would be reimbursed in USDT and USDC for victims who lost less than $750,000, while cases above the threshold would be handled on a case-by-case basis.
Attackers use a variety of methods to move stolen assets, the most common of which is cryptocurrency mixers.
Last month, on-chain detective ZachXBT reported that the hackers behind the $308 million DMM Bitcoin (BTC) hack laundered the stolen assets through Huione Guarantee, an online marketplace that facilitates various scams and related services.
Meanwhile, the attackers behind the flash loan attack on Binance Smart Chain-based defi protocol Pancake Bunny were seen buying into the Ethereum drop on August 5, when the second-largest cryptocurrency recorded a double-digit decline.
Bitcoin 
Ethereum 
Tether 
BNB 
Solana 
USDC 
XRP 
Lido Staked Ether 
Dogecoin 
Toncoin 
TRON 
Cardano 
Avalanche 
Wrapped stETH 
Wrapped Bitcoin 
Shiba Inu 
WETH 
Chainlink 
Bitcoin Cash 
Polkadot 
Dai 
LEO Token 
Uniswap 
NEAR Protocol 
Litecoin 
Kaspa 
Wrapped eETH 
Artificial Superintelligence Alliance 
Internet Computer 
Sui 
Aptos 
Pepe 
Monero 
First Digital USD 
POL (ex-MATIC) 
Stellar 
Ethereum Classic 
Bittensor 
Ethena USDe 
Stacks 
OKB 
Immutable 
Cronos 
Aave 
Filecoin 
Render 
Arbitrum 
Injective 
Mantle 
Hedera