TempleDAO Hacked Funds Deposited to Tornado Cash
The TempleDAO exploiter transferred stolen funds to the privacy protocol’s smart contract, according to Etherscan data
- Hack amounted to 4% of TempleDAO’s assets
- Tornado Cash is a sanctioned entity in the US, meaning individuals there are prohibited from dealing with the mixer
A hacker who exploited DeFi protocol TempleDAO used sanctioned crypto mixer Tornado Cash to move their stolen funds.
Etherscan data shows about the same amount of ether was transferred from the hacker’s identified address to a Tornado Cash router on Sunday. The move will obfuscate the destination of the stolen funds. The protocol’s immutable smart contracts are capable of providing privacy for criminals as well as lawful users.
Blockchain investigator PeckShield first noted the exploiter’s use of the crypto mixer.
The transfers began with 0.1 ether, followed within minutes by multiple other transactions worth 100 ether each.
Tornado Cash acts as a cryptoasset mixer, making it extremely difficult to trace precisely the origin of funds withdrawn. It was added to the US Treasury’s sanctioned list of “Specially Designated Individuals” in August, prohibiting people in the country from dealing with the service.
The Treasury’s primary concern was the mixer’s role in laundering over $455 million worth of cryptoassets stolen by the North Korean hacking group Lazarus.
Before TempleDAO’s exploit, the protocol’s total value locked stood at about $57 million, according to DeFiLlama. The attack amounted to about 4% of its assets. Security firm BlockSec said the root cause behind it was insufficient access control to a specific function in the affiliated Stax Finance smart contract.
October marks the highest value of crypto hacked all year
October has so far turned out to be a record month for hacking activity, with stolen funds amounting to $718 million across 11 different DeFi protocols, according to Chainalysis.
Don’t miss the next big story – join our free daily newsletter.