The attacker behind the Unizen attack transferred more than $2 million in stolen assets to Tornado Cash more than four months after the attack.
According to blockchain security firm PeckShield, the attacker laundered a total of 865.4 ETH (ETH), or approximately $2.16 million.
The diversion began when the attacker transferred 2,179,859 DAI (DAI) from the exploited wallet to an unknown wallet identified as “0X866…84d7” in two separate transactions.
Attacker moves funds from exploited wallet | Source: Etherscan
The hacker then began swapping DAI for ETH on Uniswap and then transferred them to Tornado Cash in 26 different transactions.
Transfer of exchanged ETH to Tornado cash | Source: Etherscan
At the time of writing, neither abuser had any money in their wallets.
The funds were moved 151 days after the March 9 attack after PeckSheild detected a “confirmation issue” on the platform. $2.1 million worth of USDT was drained and later converted to DAI.
HELLO @unizen_io You might want to take a look. Looks like a validation issue with >2m loss anyway.
If you have approved the following transaction aggregator, please cancel it as soon as possible:
meat: 0xd3f64baa732061f8b3626ee44bab354f854877ac pic.twitter.com/Rq1AMxrrgs
— PeckShield Inc. (@peckshield) March 8, 2024
The Unizen team attempted to contact the hacker on-chain and offer a 20% bounty for the stolen assets, but were unsuccessful.
On March 11, a refund plan was announced, spearheaded by Unizen CEO Sean Noga, that would use his personal funds to compensate users. Funds would be reimbursed in USDT and USDC for victims who lost less than $750,000, while cases above the threshold would be handled on a case-by-case basis.
Attackers use a variety of methods to move stolen assets, the most common of which is cryptocurrency mixers.
Last month, on-chain detective ZachXBT reported that the hackers behind the $308 million DMM Bitcoin (BTC) hack laundered the stolen assets through Huione Guarantee, an online marketplace that facilitates various scams and related services.
Meanwhile, the attackers behind the flash loan attack on Binance Smart Chain-based defi protocol Pancake Bunny were seen buying into the Ethereum drop on August 5, when the second-largest cryptocurrency recorded a double-digit decline.