Poloniex hacker laundered over 60% of stolen funds in just one week

As an analyst with extensive experience in blockchain and cryptocurrency security, I find the situation surrounding the Poloniex hack and the successful laundering of over $60 million through Tornado Cash deeply concerning. The ability of a known hacker to carry out such large-scale transactions despite being identified and publicly shamed speaks volumes about the current state of security measures in place for these decentralized financial platforms.


Despite being reportedly identified as the perpetrator, a hacker managed to wash over half of the pilfered funds from Poloniex through Tornado Cash, making the ill-gotten gains harder to trace.

In the final weeks of 2023, an unidentified hacker gained unauthorized access to Poloniex and made off with approximately $100 million. Later on, law enforcement agencies claimed to have traced over $66 million of these ill-gotten gains through Tornado Cash – a cryptocurrency mixing service that had been authorized at the time.

I, as a researcher, have uncovered new information regarding the ongoing #PeckShieldAlert involving the #Poloniex hacker. As of today, the 15th of May, 2024, this cybercriminal has transferred a grand total of 22,200 Ethereum (ETH) tokens, equivalent to approximately $66.3 million in value, to the privacy-focused platform #TornadoCash. Previously, it was reported that they had sent 4,400 ETH, or around $12.8 million, to this same destination.— PeckShieldAlert (@PeckShieldAlert) May 15, 2024

Based on information from blockchain analysis company PeckShield, the latest transaction involved more than 4,400 Ether (approximately $12.8 million) being transferred to Tornado Cash. With this transaction, the total amount of ill-gotten gains channeled through Tornado Cash now stands at over 22,200 Ether (around $66.3 million).

As a researcher following the developments at Poloniex, I’m excited to see significant strides being made in the investigation of the stolen funds. Justin Sun’s offer of a $10 million reward for information leading to their recovery is an enticing incentive.

— PeckShield Inc. (@peckshield) November 18, 2023

Around mid-November 2023, following Poloniex’s cyberattack, the project team contacted the perpetrator, stating, “We have already identified you.” Additionally, they proposed a $10 million reward for the return of stolen funds and warned that law enforcement agencies from various countries would be involved if cooperation was not forthcoming.

In the first week of May, a week after Poloniex issued warnings that the stolen funds would be frozen, the hacker successfully laundered more than half of the stolen amount. No clear signs have emerged so far suggesting that Poloniex has managed to freeze the remaining funds.

Based on a report from crypto.news, it appears that Poloniex’s listing data indicates a partially abandoned exchange. Over 500 of its trading pairs showed no trading volume as of May 13th. According to the information obtained by crypto.news, around 53% of all listed pairs on the platform had insignificant or zero daily trading activity at that time.

In a statement to crypto.news, a representative from Poloniex explained that “price can be a contributing factor,” further elaborating that “the values of assets can change frequently, resulting in price disparities.” Nevertheless, it remains a mystery why numerous trading pairs on the exchange exhibited zero daily transactions.

Read More

2024-05-15 13:32