Poloniex Heist Hacker Uses Tornado Cash to Launder Millions – What Does This Mean for Roman Storm Case?

Key Takeaways

• Poloniex Hacker’s use of Tornado Cash strengthens the legal case against the platform’s co-founders Roman Storm and Roman Semenov.
• Lazarus Group remains a suspect in the Poloniex hack
• Crypto security remains a major challenge, with mixers complicating investigations

A hacker who stole  $125 million from Poloniex’s hot wallets in November transferred 1,100 Ethereum (ETH) to sanctioned coin mixer Tornado Cash.

The news comes after Tornado Cash co-founders Roman Storm and Roman Semenov were indicted for allegedly facilitating over $1 billion in money laundering through their platform.

Now, prosecutors may use the hacker’s actions against the mixer’s founders

Poloniex Hacker Uses Tornado Cash to Launder Stolen Ethereum

The transferred Ether, valued at approximately $3.3 million, was sent in batches of 100 ETH each on Tuesday after being dormant for 178 days.

The individual responsible for the Poloniex hack, identified by the address 0x3E…fDFd, transferred 100 ETH worth aboutapproximately $308,000 to Tornado Cash. According to WuBlockchain , this marks the first reported instance of the hacker using Tornado Cash in such illicit activities.

The hacker has accumulated a significant portfolio of cryptocurrencies valued at over $182 million. This includes

• 25,563 ETH worth approximately $79 million.
• 305,042 TRX valued at $36 million.
• 626 BTC approximately valued at $32 million.
• 364.292 BTCT worth about $23.3 million.

Additionally, on April 30, the Poloniex hacker moved 501 BTC valued at $32 million to an unlabelled wallet. According to Arkham , the hacker still holds crypto worth $181 million across various blockchains.

Tornado Cash is a protocol which obscures crypto tokens’ origins by mixing them across various wallets over an extended period. In 2022, the US Treasury Department issued sanctions against it after its use by North Korean hacking group Lazarus. Lazarus used Tornado Cash in an attempt to conceal funds obtained from the $625 million Axie Infinity exploit . The group also reportedly used Tornado Cash to launder $12 million stolen in the Heco Bridge hack last year.

Hacker’s Use of Tornado Cash Impacts Legal Case Against Storm

The recent use of Tornado Cash by the individual behind the Poloniex hack could have significant implications for the ongoing legal case against Roman Storm, one of the co-founders of Tornado Cash.

This incident could potentially strengthen the Department of Justice’s (DOJ) case against Storm. The DOJ has accused Storm  and his co-founder of enabling over $1 billion in money laundering activities through their platform. The department claims Tornado Cash is an unlicensed money transmitter which violates sanctions.

This specific event ties Tornado Cash to high-profile criminal activities, thereby challenging Storm’s defense.

Storm’s argument that Tornado Cash merely provides a decentralized service without direct control over the funds may, however, falter under renewed scrutiny of how effectively such platforms can be used for illegal activities. The DOJ might use this to argue that the nature of Tornado Cash’s services inherently supports illicit activities. Moreover, this could affect the judicial perspective on the nature of crypto-mixing services. It could, potentially, set a precedent for how similar services might be treated legally in the future.

Lazarus Group Suspected in $114 Million Poloniex Hack

On November 10 2023, Poloniex suffered  a breach resulting in the theft of approximately $114 million worth of crypto. The Ethereum wallet tied to the hacker executed 357 transactions, moving a total of $114 million worth of tokens from Poloniex. Additionally, a wallet on the Tron blockchain associated with the incident transferred about $42 million to various addresses.

Tron founder Justin Sun bought Poloniex, founded in 2014 as a centralized exchange, in 2019. This exchange has experienced significant security challenges, including the previously mentioned hack.

In a separate development, an attacker associated with a $26 million hack on Kronos Research  transferred 200 ETH to Tornado Cash. Kronos Research also suffered an attack in November last year. However, it is currently unclear whether the two incidents are directly connected.

Related Hacks Underscore Crypto Security Risks

November’s attack on the HTX exchange, also owned by Justin Sun, and the Heco cross-chain bridge led to the loss of over $97 million in various tokens. The vulnerability exploited in this incident involved private keys, allowing attackers to transfer tokens from users’ wallets on the Heco Chain to their accounts on the Ethereum network using the Heco bridge.

The Poloniex hack also shows the critical need for more robust security measures within crypto exchanges and blockchain protocols.

About the Author

Teuta Franjkovic

Teuta is a seasoned writer and editor with more than 15 years of experience. She has expertise in covering macroeconomics and technology as well as the cryptocurrency and blockchain industries. She has worked for several publications as a journalist and editor, including Forbes, Bloomberg, CoinTelegraph, Coin Rivet, CoinSpeaker, VRWorld and Arcane Bear. Teuta began her professional career in 2005, working as a lifestyle writer at Cosmopolitan in Croatia. From there, she branched out to several other publications, covering mainly business and the economy. She then turned her attention to the world of cryptocurrency and blockchain, believing that crypto is among the most important inventions in the history of humanity. Her involvement in fintech began in 2014 and she has since lent her expertise in writing, editing and gathering information about the world of crypto, blockchain, NFTs and Web3. An all-round news hound, mentor, editor, and writer, Teuta enjoys teamwork and good communication. She holds a WSET2 diploma and has a thing for chablis, punkrock music and shoes. She also holds a double MA in Political science and Entrepreneurship.

See more

[email protected] LinkedIn Twitter