The mastermind behind the $25 million hack of Kronos Research, a quantitative trading firm, began moving the stolen funds approximately six months after the breach occurred in mid-November 2023. The hacker initiated the transfer by sending 1,314 Ether (ETH) valued at $4 million to a new address, which started with the characters 0x8F5e4. Subsequently, all of the ETH was transferred to another address starting with 0x164A24b.
The hacker then proceeded to make ten transactions of 100 ETH each from the final address, transferring the funds to Tornado Cash, a cryptocurrency mixing tool. Tornado Cash is an open-source mixer that operates on Ethereum Virtual Machine-compatible networks. Its purpose is to obscure the trail of crypto transactions, making it exceedingly difficult to trace the origin of the funds. While Tornado Cash was originally developed as a privacy tool, it has unfortunately become a favorite among hackers for laundering stolen funds through decentralized exchange platforms.
Due to the substantial use of Tornado Cash for illicit transfers, the United States government took action in August 2022 by imposing sanctions on its usage. As a result, the founders of Tornado Cash were charged with money laundering and violations of these sanctions in 2023.
Opinions within the cryptocurrency community regarding the adoption of privacy tools vary, but there is a widespread consensus against the persecution of developers for creating such applications by state authorities.
PeckShield, a crypto analytics firm, raised an alarm when it observed the funds being transferred to Tornado Cash. The firm warned that this move indicated the hacker’s attempt to launder the stolen funds.
Hackers have increasingly favored crypto-mixing services over centralized exchanges over the years because once their addresses are identified, exchanges typically block them.
Kronos Capital fell victim to the exploit in November 2023 when the hackers gained access to the firm’s application programming interface keys. Initially, the company denied any loss of funds in its initial announcement. However, on-chain investigator ZachXBT later revealed that approximately 12,800 ETH, equivalent to $25 million, had been stolen and transferred to six distinct crypto wallet addresses. Kronos Capital temporarily suspended its trading services to investigate the incident.
Magazine: Breaking into Liberland: Evading Guards with Inner-tubes, Decoys, and Diplomats.