Decentralized finance (DeFi) platform Lendhub was hacked for $6 million in January, and now, blockchain security firms PeckShield and Beosin have reported that the hackers have sent more than half of their stolen funds to the crypto mixer Tornado Cash.
On February 27, PeckShield and Beosin reported that around 2,415 ether, worth $3.85 million, was sent from a wallet connected to the Lendhub exploit to Tornado Cash.
Beosin noted that this brings the total amount of funds sent by the exploiter to Tornado Cash since January 13 to 3,515.4 ETH, currently worth over $5.7 million.
Tornado Cash is a crypto mixing service that anonymizes Ethereum transactions by combining vast amounts of Ether prior to depositing sums to other addresses.
However, the service was sanctioned by the United States Office of Foreign Assets Control (OFAC) for its alleged role in the laundering of crime proceeds. Despite this, Tornado Cash is still able to run as it’s a smart contract housed on a decentralized blockchain.
Hacks and scams once contributed to around 34% of all inflows to Tornado Cash, according to a January report by blockchain analytics firm Chainalysis. However, this dropped by 68% in the 30 days following the sanctions.
Although Lendhub has not yet commented on the latest developments, the movement of funds into Tornado Cash highlights the challenges facing DeFi platforms in terms of security.
While DeFi has the potential to democratize finance and bring greater financial inclusion, the risks associated with these platforms must be carefully managed.
As DeFi continues to grow, it’s likely that these risks will become even more pronounced, making security a top priority for all involved.