In December 2022, the assets were taken through an exploit of the decentralized exchange Raydium.
CertiK stated on January 19 that an Ethereum address associated with a Raydium attack laundered $2.7 million in ether (ETH) using Tornado Cash.
In December, a hacker stole approximately $4.4 million in various assets from Raydium, a decentralized exchange based on the Solana blockchain. After obtaining the admin account keys that powered Raydium’s smart contracts, the hacker was able to extract liquidity pool (LP) tokens into their possession. The hacker then transferred the stolen cash to Ethereum.
After more than a month, an address identified by Etherscan as Raydium’s exploiter moved $2.7 million in stolen funds to Tornado Cash. Because Tornado Cash conceals the transaction history, hackers often use it to launder stolen funds.
Since last year, Tornado Cash has been in the limelight for being sanctioned by the Office of Foreign Assets Control of the U.S. Treasury Department. Given the app’s potential for money laundering, all US-based persons and organizations are forbidden from communicating with it after the imposition of sanctions.
Even after the penalties were announced, hackers of decentralized financial systems continued to exploit Tornado Cash extensively.