Unizen attacker moves $2.1m via Tornado Cash

As a seasoned researcher with over two decades of experience in the digital realm, I find myself consistently amazed at the ingenuity and audacity of these cybercriminals. The Unizen hacker, four months post-attack, has managed to move over $2 million worth of stolen assets through Tornado Cash, a testament to their relentless pursuit of anonymity.


The individual responsible for the Unizen hack has transferred approximately $2 million of misappropriated funds to Tornado Cash, a privacy-focused cryptocurrency transaction platform, over four months following the security breach.

As a researcher delving into the realm of blockchain security, I’ve uncovered an intriguing finding from PeckShield’s reports. An unidentified entity managed to launder a substantial amount of Ether, roughly equating to 865.4 ETH, which was equivalent to around $2.16 million at the time of the transaction.

Warning from PeckShield at Unizen_IO: A suspect account has moved approximately 865.4 ETH, equivalent to around $2.16 million, to Tornado Cash.— PeckShieldAlert (@PeckShieldAlert) August 7, 2024

Initially, the attacker moved 2,179,859 DAI from the wallet tied to the exploit to a mysterious wallet labeled “0X866…84d7” through two distinct transfers.

Unizen attacker moves $2.1m via Tornado Cash

Afterward, the hacker began exchanging DAI for ETH on Uniswap and then moved these assets through 26 separate transfers to Tornado Cash.

Unizen attacker moves $2.1m via Tornado Cash

At the time of writing, both the exploiter’s wallets had zero balances.

In my analysis, I discovered that approximately 151 days following the March 9 cyber-attack on the platform, a significant issue related to approval was identified by PeckShield. Subsequently, an equivalent value of $2.1 million in USDT was transferred and later transformed into DAI.

Hey there @unizen_io! It seems there might be an approval issue causing over 2 million dollars in losses. If you have approved the trade aggregator with the address: eth: 0xd3f64baa732061f8b3626ee44bab354f854877ac, I would recommend revoking that approval as soon as possible.

— PeckShield Inc. (@peckshield) March 8, 2024

Despite reaching out to the hacker through the blockchain and proposing a 20% reward for the recovered stolen assets, our team at Unizen was unable to make any progress.

On March 11, a reimbursement scheme was unveiled, led by Unizen’s CEO, Sean Noga. He pledged to use his own resources to repay affected users. The compensation for those who suffered losses under $750,000 would be provided in USDT and USDC. For claims exceeding this amount, each case will be handled individually.

Thieves often use different methods to transfer ill-gotten gains, and digital currency tumblers are typically their preferred choice for anonymity.

Earlier this month, digital detective ZachXBT disclosed that the perpetrators of the $308 million DMM Bitcoin (BTC) heist were allegedly washing their ill-gotten gains through Huione Guarantee, an online platform known for aiding numerous frauds and suspicious activities.

During the same period, individuals responsible for the flash loan assault on the decentralized finance (DeFi) platform Pancake Bunny on Binance Smart Chain were observed purchasing Ethereum at a discount on August 5, as the second most significant cryptocurrency experienced a substantial decline of over ten percent.

Read More

Sorry. No data so far.

2024-08-07 13:18