Kronos Research hacker starts laundering funds on Tornado Cash

As an analyst with a background in blockchain security and cybercrime investigations, I’ve closely followed the Kronos Research exploit since its disclosure last November. The recent transfer of funds from the hackers, now revealed to be using Tornado Cash for laundering, is yet another reminder of the complex and evolving nature of crypto-related crime.

Six months after the $25 million Kronos Research heist, those involved have started moving the stolen funds.

As a crypto investor, I closely monitor news related to blockchain security. On May 7th, I came across an alarming development when PeckShield, a renowned blockchain security firm, highlighted a suspicious transaction. The hackers involved in this activity were reportedly transferring the stolen funds towards Tornadocash, a well-known cryptocurrency mixing platform.

Tornado.Cash is an open-source solution enabling users to blend their cryptocurrency funds from various origins, thereby obscuring the assets’ origin. This functionality has raised concerns among regulators due to its association with money laundering activities by nefarious actors.

The US Department of the Treasury’s Office of Foreign Assets Control has taken action against this supposed privacy tool by imposing sanctions on it in August 2022.

In spite of the imposed sanctions, the platform remained a favored destination for malicious users who illegally laundered over $500 million in cryptocurrency during the year 2023.

As aanalyst, I’ve come across rumors that the people behind this platform are accused of laundering cryptocurrency assets that were originally obtained through theft. Nevertheless, they have firmly refuted these claims and have initiated motions to have them dismissed in court.

A hacker using the alias Kronos Research transferred 1,314 Ether, worth around $4 million, to a newly created wallet address, beginning with 0x8F5e4.

Following that transfer, the funds were directed to a wallet with the address 0x164A24b. Subsequently, this wallet executed ten separate transactions, each involving the transfer of 100 ETH. The recipients in these transactions were a crypto-mixing platform.

Kronos Research hacker starts laundering funds on Tornado Cash

Kronos Research first revealed the existence of the exploit on November 18th. This finding was subsequently validated by on-chain analyst ZachXBT, who drew attention to significant Ether transfers from a connected wallet. It later came to light that the perpetrators had utilized stolen API keys to carry out the attack.

After the cyberattack occurred, the company based in Taiwan made an effort to communicate with the hacker. They proposed a deal where the hacker would receive a reward of 10%, on the condition that they returned the remaining 90% of the stolen funds. However, this attempt at negotiation was unsuccessful.

Starting in January 2024, there have been numerous instances of cryptocurrency attacks. Surprisingly, there seems to be a downward trend emerging, as indicated by a 67% decrease in reported crypto thefts from March to April.

Similarly, March 2024 also recorded a 50% drop in crypto losses due to hacks compared to February.

Read More

2024-05-07 12:20