Poloniex Hacker Returns to Launder $3.5M via Tornado Cash

The long-dormant stash obtained by the hacker in the November loot has reemerged with activity.

A hacker appearing out of a digital smoke background.
Created by Gabor Kovacs from DailyCoin
  • The cyberattacker responsible for the November Poloniex hack has resurfaced.
  • The hacker is moving portions of the stolen assets incognito.
  • Tactics of the Poloniex hacker bear similarities to those of a notorious crypto hacker group.

The past year in the crypto world was one for the books for hacks and scams, marked by over 600 security incidents reported across the industry. Among the hardest hit was the Justin Sun-owned centralized exchange Poloniex, which saw an estimated $125 million drained from its hot wallets on November 10, 2023.

Following an extensive six-month dormancy, the Poloniex attacker’s bag of funds is bustling with activity.

Poloniex Hack Funds on the Move

According to Arkham Intelligence data on Tuesday, May 7, a wallet associated with the Poloniex hacker has resurfaced with transactions, recently transferring approximately 1126 Ethereum (ETH), valued at an estimated $3.5 million. 


The multi-part transaction, which occurred over two hours, was conducted in batches of 100 ETH, 10 ETH, and 1 ETH. This follows an initial transaction of 501 Bitcoin, worth approximately $32 million, on April 30, 2024, to an unlabelled wallet address. 

List of Transactions Linked to the Poloniex Hacker. Source: Arkham Intel.

However, the recent transfer came with a twist. Rather than being transferred to another wallet, the hacker adopted the infamous mixer Tornado Cash, a tool commonly utilized for anonymizing cryptocurrency transactions by spreading them across various wallets to obfuscate their path.

Despite the weight of the assets moved so far, it marks only a fraction of the hacker’s crypto loot, which consists of 25,563 ETH ($79 million), 305,042 TRX ($36 million), 626 BTC ($32 million), and 364,292 BTCT ($23.3 million), totaling $170 million.


The re-emergence of the Poloniex hacker has once again spotlighted speculation about the perpetrator’s identity.

Who Was Behind the Poloniex Hack?

While the culprit’s identity remains shrouded in mystery, the characteristics of the $125 million hack have been spotlighted as resembling those of the North Korean hacker group Lazarus.

Central to the parallels is the weight of the Poloniex loot. Lazarus has orchestrated similar large-scale thefts across the industry, such as the $100 million Harmony Protocol hack, the $41 million Stake.com heist, and the $25 million Atomic Wallet cyber attack.

The use of mixer Tornado Cash in the $3.5 million Poloniex hack gains also echoes Lazarus’s tactics. Tornado has been a preferred tool for the hacker group, employed to obscure transaction paths and evade authorities in various instances.

Over the past three years, the North Korean-backed hacker group has successfully orchestrated over 25 hacks, laundering more than $200 million.

On the Flipside

  • The attacker’s ETH transfer has not impacted the token’s price, trading at $3,095 at press time. 
  • In August 2023, the US Justice Department sanctioned Tornado Cash for facilitating billions of dollars in money laundering by illicit actors.
  • The anonymity of hacks in crypto and the presence of various malicious actors make it challenging to pin Lazarus as the orchestrator of the Poloniex drain.

Why This Matters

The 2023 Poloniex hack marked a major loss for the crypto industry, making subsequent actions associated with it, such as the attacker’s movement of funds following months of silence, conspicuous. While the transferred assets constitute only a fraction, their movement could mark a prelude to laundering the entirety of the stolen funds.

Read more about the aftermath of the hack and how it impacted the exchange:
Poloniex Close to Restoring Full Operations After $125M Hack 

Here’s how the SEC is facing scrutiny for its regulatory actions against crypto:
SEC Under Fire for Wells Notice Abuse as It Hunts Robinhood

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Grace Abidemi

Grace Abidemi, a cryptocurrency reporter at DailyCoin, covers industry developments and trends. She previously worked as a freelance writer. With a Bachelor's degree in German Language and certifications in marketing and storytelling, Grace creates engaging content. When not working, she's in Nigeria, mastering cooking and canvas painting, and enjoys learning about different cultures and languages.