On Jan. 10, a compromised crypto wallet lost about $282 million, and roughly $63 million of that later flowed into Tornado Cash, according to CertiK. The attacker moved funds rapidly across chains to obscure the trail after gaining control of the wallet.
CertiK said at least 686 BTC was bridged to Ethereum and converted into about 19,600 ETH at a single address. The Ether was split across multiple wallets and sent in chunks before entering the mixer.
The theft followed a social engineering attack that exposed the victim’s seed phrase, investigators found. ZachXBT traced the impersonation of wallet support as the entry point.
Security firm ZeroShadow reported about $700,000 of the stolen funds were flagged and frozen early. Most assets, however, moved out of reach after the cross-chain transfers.
Marwan Hachem of FearsOff said the movements mirrored known laundering tactics and named services used for conversions. “This flow follows the classic large-scale laundering playbook pretty closely, especially for cross-chain thefts involving BTC and LTC,” he said.
Hachem added the conversion into many roughly 400 ETH chunks before mixing was standard practice. “Tornado Cash is a major kill switch for traceability,” he said, and recovery chances, he warned, “(Ed. note: drop to near zero)”.
