- The cyberattacker responsible for the November Poloniex hack has resurfaced.
- The hacker is moving portions of the stolen assets incognito.
- Tactics of the Poloniex hacker bear similarities to those of a notorious crypto hacker group.
The past year in the crypto world was one for the books for hacks and scams, marked by over 600 security incidents reported across the industry. Among the hardest hit was the Justin Sun-owned centralized exchange Poloniex, which saw an estimated $125 million drained from its hot wallets on November 10, 2023.
Following an extensive six-month dormancy, the Poloniex attacker’s bag of funds is bustling with activity.
Poloniex Hack Funds on the Move
According to Arkham Intelligence data on Tuesday, May 7, a wallet associated with the Poloniex hacker has resurfaced with transactions, recently transferring approximately 1126 Ethereum (ETH), valued at an estimated $3.5 million.
Sponsored
The multi-part transaction, which occurred over two hours, was conducted in batches of 100 ETH, 10 ETH, and 1 ETH. This follows an initial transaction of 501 Bitcoin, worth approximately $32 million, on April 30, 2024, to an unlabelled wallet address.
However, the recent transfer came with a twist. Rather than being transferred to another wallet, the hacker adopted the infamous mixer Tornado Cash, a tool commonly utilized for anonymizing cryptocurrency transactions by spreading them across various wallets to obfuscate their path.
Despite the weight of the assets moved so far, it marks only a fraction of the hacker’s crypto loot, which consists of 25,563 ETH ($79 million), 305,042 TRX ($36 million), 626 BTC ($32 million), and 364,292 BTCT ($23.3 million), totaling $170 million.
Sponsored
The re-emergence of the Poloniex hacker has once again spotlighted speculation about the perpetrator’s identity.
Who Was Behind the Poloniex Hack?
While the culprit’s identity remains shrouded in mystery, the characteristics of the $125 million hack have been spotlighted as resembling those of the North Korean hacker group Lazarus.
Central to the parallels is the weight of the Poloniex loot. Lazarus has orchestrated similar large-scale thefts across the industry, such as the $100 million Harmony Protocol hack, the $41 million Stake.com heist, and the $25 million Atomic Wallet cyber attack.
The use of mixer Tornado Cash in the $3.5 million Poloniex hack gains also echoes Lazarus’s tactics. Tornado has been a preferred tool for the hacker group, employed to obscure transaction paths and evade authorities in various instances.
Over the past three years, the North Korean-backed hacker group has successfully orchestrated over 25 hacks, laundering more than $200 million.
On the Flipside
- The attacker’s ETH transfer has not impacted the token’s price, trading at $3,095 at press time.
- In August 2023, the US Justice Department sanctioned Tornado Cash for facilitating billions of dollars in money laundering by illicit actors.
- The anonymity of hacks in crypto and the presence of various malicious actors make it challenging to pin Lazarus as the orchestrator of the Poloniex drain.
Why This Matters
The 2023 Poloniex hack marked a major loss for the crypto industry, making subsequent actions associated with it, such as the attacker’s movement of funds following months of silence, conspicuous. While the transferred assets constitute only a fraction, their movement could mark a prelude to laundering the entirety of the stolen funds.
Read more about the aftermath of the hack and how it impacted the exchange:
Poloniex Close to Restoring Full Operations After $125M Hack
Here’s how the SEC is facing scrutiny for its regulatory actions against crypto:
SEC Under Fire for Wells Notice Abuse as It Hunts Robinhood
