According to Etherscan data, the TempleDAO exploiter sent stolen money to the privacy protocol’s smart contract.
TempleDAO was used as a vehicle by a hacker who took advantage of the DeFi protocol to move the money they had stolen.
The yield-farming protocol was abused earlier this month for 1,831 ETH (about $2.34 million). All money was transferred to a new wallet.
According to Etherscan data, on Sunday, a similar amount of ether was sent from the hacker’s known address to a Tornado Cash router. The action will conceal the whereabouts of the stolen money.
Immutable smart contracts built into the system can give both authorized and illegal users privacy.
PeckShield, a blockchain researcher, was the first to notice how the exploiter was using the crypto mixer.
Within minutes, numerous other transfers totaling a combined total of 100 ether each followed the initial 0.1 ether transfer.
Because Tornado Cash operates as a cryptoasset mixer, it is quite challenging to pinpoint exactly where withdrawn money came from. It was removed from the list of “Specially Designated Individuals” sanctioned by the US Treasury in August, making it illegal for citizens to use the site.
The mixer’s role in the laundering of cryptocurrency worth over $455 million that was stolen by the North Korean hacker outfit Lazarus was the main source of concern for the Treasury.
According to DeFiLlama, the protocol’s total value locked was around $57 million prior to TempleDAO’s hack. Its assets were attacked to the tune of 4%.
The connected Stax Finance smart contract’s poor access restrictions to a certain function was the main problem, according to security company BlockSec.