The hunt for hackers who stole an estimated US$97 million from the Japanese crypto exchange Liquid last week has hit some snags as the cybercriminals have been actively hiding their tracks with a crypto mixing tool as they move to transfer their loot into other wallets.
Fast facts
- According to public blockchain information on Etherscan, roughly 6,000 ETH worth US$20 million has been sent to Tornadocash.com, a non-custodial mixer for Ether and ERC20 tokens, allowing the hackers to hide their transactions by mixing their coins in with others. The hacker also used decentralized exchange Uniswap, among others, to liquidate ERC20 tokens. Roughly 9,600 ETH worth US$32 million still remains in the hacker’s wallet.
- Liquid exchange initially reported the hack last Thursday via Twitter, where it also listed several wallets where the hackers had supposedly transferred Bitcoin, Ethereum, Tron and XRP tokens. The exchange also filed a suspicious transaction report and halted all crypto withdrawals while it assessed the full impact.
- The company continued to provide updates over the weekend, adding to the list of addresses used by the hackers, and assuring customers existing infrastructure has been upgraded with greater security.
- Chinese decentralized finance platform Poly Network also suffered a highly publicized cyberattack recently, losing US$600 million in the biggest DeFi hack in history. The hacker, dubbed Mr. White Hat, claims to have “ethically” hacked the system in order to expose weaknesses in the platform’s security. Since then, the hacker has been offered a reward for returning the assets, as well as a position within Poly Network as its chief security advisor. But in another plot twist, the hacker is now refusing to return the stolen assets, accusing the company of “incompetency.” It is not clear if the Poly hackers intend to take up the network’s job offer.
