TempleDAO Hacked Funds Deposited to Tornado Cash

The TempleDAO exploiter transferred stolen funds to the privacy protocol’s smart contract, according to Etherscan data

article-image

Source: DALL·E

share

key takeaways

  • Hack amounted to 4% of TempleDAO’s assets
  • Tornado Cash is a sanctioned entity in the US, meaning individuals there are prohibited from dealing with the mixer

A hacker who exploited DeFi protocol TempleDAO used sanctioned crypto mixer Tornado Cash to move their stolen funds.

Earlier this month, the yield-farming protocol was exploited for 1,831 ETH (around $2.34 million). All funds were moved to a new wallet

Etherscan data shows about the same amount of ether was transferred from the hacker’s identified address to a Tornado Cash router on Sunday. The move will obfuscate the destination of the stolen funds. The protocol’s immutable smart contracts are capable of providing privacy for criminals as well as lawful users.

Blockchain investigator PeckShield first noted the exploiter’s use of the crypto mixer.

Loading Tweet..

The transfers began with 0.1 ether, followed within minutes by multiple other transactions worth 100 ether each.

Tornado Cash acts as a cryptoasset mixer, making it extremely difficult to trace precisely the origin of funds withdrawn. It was added to the US Treasury’s sanctioned list of “Specially Designated Individuals” in August, prohibiting people in the country from dealing with the service. 

The Treasury’s primary concern was the mixer’s role in laundering over $455 million worth of cryptoassets stolen by the North Korean hacking group Lazarus. 

Before TempleDAO’s exploit, the protocol’s total value locked stood at about $57 million, according to DeFiLlama. The attack amounted to about 4% of its assets. Security firm BlockSec said the root cause behind it was insufficient access control to a specific function in the affiliated Stax Finance smart contract. 

October marks the highest value of crypto hacked all year

October has so far turned out to be a record month for hacking activity, with stolen funds amounting to $718 million across 11 different DeFi protocols, according to Chainalysis.

The $100 million exploit of Binance’s BNB chain and the $112 million extracted from Mango Markets took place in the last two weeks  — and the month is only half over.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research Report Templates.png

Research

ZKPs enable efficient offchain transaction processing and validation, resulting in increased throughput and reduced fees. Solana's ZK Compression leverages ZKPs to minimize onchain storage costs, while Sui's zkLogin streamlines user onboarding by replacing complex key management with familiar OAuth credentials.

article-image

StarkWare takes a step towards making StarkNet for Bitcoin

article-image

The numbers point to one conclusion: Risk is back, or at least it was during the first half of the year

article-image

Plus, Solana’s latest advertising attempt

article-image

“OpenFi” aims to unbundle to take the “account” out of bank account

article-image

And a look into the newest name on the Trump ticket: Sen. JD Vance