The individual responsible for the $25 million hack on quantitative trading firm Kronos Research in mid-November 2023 began moving the stolen funds approximately six months after the initial exploit took place.
The hacker initiated the transfer by sending 1,314 Ether (ETH) worth $4 million to a new address, which started with the characters 0x8F5e4. Subsequently, all of the ETH was transferred to another address that began with 0x164A24b.
The final wallet involved in the hack saw the hacker conduct ten transactions of 100 ETH, which were then transferred to Tornado Cash, a cryptocurrency mixing tool.
Tornado Cash is an open-source cryptocurrency mixer that operates on networks compatible with the Ethereum Virtual Machine. This tool obscures the path of crypto transactions, making it extremely difficult to trace the origin of the funds. While initially created as a privacy tool, hackers often exploit mixing services to launder stolen funds through decentralized exchange platforms.
The extensive use of Tornado Cash for transferring illicit funds led the United States government to impose sanctions on its use in August 2022. As a result, the founders of Tornado Cash faced charges of money laundering and sanctions violations in 2023.
The crypto community holds varying opinions on the adoption of privacy tools, but there is a consensus against state persecution of developers for creating such applications.
Crypto analytics firm PeckShield issued an alert concerning the transfer of funds on X, warning that the use of Tornado Cash suggests that the hacker is attempting to launder the stolen funds.
In recent years, hackers have increasingly turned to crypto-mixing services instead of centralized exchanges. This is because once identified, exchanges typically block the associated addresses.
Kronos Capital experienced the exploit in November 2023 when the hackers gained access to the firm’s application programming interface keys. Initially, the company denied any loss of funds during its early announcements. However, on-chain investigator ZachXBT later revealed that approximately 12,800 ETH worth $25 million had been stolen and transferred to six distinct cryptocurrency wallet addresses. Kronos Capital temporarily suspended its trading services to investigate the incident.
Magazine: Breaking into Liberland: Evading guards using inner-tubes, decoys, and diplomats